Thread: Malware Possibly...Need Help.
View Single Post
Old 06-25-2007, 04:14 PM   #6 (permalink)
Sillybear
Registered User
 
Join Date: Jun 2007
Posts: 6
OS: XP


Re: Malware Possibly...Need Help.
Here are the 3 things you asked for. (:

1. HiJackScan:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 3:09:08 PM, on 6/25/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Winamp\winamp.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis_v2.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

--
End of file - 5625 bytes

2. Online Scan
Monday, June 25, 2007 3:08:31 PM
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 25/06/2007
Kaspersky Anti-Virus database records: 352112
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 52205
Number of viruses found 25
Number of infected objects 189 / 0
Number of suspicious objects 0
Duration of the scan process 00:35:54

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m7iebft0.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m7iebft0.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m7iebft0.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m7iebft0.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m7iebft0.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\m7iebft0.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Desktop\backups\backup-20070625-030013-177.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\Administrator\Desktop\backups\backup-20070625-030013-284.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\Administrator\Desktop\backups\backup-20070625-030013-461.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\Administrator\Desktop\backups\backup-20070625-030013-517.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\Administrator\Desktop\backups\backup-20070625-030013-661.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\Administrator\Desktop\backups\backup-20070625-030013-668.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\Administrator\Desktop\backups\backup-20070625-030013-750.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\Administrator\Desktop\backups\backup-20070625-030013-913.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\Administrator\Desktop\backups\backup-20070625-030013-971.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7iebft0.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7iebft0.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7iebft0.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\m7iebft0.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007062520070626\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~ROMFN_00000A34 Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\QooBox\Quarantine\C\DOCUME~1\ADMINI~1\MYDOCU~1\FNTS~1\mѕdtc.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\QooBox\Quarantine\C\Program Files\CURITY~1\ѕνchost.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\FNTS~1\chkdsk.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.dx skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hcaxgwb.dll.vir Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ibfbokf.dll.vir Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iusr.exe.vir Infected: Backdoor.Win32.Rbot.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\xhfuvlg.dll.vir Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/airanri.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/mikjgzl.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/wevjvfl.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/mvyjgd.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/zthocvj.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/akxsurc.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/dnpvjt.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/dnuetgf.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/rrextmj.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/vihzrei.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/kpwmxpg.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/kjrrfig.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/cfiwaml.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip/hcaxgwb.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\QooBox\Quarantine\catchme2007-06-25_ 30904.76.zip ZIP: infected - 14 skipped
C:\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP106\A0019216.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP106\A0019217.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP106\A0019218.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP106\A0019219.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP106\A0019220.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP106\A0019221.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP106\A0019222.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP106\A0019223.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kg skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP106\A0019402.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP106\A0019404.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP108\A0019492.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP110\A0019590.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP110\A0020669.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP110\A0020670.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP111\A0020724.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP111\A0020732.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP113\A0020873.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP114\A0021732.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP114\A0021733.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP114\A0021741.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP115\A0021792.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP115\A0021794.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP116\A0021833.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP116\A0021835.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP120\A0021959.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP120\A0021962.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP120\A0021962.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP120\A0021962.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP120\A0021973.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP122\A0022022.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP122\A0022023.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP122\A0022024.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP122\A0022025.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP122\A0022026.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022230.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022231.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022232.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022233.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022234.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022235.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022236.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022237.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022238.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022239.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022240.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022241.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022242.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022243.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022244.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022245.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022246.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022247.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022248.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022249.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022250.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022251.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022252.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022253.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022254.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022255.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022256.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022257.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022258.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022259.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022260.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022261.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022262.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022263.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022264.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022265.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022266.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022267.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022268.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022269.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022270.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022271.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022272.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022273.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022274.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022275.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022276.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022277.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022278.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022279.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022280.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022281.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022282.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022283.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022284.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022293.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022294.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022367.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022369.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022370.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022372.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022373.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022375.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022377.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022378.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022379.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\A0022380.exe Infected: Backdoor.Win32.Rbot.gen skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP123\change.log Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP42\A0003551.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.5000 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP42\A0003553.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP42\A0004544.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP42\A0004545.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP42\A0004546.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP42\A0004547.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP42\A0004548.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0004654.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0004656.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0004657.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0004658.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0004658.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0004658.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0004658.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0004658.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0004658.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0004663.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0005672.exe Infected: not-a-virus:RiskTool.Win32.Starter.a skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0005684.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0005684.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\A0005684.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\snapshot\MFEX-1.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\snapshot\MFEX-2.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP43\snapshot\MFEX-3.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP45\A0005741.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP46\A0006844.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP46\A0006845.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP46\A0006847.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP46\A0006853.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP46\A0006854.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP46\A0006856.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP46\A0006857.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP51\A0011072.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP51\A0011073.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP51\A0011088.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP51\A0011098.exe Infected: not-a-virus:RiskTool.Win32.Starter.a skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP51\A0011101.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP51\A0011102.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP55\A0014160.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP55\A0014161.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP55\A0014197.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP55\A0014198.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP55\A0014199.exe Infected: not-a-virus:RiskTool.Win32.Starter.a skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP55\A0014202.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP57\A0015251.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP58\A0015295.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP59\A0015320.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP60\A0015354.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP61\A0016200.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP61\A0016201.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP61\A0016201.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP61\A0016201.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP62\A0016241.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP62\A0016241.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP62\A0016241.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP62\A0016241.exe PE_Patch.UPX: infected - 2 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP62\A0016246.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP67\A0016321.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP68\A0016489.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP68\A0016490.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP68\A0016491.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP68\A0016492.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP68\A0016507.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ir skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP71\A0016570.exe Infected: not-a-virus:RiskTool.Win32.Starter.a skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP71\A0016573.dll Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016592.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016643.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016644.exe/data.rar/cxss.exe Infected: Backdoor.Win32.Iroffer.s skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016644.exe/data.rar Infected: Backdoor.Win32.Iroffer.s skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016644.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016645.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016646.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016647.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016648.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016649.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ig skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016650.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016651.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016652.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016654.exe/SkuZ.exe Infected: Backdoor.Win32.Rbot.gen skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016654.exe nBinder 5.0: infected - 1 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016655.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016656.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016657.exe/data.rar/hiderun.exe Infected: not-a-virus:RiskTool.Win32.HideRun skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016657.exe/data.rar/TPSrv.exe Infected: Backdoor.Win32.Iroffer.ab skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016657.exe/data.rar/svchost.exe Infected: Backdoor.Win32.ServU-based skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016657.exe/data.rar Infected: Backdoor.Win32.ServU-based skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016657.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016658.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016659.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016660.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016661.exe/data.rar/cxss.exe Infected: Backdoor.Win32.Iroffer.s skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016661.exe/data.rar Infected: Backdoor.Win32.Iroffer.s skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016661.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016662.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016663.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016664.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016667.exe/SkuZ.exe Infected: Backdoor.Win32.Rbot.gen skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016667.exe nBinder 5.0: infected - 1 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016668.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP72\A0016671.exe Object is locked skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP87\A0018600.exe Infected: not-a-virus:AdWare.Win32.PurityScan.fn skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP87\A0018601.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP87\A0018601.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP87\A0018601.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP93\A0018720.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP95\A0018813.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\System Volume Information\_restore{22D6DAFA-F64C-4447-B3F2-1A0EEEC46CA9}\RP97\A0018927.exe Infected: not-a-virus:RiskTool.Win32.HideRun skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
Scan process completed.


3. Combo Fix's Log
File::
C:\WINDOWS\system32\fuliqlwc.exe
C:\WINDOWS\system32\utstv.ini2
C:\WINDOWS\system32\utstv.bak1
C:\WINDOWS\system32\utstv.bak2
C:\WINDOWS\system32\hjllm.bak2
C:\WINDOWS\system32\hjllm.bak1
C:\DOCUME~1\ALLUSE~1\APPLIC~1\bwtwhehq.exe
C:\WINDOWS\system32\wtssu32.exe
C:\WINDOWS\system32\airanri.dll
C:\WINDOWS\system32\mikjgzl.dll
C:\WINDOWS\system32\wevjvfl.dll
C:\WINDOWS\system32\mvyjgd.dll
C:\WINDOWS\system32\zthocvj.dll
C:\WINDOWS\system32\akxsurc.dll
C:\WINDOWS\system32\ccc3.dll
C:\WINDOWS\system32\dnpvjt.dll
C:\WINDOWS\system32\dnuetgf.dll
C:\WINDOWS\system32\rrextmj.dll
C:\WINDOWS\system32\vihzrei.dll
C:\WINDOWS\system32\kpwmxpg.dll
C:\WINDOWS\system32\kjrrfig.dll
C:\WINDOWS\system32\cfiwaml.dll
C:\WINDOWS\system32\hcaxgwb.dll
C:\WINDOWS\system32\xhfuvlg.dll
C:\WINDOWS\system32\ibfbokf.dll
C:\WINDOWS\system32\iusr.exe
Folder::
C:\WINDOWS\QW50aG9ueQ
Driver::
DisplayController
EthernetController
Packets
updates
vwsrv
Registry::
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{2f65a514-189d-099f-7e64-0753c0249f1f}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{3a4260b3-4f1f-c099-60ce-04de2e75a91a}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{504cb3e8-0548-3dd7-fbcc-094e5fe15f87}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{51f5b6da-f1bf-89c4-05f2-08c3e2c17b29}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{5c2154cf-76de-effe-1918-094d7e5c6999}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{5d1e3438-27d5-40b1-97d6-4f3b6001b3e4}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{5d87f288-16b3-e4a5-b4c7-03f7f3783e05}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{6e30f392-dc09-3a7c-3331-02eeec294cb0}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{6f43f6ca-4098-ca81-804e-0a9889d05a25}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{70752d09-9239-8050-bb7b-00b06ef19ca5}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{73e0ddc2-a93a-4d64-97b5-646627f61dd2}]
[-hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{e91828d9-074e-4fca-961c-56cacdfcf363}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KernelFaultCheck"=-
"2chkdsk"=-
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Microsoft"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljkigd]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlljh]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtstu]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrge32]


I didn't experience any problems at all, you give a great tutorial. Tell me if there's anything else I need to do.
Sillybear is offline