Virus/Spyware help

AngelWest · 09-27-2009, 11:00 AM

I would appreciate it if someone could give me advice on how to disinfect/clean my computer of viruses, spyware, etc. and protect it against future infections.

I did originally have McAfee but had problems renewing my subscription and, unfortunately, decided to let me computer go unprotected. As a result, I've noticed the following problems: my computer is sluggish, when I attempt to open my C drive it activates a copy.exe, most recently (and most annoying), thefeedonline.com among others hijacks my browser constantly.

I ran a few free virus scans but probably only made the problem worse so I restored my system to its settings pre-scan. Tha said, I couldn't resist running WindowsLive One Care again before following the "First Steps" instructions. The following is a list of problems/viruses found by the previous virus scans:
Using WindowsLive One Care
Backdoor:Win32/Agent.FD
Backdoor:Win32/Small.PV
Trojan:Win32/Conhook.D
Trojan:Win32/Hiloti.gen!A
Trojan:Win32/Opachki.A
Trojan:Win32/Tibs.gen!O
Trojan:Win32/Vundo
Trojan:Win32/Vundo.D
Trojan:Win32/Vundo.JD.dll
Trojan:Win32/Vundo.gen!A
Trojan:Win32/Vundo.gen!B
Trojan:Win32/Vundo.gen!C
Trojan:Win32/Vundo.gen!Y
TrojanDownloader:Win32/Bredolab.B
TrojanDownloader:Win32/Conhook.AG
TrojanDropper:Win32/Litis.A
Worm:Win32/Perlovga.A
Worm:Win32/Perlovga.B
Worm:Win32/Perlovga.dr
Trojan:Win32/FakeSpypro
TrojanDownloader.JS/Ren
TrojanDownloader:Win32/Renos.IS
Using HouseCall
TROJ_VUNDO.FMS
Cryp_Vundo-18
TROJ_VUNDO.PLM
TROJ_RENOS.BHX
FREELOADER_DRIVECLEANER
ADWARE_VIRTUMUNDO

Here is the text of DDS.txt:

DDS (Ver_09-09-24.01) - NTFSx86
Run by Owner at 10:53:29,44 on 27/09/2009
Internet Explorer: 7.0.5730.11

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.hotmail.com/
uWindows: load=c:\windows\svchost.exe
BHO: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\yaywuvTJ.dll
BHO: {b537f1e6-a7bd-dfa9-dd64-c7b65c69fb77}: {77bf96c5-6b7c-46dd-9afd-db7a6e1f735b} - c:\windows\system32\khmbmd.dll
BHO: {db3106d0-7f6e-4850-8da3-d32ef8a561d2} - c:\windows\system32\zizesabo.dll
BHO: {fed2c47c-21a7-4b5d-9136-b0a759b6a1cb} - c:\windows\system32\fccaXQhf.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [<NO NAME>]
uRun: [SVCHOST.EXE] c:\windows\system32\drivers\svchost.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [calc] rundll32.exe c:\docume~1\owner\protect.dll,_IWMPEvents@0
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Myazofivutamuxud] rundll32.exe "c:\windows\Fviwe.dll",e
mRun: [Ugafafojuf] rundll32.exe "c:\windows\eximatumoyes.dll",e
mRun: [calc] rundll32.exe c:\windows\system32\calc.dll,_IWMPEvents@0
mRun: [karazudube] Rundll32.exe "c:\windows\system32\wogirubi.dll",s
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
IE: &AOL Toolbar search
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: yahoo.com\music
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6796.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: yaywuvTJ - yaywuvTJ.dll
AppInit_DLLs: c:\windows\system32\fuduyefi.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: {6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} - c:\windows\system32\yaywuvTJ.dll
SEH: {4a39dd00-1fc4-bcb8-5624-4ff32b6e7e5d}: {d5e7e6b2-3ff4-4265-8bcb-4cf100dd93a4} - c:\windows\system32\khmbmd.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, digeste.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\fccaXQhf
LSA: Notification Packages = scecli c:\windows\system32\fuduyefi.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\11mxpkaw.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {B5666BB1-0475-47EF-BE4A-7169C9AA9183} - c:\documents and settings\owner\local settings\application data\{B5666BB1-0475-47EF-BE4A-7169C9AA9183}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2009-09-26 20:24 <DIR> --d----- c:\windows\system32\wbem\Repository
2009-09-26 20:23 <DIR> --d----- c:\program files\Veoh Networks
2009-09-26 16:28 <DIR> --d----- c:\documents and settings\owner\.housecall6(2).6
2009-09-26 14:47 <DIR> --d----- c:\program files\Trend Micro
2009-09-26 11:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-09-24 21:20 1,024,004 a------- c:\windows\system32\commonpriv.log.1
2009-09-24 21:20 0 a------- c:\windows\system32\commonpriv.log.lock
2009-09-24 21:02 <DIR> --d----- c:\windows\system32\drivers\Avg(2)
2009-09-24 13:54 <DIR> --d----- c:\windows\McAfee.com
2009-09-24 12:54 143 a------- c:\windows\system32\mcrh.tmp
2009-09-23 21:34 120,832 a------- c:\windows\system32\khmbmd.dll
2009-09-23 21:34 120,832 a------- c:\windows\system32\fbbsopvk.dll
2009-09-23 21:28 120,832 a------- c:\windows\system32\kwcamz.dll
2009-09-23 21:28 120,832 a------- c:\windows\system32\kaiqvhyn.dll
2009-09-23 20:28 120,832 a------- c:\windows\system32\ntbtjjly.dll
2009-09-23 20:28 120,832 a------- c:\windows\system32\dgarew.dll
2009-09-23 20:25 120,832 a------- c:\windows\system32\jitwdd.dll
2009-09-23 20:25 120,832 a------- c:\windows\system32\dvbvpgpk.dll
2009-09-23 19:28 120,832 a------- c:\windows\system32\tcbmun.dll
2009-09-23 19:28 120,832 a------- c:\windows\system32\qbsbaxgv.dll
2009-09-23 19:23 120,832 a------- c:\windows\system32\qdrhcx.dll
2009-09-23 19:23 120,832 a------- c:\windows\system32\ndqgermi.dll
2009-09-23 19:22 120,832 a------- c:\windows\system32\xtdost.dll
2009-09-23 19:22 120,832 a------- c:\windows\system32\xjvpuyjv.dll
2009-09-22 12:20 22,528 a--sh--- c:\documents and settings\owner\protect.dll
2009-09-22 12:20 22,528 -------- c:\windows\system32\calc.dll
2009-09-19 16:12 120,832 a------- c:\windows\system32\qnpzvk.dll
2009-09-19 16:12 120,832 a------- c:\windows\system32\pwfuskkx.dll
2009-09-19 16:06 120,832 a------- c:\windows\system32\fofebo.dll
2009-09-19 16:06 120,832 a------- c:\windows\system32\onbblluq.dll
2009-09-19 14:59 120,832 a------- c:\windows\system32\knrebl.dll
2009-09-19 14:59 120,832 a------- c:\windows\system32\plgmqdmm.dll
2009-09-19 14:53 120,832 a------- c:\windows\system32\qnxsxh.dll
2009-09-19 14:53 120,832 a------- c:\windows\system32\qtjtsbnl.dll
2009-09-19 13:50 120,832 a------- c:\windows\system32\eilzib.dll
2009-09-19 13:50 120,832 a------- c:\windows\system32\qfetquaq.dll
2009-09-19 13:48 120,832 a------- c:\windows\system32\iyxptt.dll
2009-09-19 13:48 120,832 a------- c:\windows\system32\oacayenc.dll
2009-09-19 12:47 120,832 a------- c:\windows\system32\uiolep.dll
2009-09-19 12:47 120,832 a------- c:\windows\system32\ysurmwpa.dll
2009-09-19 12:41 120,832 a------- c:\windows\system32\tjnqbo.dll
2009-09-19 12:41 120,832 a------- c:\windows\system32\okhutilk.dll
2009-09-19 11:35 120,832 a------- c:\windows\system32\xljcbg.dll
2009-09-19 11:35 120,832 a------- c:\windows\system32\ttenaons.dll
2009-09-19 11:32 120,832 a------- c:\windows\system32\zmiamx.dll
2009-09-19 11:32 120,832 a------- c:\windows\system32\ibkbvvwb.dll
2009-09-19 10:29 120,832 a------- c:\windows\system32\mohgim.dll
2009-09-19 10:29 120,832 a------- c:\windows\system32\xinnyudl.dll
2009-09-19 09:26 120,832 a------- c:\windows\system32\knixfc.dll
2009-09-19 09:26 120,832 a------- c:\windows\system32\pliuguxb.dll
2009-09-19 09:23 120,832 a------- c:\windows\system32\fdpfus.dll
2009-09-19 09:23 120,832 a------- c:\windows\system32\kknusntc.dll
2009-09-19 08:20 120,832 a------- c:\windows\system32\vzfrvx.dll
2009-09-19 08:20 120,832 a------- c:\windows\system32\ocnpxoci.dll
2009-09-19 08:17 120,832 a------- c:\windows\system32\ulcpxq.dll
2009-09-19 08:17 120,832 a------- c:\windows\system32\lhmplskb.dll
2009-09-19 07:17 120,832 a------- c:\windows\system32\ucevuc.dll
2009-09-19 07:17 120,832 a------- c:\windows\system32\omwltemm.dll
2009-09-19 06:14 120,832 a------- c:\windows\system32\myrdjc.dll
2009-09-19 06:14 120,832 a------- c:\windows\system32\peadrrcm.dll
2009-09-19 05:08 120,832 a------- c:\windows\system32\eknubz.dll
2009-09-19 05:08 120,832 a------- c:\windows\system32\lubtysiy.dll
2009-09-19 05:02 120,832 a------- c:\windows\system32\jmfufu.dll
2009-09-19 05:02 120,832 a------- c:\windows\system32\mbitcbto.dll
2009-09-19 04:02 120,832 a------- c:\windows\system32\wmdreh.dll
2009-09-19 04:02 120,832 a------- c:\windows\system32\rasbdlai.dll
2009-09-19 03:59 120,832 a------- c:\windows\system32\evhilb.dll
2009-09-19 03:59 120,832 a------- c:\windows\system32\qijxrhpi.dll
2009-09-19 02:56 120,832 a------- c:\windows\system32\heiokmrr.dll
2009-09-19 02:56 120,832 a------- c:\windows\system32\dzjmeo.dll
2009-09-19 02:53 120,832 a------- c:\windows\system32\pjpheg.dll
2009-09-19 02:53 120,832 a------- c:\windows\system32\siayprog.dll
2009-09-19 01:53 120,832 a------- c:\windows\system32\sviyhs.dll
2009-09-19 01:53 120,832 a------- c:\windows\system32\qotnvdcm.dll
2009-09-19 00:47 120,832 a------- c:\windows\system32\xtdkoq.dll
2009-09-19 00:47 120,832 a------- c:\windows\system32\ugnqqrfd.dll
2009-09-19 00:44 120,832 a------- c:\windows\system32\vlcwzw.dll
2009-09-19 00:44 120,832 a------- c:\windows\system32\krrasmyf.dll
2009-09-18 23:41 120,832 a------- c:\windows\system32\rnikwk.dll
2009-09-18 23:41 120,832 a------- c:\windows\system32\xihspxyo.dll
2009-09-18 22:41 120,832 a------- c:\windows\system32\vbiymb.dll
2009-09-18 22:41 120,832 a------- c:\windows\system32\skuqdluh.dll
2009-09-18 22:32 120,832 a------- c:\windows\system32\nbbffbjg.dll
2009-09-18 22:32 120,832 a------- c:\windows\system32\igvwnt.dll
2009-09-18 21:32 120,832 a------- c:\windows\system32\qokhatsj.dll
2009-09-18 21:32 120,832 a------- c:\windows\system32\phojps.dll
2009-09-18 21:30 120,832 a------- c:\windows\system32\uxgsds.dll
2009-09-18 21:29 120,832 a------- c:\windows\system32\drwleuly.dll
2009-09-18 20:29 120,832 a------- c:\windows\system32\ogpmeu.dll
2009-09-18 20:29 120,832 a------- c:\windows\system32\iujhynln.dll
2009-09-18 20:25 120,832 a------- c:\windows\system32\oxfyuo.dll
2009-09-18 20:25 120,832 a------- c:\windows\system32\xtkdwmoh.dll
2009-09-18 20:20 120,832 a------- c:\windows\system32\mgjvmf.dll
2009-09-18 20:19 120,832 a------- c:\windows\system32\bgghaxka.dll
2009-09-18 20:16 120,832 a------- c:\windows\system32\bnoyxj.dll
2009-09-18 20:16 120,832 a------- c:\windows\system32\nwhfobcn.dll
2009-09-18 19:15 120,832 a------- c:\windows\system32\ahytdy.dll
2009-09-18 19:15 120,832 a------- c:\windows\system32\gsowlsii.dll
2009-09-18 19:10 120,832 a------- c:\windows\system32\rthyzr.dll
2009-09-18 19:09 120,832 a------- c:\windows\system32\ljnnrwup.dll
2009-09-18 19:02 120,832 a------- c:\windows\system32\jfzazd.dll
2009-09-18 19:02 120,832 a------- c:\windows\system32\cjgpoxvh.dll
2009-09-18 18:00 120,832 a------- c:\windows\system32\miqejg.dll
2009-09-18 17:59 120,832 a------- c:\windows\system32\ftsoywuw.dll
2009-09-18 17:54 120,832 a------- c:\windows\system32\momvnf.dll
2009-09-18 17:54 120,832 a------- c:\windows\system32\wanqepal.dll
2009-09-18 16:54 120,832 a------- c:\windows\system32\lnalvz.dll
2009-09-18 16:53 120,832 a------- c:\windows\system32\maumnsno.dll
2009-09-18 16:47 120,832 a------- c:\windows\system32\holhfi.dll
2009-09-18 16:47 120,832 a------- c:\windows\system32\wvlptdsj.dll
2009-09-18 16:41 120,832 a------- c:\windows\system32\kxmsvb.dll
2009-09-18 16:41 120,832 a------- c:\windows\system32\nkwqgjbf.dll
2009-09-18 15:39 120,832 a------- c:\windows\system32\dusrwz.dll
2009-09-18 15:39 120,832 a------- c:\windows\system32\geogkqpr.dll
2009-09-18 15:31 120,832 a------- c:\windows\system32\bgokiv.dll
2009-09-18 15:30 120,832 a------- c:\windows\system32\mcaqtwey.dll
2009-09-18 14:27 120,832 a------- c:\windows\system32\jqxful.dll
2009-09-18 14:27 120,832 a------- c:\windows\system32\spsatpgc.dll
2009-09-18 14:24 120,832 a------- c:\windows\system32\rndqis.dll
2009-09-18 14:24 120,832 a------- c:\windows\system32\waltastu.dll
2009-09-18 13:24 120,832 a------- c:\windows\system32\xecjqn.dll
2009-09-18 13:24 120,832 a------- c:\windows\system32\yrcwpjwr.dll
2009-09-18 13:17 120,832 a------- c:\windows\system32\pwavhc.dll
2009-09-18 13:17 120,832 a------- c:\windows\system32\hjdafrpc.dll
2009-09-18 12:13 120,832 a------- c:\windows\system32\vrvsgw.dll
2009-09-18 12:13 120,832 a------- c:\windows\system32\twetncfl.dll
2009-09-18 12:10 120,832 a------- c:\windows\system32\ofpbyu.dll
2009-09-18 12:10 120,832 a------- c:\windows\system32\buhqqclt.dll
2009-09-18 12:07 120,832 a------- c:\windows\system32\yozhjr.dll
2009-09-18 12:07 120,832 a------- c:\windows\system32\dbcjxghm.dll
2009-09-18 11:05 120,832 a------- c:\windows\system32\nuytsa.dll
2009-09-18 11:05 120,832 a------- c:\windows\system32\cyuaqxih.dll
2009-09-18 11:00 120,832 a------- c:\windows\system32\saspgn.dll
2009-09-18 11:00 120,832 a------- c:\windows\system32\iliviqif.dll
2009-09-18 10:58 120,832 a------- c:\windows\system32\ozmmos.dll
2009-09-18 10:58 120,832 a------- c:\windows\system32\bsiqtkgq.dll
2009-09-10 10:26 180,224 -------- c:\windows\system32\lsp.dll
2009-09-10 10:15 <DIR> --d----- c:\program files\cggjqi

==================== Find3M ====================

2009-09-25 03:56 1,211 a--shr-- C:\copy.exe
2009-09-25 03:56 70,207 a--shr-- C:\host.exe
2009-09-25 03:54 129,024 a------- c:\windows\system32\fcnvkw.dll
2009-09-25 03:53 129,024 a------- c:\windows\system32\lirpqp.dll
2009-09-25 03:52 129,024 a------- c:\windows\system32\tpffisrs.dll
2009-09-25 03:51 129,024 a------- c:\windows\system32\yldggl.dll
2009-09-25 03:51 129,024 a------- c:\windows\system32\yspiyvyg.dll
2009-09-25 03:51 129,024 a------- c:\windows\system32\zgnmtv.dll
2009-09-25 03:51 22,528 a------- c:\windows\system32\~.exe
2009-09-23 17:03 24,663 ac------ c:\windows\Sysvxd.exe
2008-11-19 20:42 30,376 ac------ c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2009-05-13 04:39 2,713 ac-sh--- c:\windows\system32\gizokoro.exe
2009-01-12 02:02 32,768 ac-sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009011220090113\index.dat

============= FINISH: 10:58:06,59 ===============

Attach/ark.txt are attached.

Thanks!

**chemist** · 09-29-2009, 02:38 PM

Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Please visit this webpage for download links, and instructions for running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Please post the C:\ComboFix.txt in your next reply for further review.

------------------------------------------------------

AngelWest · 09-29-2009, 06:52 PM

I ran ComboFix and it produced the attached log file ComboFixLog. As the Recovery Console was not installed, I followed bleepercomputer's instructions for manual installation and ComboFix then ran again and produced the attached log file ComboFixLog2.

I'll await your next instructions. Thanks so much for your help, chemist!

ComboFix 09-09-28.01 - Owner 29/09/2009 19:57.2.1 - NTFSx86
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\protect.dll
c:\windows\Fviwe.dll

.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 )))))))))))))))))))))))))))))))
.

2009-09-28 01:41 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-27 00:24 . 2009-09-27 00:24 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-27 00:23 . 2009-09-27 00:23 -------- d-----w- c:\program files\Veoh Networks
2009-09-27 00:20 . 2009-09-27 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-26 20:28 . 2009-09-27 00:11 -------- d-----w- c:\documents and settings\Owner\.housecall6(2).6
2009-09-26 18:47 . 2009-09-27 00:12 -------- d-----w- c:\program files\Trend Micro
2009-09-26 15:34 . 2009-09-27 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-25 16:34 . 2009-09-25 16:34 -------- d-----w- c:\program files\Java
2009-09-25 03:19 . 2009-09-27 14:35 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-25 01:02 . 2009-09-26 01:11 -------- d-----w- c:\windows\system32\drivers\Avg(2)
2009-09-24 17:54 . 2009-09-24 17:54 -------- d-----w- c:\windows\McAfee.com
2009-09-24 17:26 . 2009-09-24 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-22 16:20 . 2009-09-22 16:33 22528 ----a-w- c:\windows\system32\calc.dll
2009-09-10 14:15 . 2009-09-27 14:40 -------- d-----w- c:\program files\cggjqi

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 00:15 . 2009-09-30 00:15 22528 --sha-w- c:\documents and settings\Owner\protect.dll
2009-09-27 00:12 . 2004-08-10 16:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-25 07:54 . 2009-01-24 06:07 129024 ----a-w- c:\windows\system32\fcnvkw.dll
2009-09-25 07:53 . 2009-02-06 00:45 129024 ----a-w- c:\windows\system32\lirpqp.dll
2009-09-25 07:52 . 2009-01-16 05:40 129024 ----a-w- c:\windows\system32\tpffisrs.dll
2009-09-25 07:51 . 2009-01-25 06:10 129024 ----a-w- c:\windows\system32\yldggl.dll
2009-09-25 07:51 . 2009-02-20 02:45 129024 ----a-w- c:\windows\system32\yspiyvyg.dll
2009-09-25 07:51 . 2009-01-22 06:02 129024 ----a-w- c:\windows\system32\zgnmtv.dll
2009-09-24 20:17 . 2007-04-14 08:05 -------- d-----w- c:\program files\DivX
2006-10-11 08:04 . 2008-03-04 21:17 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-03-04 21:17 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-03-04 21:17 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-03-04 21:17 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-03-04 21:17 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-05-13 08:39 . 2009-05-13 08:39 2713 -csha-w- c:\windows\system32\gizokoro.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 3587120]
"calc"="c:\docume~1\Owner\protect.dll" [2009-09-30 22528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-08-30 98304]
"calc"="c:\windows\system32\calc.dll" [2009-09-22 22528]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
scandisk.dll [2009-9-25 22528]
scandisk.lnk - c:\windows\system32\rundll32.exe [2001-8-18 33280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wireless-G Notebook Adapter Utility.lnk - c:\program files\Linksys\Wireless-G Notebook Adapter\Startup.exe [2006-5-21 24576]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

S3 TNET1130x;Wireless-G Notebook Adapter v.2.0;c:\windows\system32\DRIVERS\tnet1130x.sys [2004-03-10 385536]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
IE: &AOL Toolbar search
Trusted Zone: hotmail.com\www
Trusted Zone: hulu.com\www
Trusted Zone: live.com\co106w.col106.mail
Trusted Zone: live.com\login
Trusted Zone: live.com\mail
Trusted Zone: live.com\onecare
Trusted Zone: megavideo.com\www
Trusted Zone: sidereel.com\www
Trusted Zone: yahoo.com\music
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\11mxpkaw.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - HiddenExtension: XUL Cache: {B5666BB1-0475-47EF-BE4A-7169C9AA9183} - c:\documents and settings\Owner\Local Settings\Application Data\{B5666BB1-0475-47EF-BE4A-7169C9AA9183}
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Myazofivutamuxud - c:\windows\Fviwe.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 20:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\program files\Funk Software\Odyssey Client\odLogin.dll

- - - - - - - > 'explorer.exe'(1612)
c:\windows\system32\calc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\wscntfy.exe
c:\program files\Linksys\Wireless-G Notebook Adapter\OdHost.exe
c:\program files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
.
**************************************************************************
.
Completion time: 2009-09-30 20:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-30 00:25
ComboFix2.txt 2009-09-29 23:21

Pre-Run: 7.229.374.464 bytes free
Post-Run: 7.203.672.064 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

164 --- E O F --- 2008-12-19 15:40

**chemist** · 09-29-2009, 07:08 PM

Hello AngelWest. No need to attach logs going forward. Just copy/paste them directly into the Reply to Thread window. Thanks.

Please go to: VirusTotal

On the page you'll find a Browse button.
Next to the Browse button you'll see a box to enter text.
Please copy/paste the following bolded text into the box:

c:\windows\system32\calc.dll
Then click the Send File button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analysed: click Reanalyse file now
Once scanned, copy and paste the results in your next reply.

------------------------------------------------------

AngelWest · 09-29-2009, 07:45 PM

Thanks! Here are the results:

File calc.dll_ received on 2009.09.30 01:31:13 (UTC)
Current status: finished
Result: 12/40 (30.00%)

Antivirus Version Last Update Result
AhnLab-V3 5.0.0.2 2009.09.29 -
AntiVir 7.9.1.27 2009.09.29 HEUR/Crypted
Antiy-AVL 2.0.3.7 2009.09.29 -
Authentium 5.1.2.4 2009.09.30 -
Avast 4.8.1351.0 2009.09.29 -
AVG 8.5.0.412 2009.09.29 -
BitDefender 7.2 2009.09.30 Trojan.Generic.2464968
CAT-QuickHeal 10.00 2009.09.29 Trojan.Scar.xvw
ClamAV 0.94.1 2009.09.29 -
Comodo 2469 2009.09.29 -
DrWeb 5.0.0.12182 2009.09.30 -
eSafe 7.0.17.0 2009.09.29 -
eTrust-Vet 31.6.6768 2009.09.29 -
F-Prot 4.5.1.85 2009.09.30 -
F-Secure 8.0.14470.0 2009.09.30 -
Fortinet 3.120.0.0 2009.09.29 -
GData 19 2009.09.30 Trojan.Generic.2464968
Ikarus T3.1.1.72.0 2009.09.30 Trojan.Win32.Opachki
Jiangmin 11.0.800 2009.09.27 -
K7AntiVirus 7.10.856 2009.09.29 -
Kaspersky 7.0.0.125 2009.09.30 -
McAfee 5756 2009.09.29 -
McAfee+Artemis 5756 2009.09.29 Artemis!08FA9FED6ABA
McAfee-GW-Edition 6.8.5 2009.09.29 Heuristic.LooksLike.Trojan.Scar.H
Microsoft 1.5005 2009.09.23 Trojan:Win32/Opachki.A
NOD32 4468 2009.09.29 -
Norman 6.01.09 2009.09.29 W32/Malware.IULI
nProtect 2009.1.8.0 2009.09.29 -
Panda 10.0.2.2 2009.09.29 Generic Trojan
PCTools 4.4.2.0 2009.09.29 -
Prevx 3.0 2009.09.30 Medium Risk Malware
Rising 21.49.14.00 2009.09.29 -
Sophos 4.45.0 2009.09.30 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.09.30 -
Symantec 1.4.4.12 2009.09.30 -
TheHacker 6.5.0.2.022 2009.09.30 -
TrendMicro 8.500.0.1002 2009.09.29 -
VBA32 3.12.10.11 2009.09.29 -
ViRobot 2009.9.29.1963 2009.09.29 -
VirusBuster 4.6.5.0 2009.09.29 -
Additional information
File size: 22528 bytes
MD5 : 08fa9fed6aba5e3254dad2560505c217
SHA1 : b833144e448a4469c7d5ea9c451d6500acb50407
SHA256: ae68e7bcc45a5f51076a0d34609b3dbf715daf6467538adc23ddb579471b76be
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x395B
timedatestamp.....: 0x4AB7348A (Mon Sep 21 10:08:42 2009)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3193 0x3200 6.38 eb34bd679b4997d8a233ec8637fc8b63
.rdata 0x5000 0x14DA 0x1600 6.73 7a2725fcaacaebeab513dd10d136fdfd
.data 0x7000 0x3E8 0x200 2.63 83c6ec78152a7c92b937dd2dfba401dc
.rsrc 0x8000 0x370 0x400 2.81 f972f860ad169139e5f0c61170100c8f
.reloc 0x9000 0x5BC 0x600 6.16 bca24977ce415a14dc727b1965bdafaf

( 6 imports )

> advapi32.dll: RegCloseKey, RegCreateKeyExA, RegSetValueExA
> kernel32.dll: GetProcAddress, MultiByteToWideChar, GetFileAttributesA, GetCurrentProcessId, CreateFileA, ExpandEnvironmentStringsA, CreateThread, LoadLibraryA, GetModuleHandleA, GetShortPathNameA, VirtualAllocEx, Sleep, GetSystemTime, CloseHandle, ReadFile, GetFileSize, WriteFile, SetFilePointer, GetTempFileNameA, GetTickCount, GetTempPathA, ReadProcessMemory, VirtualFreeEx, GetModuleFileNameA, WriteProcessMemory
> msvcrt.dll: free, _adjust_fdiv, _initterm, _onexit, __dllonexit, __1type_info@@UAE@XZ, fopen, fwrite, fclose, memset, strcpy, wcscmp, strcmp, strstr, malloc, memmove, realloc, strlen, __2@YAPAXI@Z, __3@YAXPAX@Z
> ole32.dll: CoInitialize, CoCreateInstance
> shell32.dll: SHGetSpecialFolderLocation, SHGetMalloc, SHGetPathFromIDListA
> user32.dll: CallNextHookEx, DispatchMessageA, MessageBoxA, TranslateMessage, GetMessageA, SetWindowsHookExA

( 1 exports )

> _CreateDva@@YGHXZ, _GetImagesFrom@@YGHPAXH@Z, _GetModuleMemopry@@YGHXZ, _LoadFileFrom@@YGHXZ, _LoadIcons@@YGHPAXH@Z, _IWMPEvents@0
TrID : File type identification
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
ssdeep: 384:lxnXzHJ5SciWmW3tS3UT2iXOOO/M1W6Vy97VFw4FI9BQD8WQQWSYLc:3nXiWmWh2iXRbWzTFOQDGAYLc
Prevx Info: http://thefeedonline.com/?do=rphp&su...D6E4005E223241
PEiD : -
packers (F-Prot): embedded
RDS : NSRL Reference Data Set
-

**chemist** · 09-29-2009, 07:52 PM

Hello again, AngelWest. What are your plans for an antivirus? I could recommend a good, free one that is light on system resources.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists:

Viewpoint Media Player<<This is considered foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". Please read here and here

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:

http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/417648-virus-spyware-help.html#post2367343

Collect::
c:\windows\system32\calc.dll
c:\windows\system32\fcnvkw.dll
c:\windows\system32\lirpqp.dll
c:\windows\system32\tpffisrs.dll
c:\windows\system32\yldggl.dll
c:\windows\system32\yspiyvyg.dll
c:\windows\system32\zgnmtv.dll
c:\windows\system32\gizokoro.exe
c:\documents and settings\Owner\Start Menu\Programs\Startup\scandisk.dll

File::
c:\documents and settings\Owner\Start Menu\Programs\Startup\scandisk.lnk

Folder::
c:\documents and settings\Owner\.housecall6(2).6\quarantine
c:\documents and settings\Owner\Local Settings\Application Data\{B5666BB1-0475-47EF-BE4A-7169C9AA9183}

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001

DirLook::
c:\program files\cggjqi

Save this Notepad file as CFScript.txt to your Desktop and then close the file.

Referring to the picture above, drag CFScript onto ComboFix

If you are prompted to update ComboFix and have an internet connection, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

------------------------------------------------------

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.

If you do not get a message box, please do the following:

There should be a file named [4]-Submit_date@time.zip with today's date, located here:

C:\QooBox\Quarantine\[4]-Submit_date@time.zip

Using the 'Browse' button, please submit it to this site ==> http://www.bleepingcomputer.com/subm....php?channel=4

Please let me know if you successfully submitted the file. Thanks.

------------------------------------------------------

AngelWest · 09-29-2009, 08:53 PM

Please do recommend an antivirus!

I was able to submit the file after running CF.

Here's the latest log:

ComboFix 09-09-28.01 - Owner 29/09/2009 22:15.3.1 - NTFSx86
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\Owner\Start Menu\Programs\Startup\scandisk.lnk"

file zipped: c:\documents and settings\Owner\Start Menu\Programs\Startup\scandisk.dll
file zipped: c:\windows\system32\calc.dll
file zipped: c:\windows\system32\fcnvkw.dll
file zipped: c:\windows\system32\gizokoro.exe
file zipped: c:\windows\system32\lirpqp.dll
file zipped: c:\windows\system32\tpffisrs.dll
file zipped: c:\windows\system32\yldggl.dll
file zipped: c:\windows\system32\yspiyvyg.dll
file zipped: c:\windows\system32\zgnmtv.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\.housecall6(2).6\quarantine
c:\documents and settings\Owner\Local Settings\Application Data\{B5666BB1-0475-47EF-BE4A-7169C9AA9183}
c:\documents and settings\Owner\Local Settings\Application Data\{B5666BB1-0475-47EF-BE4A-7169C9AA9183}\chrome.manifest
c:\documents and settings\Owner\Local Settings\Application Data\{B5666BB1-0475-47EF-BE4A-7169C9AA9183}\chrome\content\_cfg.js
c:\documents and settings\Owner\Local Settings\Application Data\{B5666BB1-0475-47EF-BE4A-7169C9AA9183}\chrome\content\c.js
c:\documents and settings\Owner\Local Settings\Application Data\{B5666BB1-0475-47EF-BE4A-7169C9AA9183}\chrome\content\overlay.xul
c:\documents and settings\Owner\Local Settings\Application Data\{B5666BB1-0475-47EF-BE4A-7169C9AA9183}\install.rdf
c:\documents and settings\Owner\protect.dll
c:\documents and settings\Owner\Start Menu\Programs\Startup\scandisk.dll
c:\documents and settings\Owner\Start Menu\Programs\Startup\scandisk.lnk
c:\windows\system32\calc.dll
c:\windows\system32\fcnvkw.dll
c:\windows\system32\gizokoro.exe
c:\windows\system32\lirpqp.dll
c:\windows\system32\tpffisrs.dll
c:\windows\system32\yldggl.dll
c:\windows\system32\yspiyvyg.dll
c:\windows\system32\zgnmtv.dll

.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 )))))))))))))))))))))))))))))))
.

2009-09-28 01:41 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-27 00:24 . 2009-09-27 00:24 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-27 00:23 . 2009-09-27 00:23 -------- d-----w- c:\program files\Veoh Networks
2009-09-27 00:20 . 2009-09-27 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-26 20:28 . 2009-09-27 00:11 -------- d-----w- c:\documents and settings\Owner\.housecall6(2).6
2009-09-26 18:47 . 2009-09-27 00:12 -------- d-----w- c:\program files\Trend Micro
2009-09-26 15:34 . 2009-09-27 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-25 16:34 . 2009-09-25 16:34 -------- d-----w- c:\program files\Java
2009-09-25 03:19 . 2009-09-27 14:35 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-25 01:02 . 2009-09-26 01:11 -------- d-----w- c:\windows\system32\drivers\Avg(2)
2009-09-24 17:54 . 2009-09-24 17:54 -------- d-----w- c:\windows\McAfee.com
2009-09-24 17:26 . 2009-09-24 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-10 14:15 . 2009-09-27 14:40 -------- d-----w- c:\program files\cggjqi

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 01:58 . 2004-08-30 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-09-27 00:12 . 2004-08-10 16:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-25 07:54 . 2009-01-14 05:36 129024 ----a-w- c:\windows\system32\fevmlqyh.dll
2009-09-25 07:53 . 2009-02-05 00:46 129024 ----a-w- c:\windows\system32\lqkkrjvi.dll
2009-09-25 07:52 . 2009-01-12 05:30 129024 ----a-w- c:\windows\system32\uaodvaex.dll
2009-09-24 20:17 . 2007-04-14 08:05 -------- d-----w- c:\program files\DivX
2006-10-11 08:04 . 2008-03-04 21:17 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-03-04 21:17 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-03-04 21:17 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-03-04 21:17 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-03-04 21:17 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\program files\cggjqiSave this Notepad file as CFScript.txt to your Desktop and then close the file. ----

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 3587120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-08-30 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

S3 TNET1130x;Wireless-G Notebook Adapter v.2.0;c:\windows\system32\DRIVERS\tnet1130x.sys [2004-03-10 385536]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
IE: &AOL Toolbar search
Trusted Zone: hotmail.com\www
Trusted Zone: hulu.com\www
Trusted Zone: live.com\co106w.col106.mail
Trusted Zone: live.com\login
Trusted Zone: live.com\mail
Trusted Zone: live.com\onecare
Trusted Zone: megavideo.com\www
Trusted Zone: sidereel.com\www
Trusted Zone: techsupportforum.com\www
Trusted Zone: yahoo.com\music
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\11mxpkaw.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-calc - c:\docume~1\Owner\protect.dll
HKLM-Run-calc - c:\windows\system32\calc.dll

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 22:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(948)
c:\program files\Funk Software\Odyssey Client\odLogin.dll

- - - - - - - > 'explorer.exe'(2820)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\wscntfy.exe
c:\program files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe
.
**************************************************************************
.
Completion time: 2009-09-30 22:44 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-30 02:43
ComboFix2.txt 2009-09-30 00:25
ComboFix3.txt 2009-09-29 23:21

Pre-Run: 7.147.778.048 bytes free
Post-Run: 7.175.733.248 bytes free

174 --- E O F --- 2008-12-19 15:40

**chemist** · 09-29-2009, 09:03 PM

Any particular reason why you aren't updating Windows?

AngelWest · 09-29-2009, 09:36 PM

I did forget to mention in my initial post that the infections were preventing me from connecting to Windows Update. It looks like that shouldn't be a problem now. Are there any particular updates I should look for?

**chemist** · 09-30-2009, 05:22 AM

Hello again, AngelWest. Thanks for submitting the file. Please tell us how your system is behaving.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Hold off on Windows Updates for now. I will suggest an antivirus after the online scan.

------------------------------------------------------

Please tell me what you know about this folder, if anything:

c:\program files\cggjqi

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad:

Code:

dir /a /s "c:\program files\cggjqi" > log.txt
notepad log.txt
del peek.bat

Save this as peek.bat and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on peek.bat and allow it to run. A Notepad file will open. Post the contents of that file in your next reply.

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:

http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/417648-virus-spyware-help.html#post2367522

File::
c:\windows\system32\fevmlqyh.dll
c:\windows\system32\lqkkrjvi.dll
c:\windows\system32\uaodvaex.dll

Save this Notepad file as CFScript.txt to your Desktop and then close the file.

Referring to the picture above, drag CFScript onto ComboFix

If you are prompted to update ComboFix, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

------------------------------------------------------

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.

If you do not get a message box, please do the following:

There should be a file named [4]-Submit_date@time.zip with today's date, located here:

C:\QooBox\Quarantine\[4]-Submit_date@time.zip

Using the 'Browse' button, please submit it to this site ==> http://www.bleepingcomputer.com/subm....php?channel=4

Please let me know if you successfully submitted the file. Thanks.

------------------------------------------------------

We need to install Java on your machine in order to run an online scan with Kaspersky.

Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop.
Scroll down to where it says Java Runtime Environment (JRE) 6 Update 16 The Java SE Runtime Environment (JRE) allows end-users to run Java applications.
Click the Download button to the right.
Select the Windows platform from the dropdown menu.
Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement
Click Continue
Click on the link to download Windows Offline Installation and Save the file to your Desktop.
Close any programs you may have running - especially your web browser.
Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version.

After the install is complete, go back to your Control Panel(using Classic View) and click the Java icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button.
- There are two options in the window to clear the cache - Leave BOTH Checked
  - Applications and Applets
  - Trace and Log Files
- Click OK on Delete Temporary Files Window.
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
- Click OK to leave the Temporary Files Window.
- Click OK to leave the Java Control Panel.
- Delete jre-6u16-windows-i586-p.exe from your desktop.

------------------------------------------------------

Please download ATF-Cleaner by Atribune and Save it to your Desktop.

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Establish an internet connection & perform an online scan at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

Click Run at any Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take several minutes.
Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Click View scan report at the bottom.
Click the Save Report As... button.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

**Note**

To optimize scanning time and produce a more sensible report for review:

Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

------------------------------------------------------

Please post the following in your next reply:

ComboFix.txt
Kaspersky report
report on system behavior

AngelWest · 10-01-2009, 08:52 PM

Here's the log produced by running peek.bat:
Volume in drive C has no label.
Volume Serial Number is F00F-EEB3

Directory of c:\program files\cggjqi

27/09/2009 10:40 <DIR> .
27/09/2009 10:40 <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 6.413.578.240 bytes free

And here's ComboFix.txt:
ComboFix 09-09-30.01 - Owner 30/09/2009 19:32.4.1 - NTFSx86
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

FILE ::
"c:\windows\system32\fevmlqyh.dll"
"c:\windows\system32\lqkkrjvi.dll"
"c:\windows\system32\uaodvaex.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\fevmlqyh.dll
c:\windows\system32\lqkkrjvi.dll
c:\windows\system32\uaodvaex.dll

.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 )))))))))))))))))))))))))))))))
.

2009-09-30 23:08 . 2009-09-30 23:08 -------- d-----w- c:\windows\LastGood
2009-09-30 06:07 . 2005-07-26 04:39 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-09-30 06:07 . 2009-02-09 10:20 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-09-30 06:07 . 2009-02-09 10:20 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-09-30 06:07 . 2009-02-09 10:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-09-30 06:07 . 2009-02-06 17:14 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-09-30 06:07 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-09-30 06:07 . 2009-02-09 10:20 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-09-30 06:07 . 2009-02-09 10:20 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-09-28 01:41 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-27 00:24 . 2009-09-27 00:24 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-27 00:23 . 2009-09-27 00:23 -------- d-----w- c:\program files\Veoh Networks
2009-09-27 00:20 . 2009-09-27 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-26 20:28 . 2009-09-30 02:27 -------- d-----w- c:\documents and settings\Owner\.housecall6(2).6
2009-09-26 18:47 . 2009-09-27 00:12 -------- d-----w- c:\program files\Trend Micro
2009-09-26 15:34 . 2009-09-27 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-25 16:34 . 2009-09-25 16:34 -------- d-----w- c:\program files\Java
2009-09-25 03:19 . 2009-09-27 14:35 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-25 01:02 . 2009-09-26 01:11 -------- d-----w- c:\windows\system32\drivers\Avg(2)
2009-09-24 17:54 . 2009-09-24 17:54 -------- d-----w- c:\windows\McAfee.com
2009-09-24 17:26 . 2009-09-24 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-10 14:15 . 2009-09-27 14:40 -------- d-----w- c:\program files\cggjqi

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-30 01:58 . 2004-08-30 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-09-27 00:12 . 2004-08-10 16:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-25 07:54 . 2009-02-18 14:36 129024 ----a-w- c:\windows\system32\fhbefois.dll
2009-09-25 07:53 . 2009-01-26 23:20 129024 ----a-w- c:\windows\system32\mblift.dll
2009-09-25 07:52 . 2009-01-20 05:47 129024 ----a-w- c:\windows\system32\ulyyvfqc.dll
2009-09-24 20:17 . 2007-04-14 08:05 -------- d-----w- c:\program files\DivX
2009-08-05 09:11 . 2004-06-28 18:10 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2001-08-18 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2001-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2004-06-28 18:11 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-09-22 16:46 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-09-29_23.09.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-01-29 08:58 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2002-08-29 07:41 . 2009-06-12 11:50 76288 c:\windows\system32\telnet.exe
+ 2006-05-15 14:28 . 2008-07-09 07:38 26488 c:\windows\system32\spupdsvc.exe
+ 2007-03-09 06:48 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
- 2004-06-28 18:10 . 2004-08-04 07:56 55808 c:\windows\system32\secur32.dll
+ 2004-06-28 18:10 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll
+ 2001-08-18 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\sc.exe
+ 2004-06-28 18:10 . 2009-06-29 16:12 44544 c:\windows\system32\pngfilt.dll
- 2004-06-28 18:10 . 2008-10-16 20:38 44544 c:\windows\system32\pngfilt.dll
+ 2001-08-18 12:00 . 2009-09-30 15:32 40326 c:\windows\system32\perfc009.dat
- 2001-08-18 12:00 . 2009-05-13 02:42 40326 c:\windows\system32\perfc009.dat
+ 2006-03-01 19:44 . 2008-06-12 14:16 91648 c:\windows\system32\mtxoci.dll
+ 2006-03-01 19:44 . 2008-06-12 14:16 66560 c:\windows\system32\mtxclu.dll
- 2006-03-01 19:44 . 2006-03-01 19:42 66560 c:\windows\system32\mtxclu.dll
+ 2006-11-07 20:03 . 2009-06-29 16:12 52224 c:\windows\system32\msfeedsbs.dll
- 2006-11-07 20:03 . 2008-10-16 20:38 52224 c:\windows\system32\msfeedsbs.dll
+ 2004-06-28 16:42 . 2008-06-12 14:16 58880 c:\windows\system32\msdtclog.dll
- 2004-06-28 16:42 . 2004-08-04 07:56 58880 c:\windows\system32\msdtclog.dll
- 2001-08-18 12:00 . 2008-10-16 20:38 27648 c:\windows\system32\jsproxy.dll
+ 2001-08-18 12:00 . 2009-06-29 16:12 27648 c:\windows\system32\jsproxy.dll
- 2006-11-07 02:26 . 2008-10-16 13:11 13824 c:\windows\system32\ieudinit.exe
+ 2006-11-07 02:26 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe
+ 2001-08-18 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\iernonce.dll
- 2001-08-18 12:00 . 2008-10-16 20:38 44544 c:\windows\system32\iernonce.dll
+ 2004-08-04 07:56 . 2009-06-29 16:12 78336 c:\windows\system32\ieencode.dll
- 2004-08-04 07:56 . 2006-10-17 11:06 78336 c:\windows\system32\ieencode.dll
+ 2004-06-28 18:11 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
- 2004-06-28 18:11 . 2008-10-16 13:11 70656 c:\windows\system32\ie4uinit.exe
+ 2006-10-17 10:58 . 2009-06-29 16:12 63488 c:\windows\system32\icardie.dll
- 2006-10-17 10:58 . 2008-10-16 20:38 63488 c:\windows\system32\icardie.dll
+ 2002-08-29 07:41 . 2009-06-12 11:50 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-02-03 20:08 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
+ 2001-08-18 12:00 . 2009-02-06 16:54 35328 c:\windows\system32\dllcache\sc.exe
- 2004-06-28 18:10 . 2008-10-16 20:38 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-06-28 18:10 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2006-03-01 19:44 . 2008-06-12 14:16 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 14:16 . 2008-06-12 14:16 66560 c:\windows\system32\dllcache\mtxclu.dll
- 2007-05-09 18:30 . 2008-10-16 20:38 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2007-05-09 18:30 . 2009-06-29 16:12 52224 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-06-28 16:42 . 2004-08-04 07:56 58880 c:\windows\system32\dllcache\msdtclog.dll
+ 2004-06-28 16:42 . 2008-06-12 14:16 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2001-08-18 12:00 . 2008-10-16 20:38 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2001-08-18 12:00 . 2009-06-29 16:12 27648 c:\windows\system32\dllcache\jsproxy.dll
+ 2007-05-09 18:30 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
- 2007-05-09 18:30 . 2008-10-16 13:11 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2001-08-18 12:00 . 2009-06-29 16:12 44544 c:\windows\system32\dllcache\iernonce.dll
- 2001-08-18 12:00 . 2008-10-16 20:38 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-04 07:56 . 2006-10-17 11:06 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-04 07:56 . 2009-06-29 16:12 78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-06-28 18:11 . 2008-10-16 13:11 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-06-28 18:11 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2007-08-20 10:04 . 2009-06-29 16:12 63488 c:\windows\system32\dllcache\icardie.dll
- 2007-08-20 10:04 . 2008-10-16 20:38 63488 c:\windows\system32\dllcache\icardie.dll
+ 2001-08-18 12:00 . 2009-07-29 04:53 82432 c:\windows\system32\dllcache\fontsub.dll
+ 2001-08-18 12:00 . 2009-06-29 16:12 17408 c:\windows\system32\dllcache\corpol.dll
- 2001-08-18 12:00 . 2007-01-08 18:01 17408 c:\windows\system32\dllcache\corpol.dll
+ 2004-06-28 18:11 . 2009-06-10 14:21 84992 c:\windows\system32\dllcache\avifil32.dll
- 2004-06-28 18:11 . 2004-08-04 07:56 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 18:55 . 2009-07-17 18:55 58880 c:\windows\system32\dllcache\atl.dll
- 2001-08-18 12:00 . 2007-01-08 18:01 17408 c:\windows\system32\corpol.dll
+ 2001-08-18 12:00 . 2009-06-29 16:12 17408 c:\windows\system32\corpol.dll
+ 2004-06-28 18:11 . 2009-06-10 14:21 84992 c:\windows\system32\avifil32.dll
- 2004-06-28 18:11 . 2004-08-04 07:56 84992 c:\windows\system32\avifil32.dll
+ 2009-09-30 15:07 . 2008-10-16 20:38 44544 c:\windows\ie7updates\KB972260-IE7\pngfilt.dll
+ 2009-09-30 15:07 . 2008-10-16 20:38 52224 c:\windows\ie7updates\KB972260-IE7\msfeedsbs.dll
+ 2009-09-30 15:07 . 2008-10-16 20:38 27648 c:\windows\ie7updates\KB972260-IE7\jsproxy.dll
+ 2009-09-30 15:07 . 2008-10-16 13:11 13824 c:\windows\ie7updates\KB972260-IE7\ieudinit.exe
+ 2009-09-30 15:07 . 2008-10-16 20:38 44544 c:\windows\ie7updates\KB972260-IE7\iernonce.dll
+ 2009-09-30 15:07 . 2006-10-17 11:06 78336 c:\windows\ie7updates\KB972260-IE7\ieencode.dll
+ 2009-09-30 15:07 . 2008-10-16 13:11 70656 c:\windows\ie7updates\KB972260-IE7\ie4uinit.exe
+ 2009-09-30 15:07 . 2008-10-16 20:38 63488 c:\windows\ie7updates\KB972260-IE7\icardie.dll
+ 2009-09-30 15:07 . 2007-01-08 18:01 17408 c:\windows\ie7updates\KB972260-IE7\corpol.dll
+ 2005-05-17 00:43 . 2009-04-15 09:24 351744 c:\windows\system32\xpsp3res.dll
- 2001-08-18 12:00 . 2006-08-17 12:28 132096 c:\windows\system32\wkssvc.dll
+ 2001-08-18 12:00 . 2009-06-10 06:32 132096 c:\windows\system32\wkssvc.dll
+ 2006-06-23 09:33 . 2009-06-29 16:12 827392 c:\windows\system32\wininet.dll
+ 2004-08-10 18:42 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
- 2004-08-10 18:42 . 2004-08-04 07:56 351232 c:\windows\system32\winhttp.dll
- 2004-06-28 18:10 . 2008-10-16 20:38 233472 c:\windows\system32\webcheck.dll
+ 2004-06-28 18:10 . 2009-06-29 16:12 233472 c:\windows\system32\webcheck.dll
+ 2004-06-28 18:11 . 2009-02-06 16:39 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2004-06-28 18:11 . 2009-02-09 10:20 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2004-06-28 18:12 . 2009-02-09 10:20 473088 c:\windows\system32\wbem\fastprox.dll
- 2004-06-28 18:10 . 2008-10-16 20:38 105984 c:\windows\system32\url.dll
+ 2004-06-28 18:10 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll
+ 2001-08-18 12:00 . 2009-02-06 17:14 110592 c:\windows\system32\services.exe
- 2001-08-18 12:00 . 2007-04-25 14:21 144896 c:\windows\system32\schannel.dll
+ 2001-08-18 12:00 . 2008-12-05 07:12 144896 c:\windows\system32\schannel.dll
+ 2005-07-26 04:31 . 2009-02-09 10:20 399360 c:\windows\system32\rpcss.dll
+ 2004-08-10 18:47 . 2009-04-15 15:26 583168 c:\windows\system32\rpcrt4.dll
+ 2001-08-18 12:00 . 2009-09-30 15:32 311938 c:\windows\system32\perfh009.dat
- 2001-08-18 12:00 . 2009-05-13 02:42 311938 c:\windows\system32\perfh009.dat
- 2004-06-28 18:10 . 2004-08-04 07:56 283648 c:\windows\system32\pdh.dll
+ 2004-06-28 18:10 . 2009-03-06 14:44 283648 c:\windows\system32\pdh.dll
- 2001-08-18 12:00 . 2008-10-16 20:38 102912 c:\windows\system32\occache.dll
+ 2001-08-18 12:00 . 2009-06-29 16:12 102912 c:\windows\system32\occache.dll
+ 2001-08-18 12:00 . 2009-02-09 10:20 714752 c:\windows\system32\ntdll.dll
+ 2004-06-28 18:10 . 2009-06-05 07:42 655872 c:\windows\system32\mstscax.dll
- 2004-06-28 18:10 . 2008-10-16 20:38 671232 c:\windows\system32\mstime.dll
+ 2004-06-28 18:10 . 2009-06-29 16:12 671232 c:\windows\system32\mstime.dll
+ 2004-06-28 18:10 . 2009-06-29 16:12 193024 c:\windows\system32\msrating.dll
- 2004-06-28 18:10 . 2008-10-16 20:38 193024 c:\windows\system32\msrating.dll
- 2004-06-28 18:10 . 2008-10-16 20:38 477696 c:\windows\system32\mshtmled.dll
+ 2004-06-28 18:10 . 2009-06-29 16:12 477696 c:\windows\system32\mshtmled.dll
+ 2006-11-07 20:03 . 2009-06-29 16:12 459264 c:\windows\system32\msfeeds.dll
- 2006-11-07 20:03 . 2008-10-16 20:38 459264 c:\windows\system32\msfeeds.dll
+ 2004-08-10 18:47 . 2008-06-12 14:16 161792 c:\windows\system32\msdtcuiu.dll
+ 2004-08-10 18:47 . 2008-06-12 14:16 956928 c:\windows\system32\msdtctm.dll
+ 2004-08-10 18:47 . 2008-06-12 14:16 428032 c:\windows\system32\msdtcprx.dll
+ 2001-08-18 12:00 . 2009-02-09 10:20 723456 c:\windows\system32\lsasrv.dll
+ 2001-08-18 12:00 . 2009-05-07 15:44 344064 c:\windows\system32\localspl.dll
+ 2001-08-18 12:00 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2006-05-18 05:58 . 2009-08-13 15:16 512000 c:\windows\system32\jscript.dll
+ 2006-10-17 10:57 . 2009-06-29 16:12 268288 c:\windows\system32\iertutil.dll
+ 2004-06-28 18:11 . 2009-06-29 16:12 385024 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 10:27 . 2009-06-29 16:12 380928 c:\windows\system32\ieapfltr.dll
+ 2001-08-18 12:00 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
- 2001-08-18 12:00 . 2008-10-15 07:04 161792 c:\windows\system32\ieakui.dll
+ 2004-06-28 18:11 . 2009-06-29 16:12 230400 c:\windows\system32\ieaksie.dll
- 2004-06-28 18:11 . 2008-10-16 20:38 230400 c:\windows\system32\ieaksie.dll
+ 2004-06-28 18:11 . 2009-06-29 16:12 153088 c:\windows\system32\ieakeng.dll
- 2004-06-28 18:11 . 2008-10-16 20:38 153088 c:\windows\system32\ieakeng.dll
- 2004-06-28 12:01 . 2008-10-15 01:18 144424 c:\windows\system32\FNTCACHE.DAT
+ 2004-06-28 12:01 . 2009-09-30 15:26 144424 c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 07:56 . 2008-10-16 20:38 133120 c:\windows\system32\extmgr.dll
+ 2004-08-04 07:56 . 2009-06-29 16:12 133120 c:\windows\system32\extmgr.dll
- 2006-06-09 12:35 . 2008-10-16 20:38 214528 c:\windows\system32\dxtrans.dll
+ 2006-06-09 12:35 . 2009-06-29 16:12 214528 c:\windows\system32\dxtrans.dll
- 2006-06-09 12:35 . 2008-10-16 20:38 347136 c:\windows\system32\dxtmsft.dll
+ 2006-06-09 12:35 . 2009-06-29 16:12 347136 c:\windows\system32\dxtmsft.dll
+ 2001-08-18 12:00 . 2008-12-11 11:57 333184 c:\windows\system32\drivers\srv.sys
+ 2004-10-28 18:06 . 2008-04-21 10:02 215552 c:\windows\system32\dllcache\wordpad.exe
+ 2004-09-22 16:46 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2006-08-17 12:28 . 2009-06-10 06:32 132096 c:\windows\system32\dllcache\wkssvc.dll
- 2006-08-17 12:28 . 2006-08-17 12:28 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2006-06-23 11:02 . 2009-06-29 16:12 827392 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:47 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2006-11-07 20:03 . 2009-06-29 16:12 233472 c:\windows\system32\dllcache\webcheck.dll
- 2006-11-07 20:03 . 2008-10-16 20:38 233472 c:\windows\system32\dllcache\webcheck.dll
- 2006-10-17 11:05 . 2008-10-16 20:38 105984 c:\windows\system32\dllcache\url.dll
+ 2006-10-17 11:05 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll
+ 2004-06-28 18:12 . 2009-06-21 22:04 153088 c:\windows\system32\dllcache\triedit.dll
- 2004-06-28 18:12 . 2004-08-04 07:56 153088 c:\windows\system32\dllcache\triedit.dll
+ 2001-08-18 12:00 . 2009-07-29 04:53 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2006-04-21 06:12 . 2008-12-11 11:57 333184 c:\windows\system32\dllcache\srv.sys
- 2007-04-25 14:21 . 2007-04-25 14:21 144896 c:\windows\system32\dllcache\schannel.dll
+ 2007-04-25 14:21 . 2008-12-05 07:12 144896 c:\windows\system32\dllcache\schannel.dll
+ 2007-10-10 06:48 . 2009-04-15 15:26 583168 c:\windows\system32\dllcache\rpcrt4.dll
- 2004-06-28 18:10 . 2004-08-04 07:56 283648 c:\windows\system32\dllcache\pdh.dll
+ 2004-06-28 18:10 . 2009-03-06 14:44 283648 c:\windows\system32\dllcache\pdh.dll
+ 2006-10-17 11:04 . 2009-06-29 16:12 102912 c:\windows\system32\dllcache\occache.dll
- 2006-10-17 11:04 . 2008-10-16 20:38 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-06-28 18:10 . 2009-08-05 09:11 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2004-06-28 18:10 . 2009-06-05 07:42 655872 c:\windows\system32\dllcache\mstscax.dll
+ 2004-06-28 18:10 . 2009-06-29 16:12 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-06-28 18:10 . 2008-10-16 20:38 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-06-28 18:10 . 2008-10-16 20:38 193024 c:\windows\system32\dllcache\msrating.dll
+ 2004-06-28 18:10 . 2009-06-29 16:12 193024 c:\windows\system32\dllcache\msrating.dll
- 2006-06-23 11:02 . 2008-10-16 20:38 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2006-06-23 11:02 . 2009-06-29 16:12 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2007-05-09 18:30 . 2009-06-29 16:12 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2007-05-09 18:30 . 2008-10-16 20:38 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2004-08-10 18:47 . 2008-06-12 14:16 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2004-08-10 18:47 . 2008-06-12 14:16 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2004-08-10 18:47 . 2008-06-12 14:16 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2006-08-17 12:28 . 2009-02-09 10:20 723456 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-05-07 15:44 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
+ 2006-07-05 10:55 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2003-01-13 18:57 . 2009-08-13 15:16 512000 c:\windows\system32\dllcache\jscript.dll
+ 2006-10-17 11:04 . 2009-06-29 08:35 634632 c:\windows\system32\dllcache\iexplore.exe
+ 2007-05-09 18:30 . 2009-06-29 16:12 268288 c:\windows\system32\dllcache\iertutil.dll
+ 2004-06-28 18:11 . 2009-06-29 16:12 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-05-09 18:30 . 2009-06-29 16:12 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2001-08-18 12:00 . 2008-10-15 07:04 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2001-08-18 12:00 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-06-28 18:11 . 2008-10-16 20:38 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-06-28 18:11 . 2009-06-29 16:12 230400 c:\windows\system32\dllcache\ieaksie.dll
- 2004-06-28 18:11 . 2008-10-16 20:38 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-06-28 18:11 . 2009-06-29 16:12 153088 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 07:56 . 2009-06-29 16:12 133120 c:\windows\system32\dllcache\extmgr.dll
- 2004-08-04 07:56 . 2008-10-16 20:38 133120 c:\windows\system32\dllcache\extmgr.dll
- 2006-06-09 12:35 . 2008-10-16 20:38 214528 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-06-09 12:35 . 2009-06-29 16:12 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2006-06-09 12:35 . 2008-10-16 20:38 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2006-06-09 12:35 . 2009-06-29 16:12 347136 c:\windows\system32\dllcache\dxtmsft.dll
- 2004-06-28 18:11 . 2008-10-16 20:38 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-06-28 18:11 . 2009-06-29 16:12 124928 c:\windows\system32\dllcache\advpack.dll
+ 2004-06-28 18:11 . 2009-06-29 16:12 124928 c:\windows\system32\advpack.dll
- 2004-06-28 18:11 . 2008-10-16 20:38 124928 c:\windows\system32\advpack.dll
+ 2001-08-18 12:00 . 2009-02-09 10:20 616960 c:\windows\system32\advapi32.dll
- 2001-08-18 12:00 . 2004-08-04 07:56 616960 c:\windows\system32\advapi32.dll
+ 2009-09-30 15:07 . 2008-10-16 20:38 826368 c:\windows\ie7updates\KB972260-IE7\wininet.dll
+ 2009-09-30 15:07 . 2008-10-16 20:38 233472 c:\windows\ie7updates\KB972260-IE7\webcheck.dll
+ 2009-09-30 15:07 . 2008-10-16 20:38 105984 c:\windows\ie7updates\KB972260-IE7\url.dll
+ 2009-09-30 15:07 . 2009-05-26 11:40 382840 c:\windows\ie7updates\KB972260-IE7\spuninst\updspapi.dll
+ 2009-09-30 15:07 . 2008-07-08 13:02 231288 c:\windows\ie7updates\KB972260-IE7\spuninst\spuninst.exe
+ 2009-09-30 15:07 . 2008-10-16 20:38 102912 c:\windows\ie7updates\KB972260-IE7\occache.dll
+ 2009-09-30 15:07 . 2008-10-16 20:38 671232 c:\windows\ie7updates\KB972260-IE7\mstime.dll
+ 2009-09-30 15:07 . 2008-10-16 20:38 193024 c:\windows\ie7updates\KB972260-IE7\msrating.dll
+ 2009-09-30 15:07 . 2008-10-16 20:38 477696 c:\windows\ie7updates\KB972260-IE7\mshtmled.dll
+ 2009-09-30 15:07 . 2008-10-16 20:38 459264 c:\windows\ie7updates\KB972260-IE7\msfeeds.dll
+ 2009-09-30 15:07 . 2008-10-15 07:06 633632 c:\windows\ie7updates\KB972260-IE7\iexplore.exe
+ 2009-09-30 15:07 . 2008-10-16 20:38 267776 c:\windows\ie7updates\KB972260-IE7\iertutil.dll
+ 2009-09-30 15:07 . 2008-10-16 20:38 384512 c:\windows\ie7updates\KB972260-IE7\iedkcs32.dll
+ 2009-09-30 15:07 . 2008-10-16 20:38 383488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dll
+ 2009-09-30 15:07 . 2008-10-15 07:04 161792 c:\windows\ie7updates\KB972260-IE7\ieakui.dll
+ 2009-09-30 15:07 . 2008-10-16 20:38 230400 c:\windows\ie7updates\KB972260-IE7\ieaksie.dll
+ 2009-09-30 15:07 . 2008-10-16 20:38 153088 c:\windows\ie7updates\KB972260-IE7\ieakeng.dll
+ 2009-09-30 15:07 . 2008-10-16 20:38 133120 c:\windows\ie7updates\KB972260-IE7\extmgr.dll
+ 2009-09-30 15:07 . 2008-10-16 20:38 214528 c:\windows\ie7updates\KB972260-IE7\dxtrans.dll
+ 2009-09-30 15:07 . 2008-10-16 20:38 347136 c:\windows\ie7updates\KB972260-IE7\dxtmsft.dll
+ 2009-09-30 15:07 . 2008-10-16 20:38 124928 c:\windows\ie7updates\KB972260-IE7\advpack.dll
+ 2004-09-22 16:46 . 2009-05-20 08:56 2458112 c:\windows\system32\WMVCore.dll
- 2004-09-22 16:46 . 2008-06-18 10:03 2458112 c:\windows\system32\WMVCore.dll
+ 2001-08-18 12:00 . 2009-04-17 09:58 1846656 c:\windows\system32\win32k.sys
+ 2006-08-30 18:42 . 2009-06-29 16:12 1159680 c:\windows\system32\urlmon.dll
+ 2006-07-13 13:46 . 2008-07-03 13:03 8460800 c:\windows\system32\shell32.dll
+ 2005-08-30 04:02 . 2009-06-03 19:27 1290752 c:\windows\system32\quartz.dll
+ 2001-08-18 12:00 . 2009-02-06 17:24 2180480 c:\windows\system32\ntoskrnl.exe
+ 2001-08-17 13:48 . 2009-02-06 16:49 2057728 c:\windows\system32\ntkrnlpa.exe
- 2001-08-17 13:48 . 2008-08-14 09:22 2057728 c:\windows\system32\ntkrnlpa.exe
+ 2006-06-30 08:28 . 2009-07-19 13:33 3597824 c:\windows\system32\mshtml.dll
+ 2008-03-20 22:06 . 2008-03-20 22:06 1480232 c:\windows\system32\LegitCheckControl.dll
+ 2006-11-07 20:03 . 2009-07-19 13:32 6067200 c:\windows\system32\ieframe.dll
+ 2006-09-05 22:01 . 2009-06-29 08:33 2452872 c:\windows\system32\ieapfltr.dat
- 2004-09-22 16:46 . 2008-06-18 10:03 2458112 c:\windows\system32\dllcache\wmvcore.dll
+ 2004-09-22 16:46 . 2009-05-20 08:56 2458112 c:\windows\system32\dllcache\WMVCore.dll
+ 2007-03-08 13:47 . 2009-04-17 09:58 1846656 c:\windows\system32\dllcache\win32k.sys
+ 2006-07-25 20:33 . 2009-06-29 16:12 1159680 c:\windows\system32\dllcache\urlmon.dll
+ 2006-07-13 13:33 . 2008-07-03 13:03 8460800 c:\windows\system32\dllcache\shell32.dll
+ 2007-10-29 22:43 . 2009-06-03 19:27 1290752 c:\windows\system32\dllcache\quartz.dll
+ 2006-12-19 14:17 . 2009-02-06 17:24 2180480 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2006-12-19 12:55 . 2009-02-06 16:49 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
- 2006-12-19 12:55 . 2008-08-14 09:22 2015744 c:\windows\system32\dllcache\ntkrpamp.exe
- 2006-12-19 12:55 . 2008-08-14 09:22 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2006-12-19 12:55 . 2009-02-06 16:49 2057728 c:\windows\system32\dllcache\ntkrnlpa.exe
- 2006-12-19 14:15 . 2008-08-14 09:58 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-12-19 14:15 . 2009-02-06 17:22 2136064 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-05-26 18:26 . 2009-07-10 13:42 1315328 c:\windows\system32\dllcache\msoe.dll
+ 2006-07-28 11:28 . 2009-07-19 13:33 3597824 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-09 18:30 . 2009-07-19 13:32 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2007-05-09 18:30 . 2009-06-29 08:33 2452872 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-09-30 15:07 . 2008-10-16 20:38 1160192 c:\windows\ie7updates\KB972260-IE7\urlmon.dll
+ 2009-09-30 15:07 . 2008-12-13 06:40 3593216 c:\windows\ie7updates\KB972260-IE7\mshtml.dll
+ 2009-09-30 15:07 . 2008-10-16 20:38 6066176 c:\windows\ie7updates\KB972260-IE7\ieframe.dll
+ 2009-09-30 15:07 . 2007-04-17 09:28 2455488 c:\windows\ie7updates\KB972260-IE7\ieapfltr.dat
+ 2005-03-02 00:59 . 2009-02-06 17:24 2180480 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 00:34 . 2008-08-14 09:22 2015744 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2005-03-02 00:34 . 2008-08-14 09:22 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2005-03-02 00:34 . 2009-02-06 16:49 2057728 c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2005-03-02 00:57 . 2008-08-14 09:58 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2005-03-02 00:57 . 2009-02-06 17:22 2136064 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2006-04-29 04:07 . 2009-07-14 03:43 10841088 c:\windows\system32\wmp.dll
+ 2009-09-30 15:13 . 2009-08-28 18:38 24689600 c:\windows\system32\MRT.exe
+ 2009-07-14 03:43 . 2009-07-14 03:43 10841088 c:\windows\system32\dllcache\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 3587120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-08-30 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

S3 TNET1130x;Wireless-G Notebook Adapter v.2.0;c:\windows\system32\DRIVERS\tnet1130x.sys [2004-03-10 385536]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
IE: &AOL Toolbar search
Trusted Zone: hotmail.com\www
Trusted Zone: live.com\co106w.col106.mail
Trusted Zone: live.com\login
Trusted Zone: live.com\mail
Trusted Zone: live.com\onecare
Trusted Zone: megavideo.com\www
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: mozilla.com\www
Trusted Zone: sidereel.com\www
Trusted Zone: techsupportforum.com\www
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\11mxpkaw.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-30 19:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(944)
c:\program files\Funk Software\Odyssey Client\odLogin.dll
.
Completion time: 2009-09-30 19:51
ComboFix-quarantined-files.txt 2009-09-30 23:51
ComboFix2.txt 2009-09-30 02:44
ComboFix3.txt 2009-09-30 00:25
ComboFix4.txt 2009-09-29 23:21

Pre-Run: 6.389.567.488 bytes free
Post-Run: 6.360.702.976 bytes free

406 --- E O F --- 2009-09-30 15:18

I did have a minor problem after dropping CFScript into ComboFix. The message appeared at the end offering to send the file you requested for analysis. I said yes but I can't be sure that I was still connected to the internet as my screen was never restored. I ended up having to open up Windows Task Manager using my keyboard and log off of the current session in order for my screen to return to normal. I did also send the file manually through bleepingcomputer just in case.

My next problem occurred with Kaspersky. The scan quit on me after only 14 seconds the first time I ran it and, after trying to run it several times, the longest I succeeded in having it scan for was 1 hour and 33 minutes with a count of 20515 objects scan or 66%. There were 24 threats found and 159 infected objects. The first few times I ran the program, I got several script errors and low memory warnings. I turned off automatic updates and deleted the new virus scan programs you'd had me download plus a couple of programs like Veoh and DivX that I'd been meaning to remove for a while (through Add/Remove Programs in the Control Panel) and it seemed to run better (I also switched from Firefox to Internet Explorer). Also, I reran ATFCleaner each time before rerunning Kapersky and tried restarting a couple of times as well. I didn't have the time to watch Kapersky run the last couple of times so I'm not sure if there were any new error/warning messages I may have missed. Any suggestions?

As for the other questions you'd asked, I don't know anything about c:\program files\cggjqi but my computer does appear to be working much better. My browser is no longer being hijacked, automatic updates turned itself back on, my C drive now opens normally and I haven't noticed any more mysterious programs running when I start up my computer.

I'll await your next instructions...

**chemist** · 10-02-2009, 05:36 AM

Hello again, AngelWest.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:

http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/417648-virus-spyware-help.html#post2370544

Collect::
c:\windows\system32\fevmlqyh.dll
c:\windows\system32\lqkkrjvi.dll
c:\windows\system32\uaodvaex.dll

Folder::
c:\windows\system32\drivers\Avg(2)
c:\windows\McAfee.com
c:\documents and settings\All Users\Application Data\McAfee
c:\program files\cggjqi

Save this Notepad file as CFScript.txt to your Desktop and then close the file.

Referring to the picture above, drag CFScript onto ComboFix

If you are prompted to update ComboFix, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

------------------------------------------------------

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.

If you do not get a message box, please do the following:

There should be a file named [4]-Submit_date@time.zip with today's date, located here:

C:\QooBox\Quarantine\[4]-Submit_date@time.zip

Using the 'Browse' button, please submit it to this site ==> http://www.bleepingcomputer.com/subm....php?channel=4

Please let me know if you successfully submitted the file. Thanks.

------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here to run an online scannner from ESET and Save the file to your Desktop.

If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
Turn off the real-time scanner of any existing antivirus program while performing the online scan.
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install.
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings and ensure these options are ticked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth Technology
Next to 'Current scan targets: Operating memory, Local drives, click the Change.. button.
Tick all the boxes that correspond to your external/inserted drives.
Click Scan
Wait for the scan to finish.
Use Notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
Copy/paste that log as a reply to this topic and also let me know how things are now.

------------------------------------------------------

If you have trouble with your computer blocking the ActiveX, go here and temporarily turn the feature off:

http://www.windowsreference.com/inte...the-publisher/

Remember to turn it back on after the scan!

-------------------------------------------------------

Please post the following in your next reply:

ComboFix.txt
ESET report

**chemist** · 10-06-2009, 03:49 PM

Still with us, AngelWest?

**chemist** · 10-11-2009, 01:38 PM

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

------------------------------------------------------

AngelWest · 10-11-2009, 09:45 PM

Sorry for the long delay in getting back to the forum. Here's the link to the last entry in my original Virus/Spyware removal help thread: Virus/Spyware help.

And here are the requested texts....

ComboFix 09-10-11.01 - Owner 11/10/2009 18:07.5.1 - NTFSx86
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\McAfee
c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\Common\Install\Install000.log
c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\Common\McUICnt\McUICnt000.log
c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\MasterInstaller\Install\Install000.log
c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\McUICnt\McUICnt\McUICnt000.log
c:\documents and settings\All Users\Start Menu\Programs\Internet Explorer.lnk
c:\program files\cggjqi
c:\windows\Installer\43cf26e.msp
c:\windows\Installer\4ba417.msi
c:\windows\Installer\9624f65.msp
c:\windows\Installer\9624f75.msp
c:\windows\Installer\9624fc3.msp
c:\windows\Installer\9624fd2.msp
c:\windows\Installer\9624fe9.msp
c:\windows\Installer\9624ffd.msp
c:\windows\Installer\962500c.msp
c:\windows\Installer\962501d.msp
c:\windows\Installer\962502f.msp
c:\windows\Installer\962503e.msp
c:\windows\Installer\962504d.msp
c:\windows\Installer\962505b.msp
c:\windows\Installer\962506a.msp
c:\windows\McAfee.com
c:\windows\McAfee.com\FreeScan\config.dat
c:\windows\McAfee.com\FreeScan\names.DAT
c:\windows\McAfee.com\FreeScan\scan.DAT
c:\windows\McAfee.com\FreeScan\signlic.txt
c:\windows\system32\ATHPRXY(2).DLL
c:\windows\system32\drivers\Avg(2)
c:\windows\system32\drivers\Avg(2)\commonpriv.log
c:\windows\system32\drivers\Avg(2)\commonpriv.log.lock
c:\windows\system32\drivers\Avg(2)\incavi.avm

.
((((((((((((((((((((((((( Files Created from 2009-09-11 to 2009-10-11 )))))))))))))))))))))))))))))))
.

2009-10-11 21:13 . 2009-10-11 21:13 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-01 00:45 . 2009-10-01 00:45 -------- d-----w- c:\windows\Sun
2009-10-01 00:32 . 2009-10-01 00:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-30 06:07 . 2005-07-26 04:39 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-09-30 06:07 . 2009-02-09 10:20 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-09-30 06:07 . 2009-02-09 10:20 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-09-30 06:07 . 2009-02-09 10:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-09-30 06:07 . 2009-02-06 17:14 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-09-30 06:07 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-09-30 06:07 . 2009-02-09 10:20 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-09-30 06:07 . 2009-02-09 10:20 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-09-28 01:41 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-27 00:20 . 2009-09-27 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-26 15:34 . 2009-09-27 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-25 16:34 . 2009-09-25 16:34 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-01 01:32 . 2004-08-10 16:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-30 01:58 . 2004-08-30 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-09-25 07:54 . 2009-02-18 14:36 129024 ----a-w- c:\windows\system32\fhbefois.dll
2009-09-25 07:53 . 2009-01-26 23:20 129024 ----a-w- c:\windows\system32\mblift.dll
2009-09-25 07:52 . 2009-01-20 05:47 129024 ----a-w- c:\windows\system32\ulyyvfqc.dll
2009-08-05 09:11 . 2004-06-28 18:10 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2001-08-18 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2001-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2004-06-28 18:11 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-09-22 16:46 286208 ----a-w- c:\windows\system32\wmpdxm.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-09-30_23.45.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-08-18 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\wdigest.dll
- 2007-03-09 06:48 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2007-03-09 06:48 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2004-06-28 18:10 . 2009-06-25 08:44 56320 c:\windows\system32\secur32.dll
- 1999-10-17 23:01 . 1999-10-17 23:01 26384 c:\windows\system32\FM20ENU.DLL
+ 2003-08-18 18:26 . 1999-10-17 23:01 26384 c:\windows\system32\FM20ENU.DLL
+ 2001-08-18 12:00 . 2009-06-22 11:34 92544 c:\windows\system32\drivers\ksecdd.sys
+ 2009-06-25 08:44 . 2009-06-25 08:44 59392 c:\windows\system32\dllcache\wdigest.dll
+ 2009-02-03 20:08 . 2009-06-25 08:44 56320 c:\windows\system32\dllcache\secur32.dll
+ 2001-08-18 12:00 . 2009-06-22 11:34 92544 c:\windows\system32\dllcache\ksecdd.sys
+ 2001-08-18 12:00 . 2009-06-25 08:44 168448 c:\windows\system32\schannel.dll
+ 2008-10-07 20:41 . 2009-10-11 21:14 558824 c:\windows\system32\Restore\rstrlog.dat
+ 2001-08-18 12:00 . 2009-06-25 08:44 133632 c:\windows\system32\msv1_0.dll
+ 2001-08-18 12:00 . 2009-06-25 08:44 724480 c:\windows\system32\lsasrv.dll
+ 2005-06-15 17:50 . 2009-06-25 08:44 298496 c:\windows\system32\kerberos.dll
+ 2009-10-01 00:32 . 2009-10-01 00:31 149280 c:\windows\system32\javaws.exe
+ 2009-10-01 00:32 . 2009-10-01 00:31 145184 c:\windows\system32\javaw.exe
+ 2009-10-01 00:32 . 2009-10-01 00:31 145184 c:\windows\system32\java.exe
+ 2007-04-25 14:21 . 2009-06-25 08:44 168448 c:\windows\system32\dllcache\schannel.dll
+ 2009-06-25 08:44 . 2009-06-25 08:44 133632 c:\windows\system32\dllcache\msv1_0.dll
+ 2006-08-17 12:28 . 2009-06-25 08:44 724480 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:44 . 2009-06-25 08:44 298496 c:\windows\system32\dllcache\kerberos.dll
+ 2009-10-01 00:31 . 2009-10-01 00:31 537600 c:\windows\Installer\4fbca7.msi
+ 2003-09-25 16:07 . 1999-10-17 23:01 1129232 c:\windows\system32\FM20.DLL
- 1999-10-17 23:01 . 1999-10-17 23:01 1129232 c:\windows\system32\FM20.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-08-30 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-01 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

S3 TNET1130x;Wireless-G Notebook Adapter v.2.0;c:\windows\system32\DRIVERS\tnet1130x.sys [2004-03-10 385536]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
IE: &AOL Toolbar search
Trusted Zone: hotmail.com\www
Trusted Zone: live.com\co106w.col106.mail
Trusted Zone: live.com\login
Trusted Zone: live.com\mail
Trusted Zone: live.com\onecare
Trusted Zone: megavideo.com\www
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: mozilla.com\www
Trusted Zone: sidereel.com\www
Trusted Zone: techsupportforum.com\www
Trusted Zone: videostic.com\www
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\11mxpkaw.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-11 18:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(940)
c:\program files\Funk Software\Odyssey Client\odLogin.dll
.
Completion time: 2009-10-11 18:25
ComboFix-quarantined-files.txt 2009-10-11 22:25
ComboFix2.txt 2009-09-30 23:51
ComboFix3.txt 2009-09-30 02:44
ComboFix4.txt 2009-09-30 00:25
ComboFix5.txt 2009-10-11 21:38

Pre-Run: 6.067.736.576 bytes free
Post-Run: 6.122.733.568 bytes free

194 --- E O F --- 2009-10-05 01:32

The ESet file was too long to include in the body of this post; please find it attached,

**chemist** · 10-12-2009, 05:41 AM

Hello again, AngelWest. While I understand real life is most important, it's difficult to work on your issue with your replies so far apart. It also keeps me from helping others, as I don't take on an unlimited number of threads at one time. Please try to be more prompt in your replies, so we can resolve this issue in a more rapid fashion. Thanks.

------------------------------------------------------

Thanks for submitting the file. As far as the ESET report, QooBox is ComboFix's quarantine folder. System Volume Information is where Windows keeps old system restore points. Both will get deleted when we uninstall ComboFix.

------------------------------------------------------

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Quote:

Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe

You were specifically instructed to download ComboFix.exe to your desktop. When we are done, ComboFix's uninstall command won't work unless ComboFix is on your desktop. Please move it there now.

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:

http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/417648-virus-spyware-help.html#post2386312

Collect::
c:\windows\system32\fhbefois.dll
c:\windows\system32\mblift.dll
c:\windows\system32\ulyyvfqc.dll

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001

Save this Notepad file as CFScript.txt to your Desktop and then close the file.

Referring to the picture above, drag CFScript onto ComboFix

If you are prompted to update ComboFix and have an internet connection, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

------------------------------------------------------

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.

If you do not get a message box, please do the following:

There should be a file named [4]-Submit_date@time.zip with today's date, located here:

C:\QooBox\Quarantine\[4]-Submit_date@time.zip

Using the 'Browse' button, please submit it to this site ==> http://www.bleepingcomputer.com/subm....php?channel=4

Please let me know if you successfully submitted the file. Thanks.

------------------------------------------------------

Let's install Avira's AntiVir, a good, free AntiVirus application that is light on system resources.

Please follow the directions here for downloading, installing, updating, and running a full system scan:

http://www.free-av.com/en/pages/20/I...20AntiVir.html

At the end of the scan, click 'Report' and post the log in your next reply.

------------------------------------------------------

AngelWest · 10-12-2009, 11:33 PM

Thanks for your patience! I was able to get ComboFix back on the Desktop and run ComboFix (a file was submitted at the end) and Avira. That said, my computer tells me the Avira report is saved to my desktop but doesn't let me access it when I use the browse option for uploading it to the post nor does it physically show up on my desktop. Due to its size, I'll have to put it in a second reply.
Here's the ComboFix log:
ComboFix 09-10-12.02 - Owner 12/10/2009 22:41.6.1 - NTFSx86
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt

file zipped: c:\windows\system32\fhbefois.dll
file zipped: c:\windows\system32\mblift.dll
file zipped: c:\windows\system32\ulyyvfqc.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\fhbefois.dll
c:\windows\system32\mblift.dll
c:\windows\system32\ulyyvfqc.dll

.
((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 )))))))))))))))))))))))))))))))
.

2009-10-12 01:41 . 2009-10-12 01:41 -------- d-----w- c:\program files\ESET
2009-10-11 21:13 . 2009-10-11 21:13 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-01 00:45 . 2009-10-01 00:45 -------- d-----w- c:\windows\Sun
2009-10-01 00:32 . 2009-10-01 00:31 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-30 06:07 . 2005-07-26 04:39 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-09-30 06:07 . 2009-02-09 10:20 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-09-30 06:07 . 2009-02-09 10:20 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-09-30 06:07 . 2009-02-09 10:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-09-30 06:07 . 2009-02-06 17:14 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-09-30 06:07 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-09-30 06:07 . 2009-02-09 10:20 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-09-30 06:07 . 2009-02-09 10:20 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-09-28 01:41 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-27 00:20 . 2009-09-27 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-09-26 15:34 . 2009-09-27 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-25 16:34 . 2009-09-25 16:34 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-01 01:32 . 2004-08-10 16:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-30 01:58 . 2004-08-30 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-09-25 07:54 . 2009-02-13 00:55 129024 ----a-w- c:\windows\system32\fovatfob.dll
2009-09-25 07:53 . 2009-01-23 06:07 129024 ----a-w- c:\windows\system32\mlgtiuqp.dll
2009-09-25 07:52 . 2009-01-30 00:37 129024 ----a-w- c:\windows\system32\uqhlnk.dll
2009-08-05 09:11 . 2004-06-28 18:10 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2001-08-18 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2001-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2004-06-28 18:11 58880 ----a-w- c:\windows\system32\atl.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-09-30_23.45.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2001-08-18 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\wdigest.dll
- 2007-03-09 06:48 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2007-03-09 06:48 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll
+ 2004-06-28 18:10 . 2009-06-25 08:44 56320 c:\windows\system32\secur32.dll
- 1999-10-17 23:01 . 1999-10-17 23:01 26384 c:\windows\system32\FM20ENU.DLL
+ 2003-08-18 18:26 . 1999-10-17 23:01 26384 c:\windows\system32\FM20ENU.DLL
+ 2001-08-18 12:00 . 2009-06-22 11:34 92544 c:\windows\system32\drivers\ksecdd.sys
+ 2009-06-25 08:44 . 2009-06-25 08:44 59392 c:\windows\system32\dllcache\wdigest.dll
+ 2009-02-03 20:08 . 2009-06-25 08:44 56320 c:\windows\system32\dllcache\secur32.dll
+ 2001-08-18 12:00 . 2009-06-22 11:34 92544 c:\windows\system32\dllcache\ksecdd.sys
+ 2001-08-18 12:00 . 2009-06-25 08:44 168448 c:\windows\system32\schannel.dll
+ 2008-10-07 20:41 . 2009-10-11 21:14 558824 c:\windows\system32\Restore\rstrlog.dat
+ 2001-08-18 12:00 . 2009-06-25 08:44 133632 c:\windows\system32\msv1_0.dll
+ 2001-08-18 12:00 . 2009-06-25 08:44 724480 c:\windows\system32\lsasrv.dll
+ 2005-06-15 17:50 . 2009-06-25 08:44 298496 c:\windows\system32\kerberos.dll
+ 2009-10-01 00:32 . 2009-10-01 00:31 149280 c:\windows\system32\javaws.exe
+ 2009-10-01 00:32 . 2009-10-01 00:31 145184 c:\windows\system32\javaw.exe
+ 2009-10-01 00:32 . 2009-10-01 00:31 145184 c:\windows\system32\java.exe
+ 2007-04-25 14:21 . 2009-06-25 08:44 168448 c:\windows\system32\dllcache\schannel.dll
+ 2009-06-25 08:44 . 2009-06-25 08:44 133632 c:\windows\system32\dllcache\msv1_0.dll
+ 2006-08-17 12:28 . 2009-06-25 08:44 724480 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:44 . 2009-06-25 08:44 298496 c:\windows\system32\dllcache\kerberos.dll
+ 2009-10-01 00:31 . 2009-10-01 00:31 537600 c:\windows\Installer\4fbca7.msi
+ 2003-09-25 16:07 . 1999-10-17 23:01 1129232 c:\windows\system32\FM20.DLL
- 1999-10-17 23:01 . 1999-10-17 23:01 1129232 c:\windows\system32\FM20.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-08-30 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-01 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

S3 TNET1130x;Wireless-G Notebook Adapter v.2.0;c:\windows\system32\DRIVERS\tnet1130x.sys [2004-03-10 385536]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hotmail.com/
IE: &AOL Toolbar search
Trusted Zone: hotmail.com\www
Trusted Zone: live.com\co106w.col106.mail
Trusted Zone: live.com\login
Trusted Zone: live.com\mail
Trusted Zone: live.com\onecare
Trusted Zone: megavideo.com\www
Trusted Zone: microsoft.com\update
Trusted Zone: microsoft.com\windowsupdate
Trusted Zone: mozilla.com\www
Trusted Zone: sidereel.com\www
Trusted Zone: techsupportforum.com\www
Trusted Zone: videostic.com\www
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\11mxpkaw.default\
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 22:54
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(940)
c:\program files\Funk Software\Odyssey Client\odLogin.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2009-10-13 23:01
ComboFix-quarantined-files.txt 2009-10-13 03:01
ComboFix2.txt 2009-10-11 22:25
ComboFix3.txt 2009-09-30 23:51
ComboFix4.txt 2009-09-30 02:44
ComboFix5.txt 2009-10-13 02:27

Pre-Run: 5.938.077.696 bytes free
Post-Run: 5.909.073.920 bytes free

164 --- E O F --- 2009-10-12 15:04
Upload was successful

AngelWest · 10-12-2009, 11:35 PM

Here's the Avira report part 1:
Avira AntiVir Personal
Report file date: lunes, 12 de octubre de 2009 23:53

Scanning for 1791220 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : 87ME4YXSOQ1GDBK

Version information:
BUILD.DAT : 9.0.0.407 17961 Bytes 29/07/2009 10:34:00
AVSCAN.EXE : 9.0.3.7 466689 Bytes 21/07/2009 18:36:14
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 15:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 16:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 15:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 17:30:36
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 14:21:42
ANTIVIR2.VDF : 7.1.6.50 4333568 Bytes 29/09/2009 03:42:46
ANTIVIR3.VDF : 7.1.6.101 457728 Bytes 12/10/2009 03:42:55
Engineversion : 8.2.1.35
AEVDF.DLL : 8.1.1.2 106867 Bytes 13/10/2009 03:43:34
AESCRIPT.DLL : 8.1.2.35 483707 Bytes 13/10/2009 03:43:32
AESCN.DLL : 8.1.2.5 127346 Bytes 13/10/2009 03:43:29
AERDL.DLL : 8.1.3.2 479604 Bytes 13/10/2009 03:43:28
AEPACK.DLL : 8.2.0.0 422261 Bytes 13/10/2009 03:43:23
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 23/07/2009 14:59:39
AEHEUR.DLL : 8.1.0.167 2011511 Bytes 13/10/2009 03:43:19
AEHELP.DLL : 8.1.7.0 237940 Bytes 13/10/2009 03:43:05
AEGEN.DLL : 8.1.1.67 364916 Bytes 13/10/2009 03:43:03
AEEMU.DLL : 8.1.1.0 393587 Bytes 13/10/2009 03:43:00
AECORE.DLL : 8.1.8.1 184693 Bytes 13/10/2009 03:42:57
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 19:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 13:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 15:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 19:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 15:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 20:05:41
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 15:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 20:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 13:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 15:32:10
RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 20:39:58
RCTEXT.DLL : 9.0.37.0 86785 Bytes 17/04/2009 15:19:48

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+PCK,+SPR,

Start of the scan: lunes, 12 de octubre de 2009 23:53

Starting search for hidden objects.
'44139' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'WPC54Cfg.exe' - '1' Module(s) have been scanned
Scan process 'OdHost.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '53' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
[NOTE] This file is a Windows system file.
[NOTE] This file cannot be opened for scanning.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSysguard1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
C:\Documents and Settings\Owner\Desktop\a.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall6(2).6\Quarantine\backup-20090926-153606-249.dll.bac_a03056.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall6(2).6\Quarantine\backup-20090926-153606-249.dll.bac_a03056.vir
[DETECTION] Is the TR/Vundo.ggf.3 Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall6(2).6\Quarantine\backup-20090926-153606-500.dll.bac_a03056.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall6(2).6\Quarantine\backup-20090926-153607-179.dll.bac_a03056.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall6(2).6\Quarantine\lsp.dll.bac_a03056.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall6(2).6\Quarantine\lsp.dll.bac_a03056.vir
[DETECTION] Is the TR/Proxy.Agent.bpi Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall6(2).6\Quarantine\xqnkfz.dll.bac_a03056.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall6(2).6\Quarantine\yaywuvTJ.dll.bac_a03056.vir
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall6(2).6\Quarantine\yaywuvTJ.dll.bac_a03056.vir
[DETECTION] Is the TR/Vundo.ggf.3 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\eximatumoyes.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\Fviwe.dll.vir
[DETECTION] Is the TR/Dldr.Agent.bkaf Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\a.exe.vir
[DETECTION] Is the TR/Inject.ozp Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ahytdy.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\bgghaxka.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\bgokiv.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\bnoyxj.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\bqbixysj.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\bsiqtkgq.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\buhqqclt.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\cjgpoxvh.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\cyuaqxih.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\dbcjxghm.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\dgarew.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drwleuly.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\dusrwz.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\dvbvpgpk.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\dzjmeo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\eilzib.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\eknubz.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\embmokfc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\erjhnmxq.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\evhilb.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\fbbsopvk.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\fccaXQhf.dll.vir
[DETECTION] Is the TR/Vundo.ggm.2 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\fdpfus.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\fhqwvg.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\fofebo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ftsoywuw.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\fuduyefi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\geogkqpr.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\gsowlsii.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\heiokmrr.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\hjdafrpc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\holhfi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iaduxnnt.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ibbqpqfy.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ibjqarep.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ibkbvvwb.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iehelper.dll.vir
[DETECTION] Is the TR/BHO.9216 Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\igvwnt.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iliviqif.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iujhynln.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iyxptt.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\jfzazd.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\jhawoaan.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\jitwdd.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\jjrnmpbe.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\jmfufu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\jqxful.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\jwwiexxp.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\kaiqvhyn.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\khmbmd.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\kknusntc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\knixfc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\knrebl.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\krrasmyf.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\kwcamz.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\kxmsvb.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\lhmplskb.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ljnnrwup.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\lnalvz.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\lsp.dll.vir
[DETECTION] Is the TR/Proxy.Agent.bpi Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\lubtysiy.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\maumnsno.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\mbitcbto.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\mcaqtwey.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\mgjvmf.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\miqejg.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\mohgim.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\momvnf.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\myrdjc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\nbbffbjg.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ndqgermi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\nkwqgjbf.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ntbtjjly.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\nuytsa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\nwhfobcn.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\oacayenc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ocnpxoci.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ofpbyu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ogpmeu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\okhutilk.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\omwltemm.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\onbblluq.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\oxfyuo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ozmmos.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\pddrqxap.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\peadrrcm.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\phojps.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\pjpheg.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\plgmqdmm.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\pliuguxb.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\pwavhc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\pwfuskkx.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\qbsbaxgv.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\qdrhcx.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\qekmexko.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\qfetquaq.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\qijxrhpi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\qlukzc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\qnpzvk.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\qnxsxh.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\qokhatsj.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\qotnvdcm.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\qtjtsbnl.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\qvlivqak.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\qxscbwdd.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\rasbdlai.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\rkkrkaey.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\rndqis.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\rnikwk.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\rthyzr.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\saspgn.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\siayprog.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\skuqdluh.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\spsatpgc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\sviyhs.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\tcbmun.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\tjnqbo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ttenaons.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\twetncfl.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ucevuc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ugnqqrfd.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\uiolep.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ulcpxq.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\uxgsds.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\vbiymb.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\vkgsohfm.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\vlcwzw.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\vrvsgw.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\vzfrvx.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\waltastu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wanqepal.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\waxgyduu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wmdreh.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wogirubi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wvlptdsj.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\wxkefwjl.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\xecjqn.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\xihspxyo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\xinnyudl.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\xjvpuyjv.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\xljcbg.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\xtdkoq.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\xtdost.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\xtkdwmoh.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\yaYWuvtj.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\yozhjr.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\yrcwpjwr.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\ysurmwpa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\zizesabo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\zmiamx.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\_yaywuvTJ_.dll.zip
[0] Archive type: ZIP
--> yaYWuvtj.dll
[DETECTION] Is the TR/Vundo.ggf.3 Trojan
--> yaYWuvtj.dll.1
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192246.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192247.exe
[DETECTION] Is the TR/Inject.ozp Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192249.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192251.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192253.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192254.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192255.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192256.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192257.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192258.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192259.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192261.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192262.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192263.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192264.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192266.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192269.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192270.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192271.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192272.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192274.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192275.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192276.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192277.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192278.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192279.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192281.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192282.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192283.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192286.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192287.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192288.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192290.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192291.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192293.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192294.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192296.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192297.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192298.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192299.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192300.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192301.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192302.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192303.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192305.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192307.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192308.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192415.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192416.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192417.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192418.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192419.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192420.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192421.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192423.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192424.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192425.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192426.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192428.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192429.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192430.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192431.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192432.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192433.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192434.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192436.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192437.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192438.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192439.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192441.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192445.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192446.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192447.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192448.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192449.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192450.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192452.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192453.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192454.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192455.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192456.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192458.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192459.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192461.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192463.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192464.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192465.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192467.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192468.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192469.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192470.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192471.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192474.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192475.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192476.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192477.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192479.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192480.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192482.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192483.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192484.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192485.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192486.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192487.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192488.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192490.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192491.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192492.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192493.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192494.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192495.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192496.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192497.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192498.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192499.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192500.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192502.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192503.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192504.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192506.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192507.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192508.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192510.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192512.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192513.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192514.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192515.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192516.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192517.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192518.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192519.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192521.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192522.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192523.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192524.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192526.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192527.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192528.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192529.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192530.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192532.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192533.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192534.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192535.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192536.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192537.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192538.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192540.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192541.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192542.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192543.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192544.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192546.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192547.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192549.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192550.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192552.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192553.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192554.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192556.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192557.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192558.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192559.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192560.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192561.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192562.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192563.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192564.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192567.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192568.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192569.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192570.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192571.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192572.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192573.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192574.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1126\A0193339.dll
[DETECTION] Is the TR/Dldr.Agent.bkaf Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1126\A0193364.dll
[DETECTION] Is the TR/Vundo.ggf.3 Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1126\A0193365.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1127\A0193856.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195966.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195969.exe
[DETECTION] Is the TR/Inject.ozp Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195971.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195974.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195975.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195976.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195977.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195978.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195979.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195981.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195982.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195983.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195985.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195989.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195990.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195991.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195992.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195994.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195995.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195996.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195997.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195998.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195999.dll
[DETECTION] Is the TR/Vundo.ggm.2 Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196000.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196001.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196002.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196003.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196004.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196007.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196008.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196010.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196012.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196014.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196015.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196016.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196017.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196018.dll
[DETECTION] Is the TR/BHO.9216 Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196019.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196020.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196022.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196024.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196025.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196026.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196027.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196028.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196029.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196030.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196032.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196033.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196035.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196036.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196037.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196038.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196039.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196041.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196042.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196043.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196045.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196049.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196050.dll
[DETECTION] Is the TR/Proxy.Agent.bpi Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196051.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196052.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196053.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196054.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196056.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196057.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196058.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196059.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196060.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196062.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196063.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196065.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196067.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196068.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196069.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196071.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196072.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196073.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196074.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196075.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196078.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196079.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196080.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196081.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196083.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196084.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196086.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196087.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196088.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196089.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196090.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196091.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196093.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196094.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196095.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196096.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196097.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196098.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196099.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196100.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196101.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196102.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196103.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196104.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196106.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196107.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196109.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196110.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196111.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196112.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196114.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196116.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196117.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196118.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196119.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196120.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196123.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196125.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196126.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196128.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196129.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196130.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196131.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196133.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196134.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196135.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196136.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196137.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196139.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196140.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196141.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196142.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196144.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196145.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196147.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196149.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196150.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196152.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196153.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196154.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196155.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196156.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196157.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196158.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196161.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196162.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196163.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196164.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196165.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196172.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196173.dll
[DETECTION] Is the TR/Trash.Gen Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196268.dll
[DETECTION] Is the TR/Dldr.Agent.bkaf Trojan
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196274.dll
[DETECTION] Is the TR/Trash.Gen Trojan

Beginning disinfection:
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FraudSysguard1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4b350b94.qua'!
C:\Documents and Settings\Owner\Desktop\a.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4b390b51.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall6(2).6\Quarantine\backup-20090926-153606-249.dll.bac_a03056.vir
[NOTE] The file was moved to '4b370b84.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall6(2).6\Quarantine\backup-20090926-153606-500.dll.bac_a03056.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b370b85.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall6(2).6\Quarantine\backup-20090926-153607-179.dll.bac_a03056.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4a581d96.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall6(2).6\Quarantine\lsp.dll.bac_a03056.vir
[NOTE] The file was moved to '4b440b98.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall6(2).6\Quarantine\xqnkfz.dll.bac_a03056.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b420b96.qua'!
C:\Qoobox\Quarantine\C\Documents and Settings\Owner\.housecall6(2).6\Quarantine\yaywuvTJ.dll.bac_a03056.vir
[NOTE] The file was moved to '4b4d0b87.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\eximatumoyes.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4b3d0b9e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\Fviwe.dll.vir
[DETECTION] Is the TR/Dldr.Agent.bkaf Trojan
[NOTE] The file was moved to '4b3d0ba1.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\a.exe.vir
[DETECTION] Is the TR/Inject.ozp Trojan
[NOTE] The file was moved to '4b390b5a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ahytdy.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b4d0b94.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\bgghaxka.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3b0b93.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\bgokiv.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b430b93.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\bnoyxj.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b430b9a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\bqbixysj.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b360b9d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\bsiqtkgq.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3d0b9f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\buhqqclt.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3c0ba1.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\cjgpoxvh.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3b0b96.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\cyuaqxih.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b490ba5.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\dbcjxghm.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b370b8f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\dgarew.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48648da5.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\drwleuly.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b4b0b9f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\dusrwz.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b470ba2.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\dvbvpgpk.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b360ba3.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\dzjmeo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3e0ba7.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\eilzib.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b400b96.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\eknubz.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b420b98.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\embmokfc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b360b9a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\erjhnmxq.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3e0b9f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\evhilb.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3c0ba3.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fbbsopvk.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b360b8f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fccaXQhf.dll.vir
[DETECTION] Is the TR/Vundo.ggm.2 Trojan
[NOTE] The file was moved to '4b370b90.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fdpfus.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b440b91.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fhqwvg.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b450b95.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fofebo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3a0b9d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ftsoywuw.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4827f14b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\fuduyefi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b380ba3.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\geogkqpr.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '482001ec.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gsowlsii.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b430ba1.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\heiokmrr.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3d0b93.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\hjdafrpc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b380b98.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\holhfi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b400b9d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\iaduxnnt.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b380b8f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ibbqpqfy.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b360b90.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ibjqarep.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3e0b90.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ibkbvvwb.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3f0b91.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\iehelper.dll.vir
[DETECTION] Is the TR/BHO.9216 Trojan
[NOTE] The file was moved to '4b3c0b94.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\igvwnt.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b4a0b96.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\iliviqif.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3d0b9b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\iujhynln.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3e0ba5.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\iyxptt.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b4c0ba9.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jfzazd.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b4e0b96.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jhawoaan.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b350b99.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jitwdd.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b480b9a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jjrnmpbe.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b460b9b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jmfufu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3a0b9e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jqxful.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b4c0ba2.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\jwwiexxp.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b4b0ba8.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\kaiqvhyn.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3d0b92.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\khmbmd.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b410b9a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\kknusntc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b420b9d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\knixfc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3d0ba0.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\knrebl.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b460ba0.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\krrasmyf.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b460ba4.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\kwcamz.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b370ba9.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\kxmsvb.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b410baa.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\lhmplskb.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48c31b2b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ljnnrwup.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b420b9c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\lnalvz.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b350ba0.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\lsp.dll.vir
[DETECTION] Is the TR/Proxy.Agent.bpi Trojan
[NOTE] The file was moved to '4b440ba5.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\lubtysiy.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b360ba7.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\maumnsno.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b490b94.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\mbitcbto.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3d0b95.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\mcaqtwey.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b350b96.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\mgjvmf.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3e0b9a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\miqejg.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b450b9c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\mohgim.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3c0ba2.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\momvnf.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b410ba2.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\myrdjc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b460bac.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\nbbffbjg.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b360b95.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ndqgermi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b450b97.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\nkwqgjbf.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b4b0b9e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ntbtjjly.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48a48698.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\nuytsa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b4d0ba8.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\nwhfobcn.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3c0baa.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\oacayenc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b370b94.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ocnpxoci.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48d4a7c7.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ofpbyu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b440b99.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ogpmeu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b440b9b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\okhutilk.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3c0b9f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\omwltemm.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b4b0ba1.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\onbblluq.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b360ba2.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\oxfyuo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3a0bac.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ozmmos.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b410baf.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\pddrqxap.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b380b99.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\peadrrcm.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b350b9a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\phojps.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b430b9d.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\pjpheg.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b440b9f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\plgmqdmm.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3b0ba1.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\pliuguxb.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48991ada.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\pwavhc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b350bac.qua'!

AngelWest · 10-12-2009, 11:37 PM

And part 2:
C:\Qoobox\Quarantine\C\WINDOWS\system32\pwfuskkx.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '489c2ac5.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\qbsbaxgv.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b470b97.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\qdrhcx.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b460b99.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\qekmexko.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3f0b9a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\qfetquaq.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b390b9b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\qijxrhpi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3e0b9e.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\qlukzc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b490ba2.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\qnpzvk.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b440ba4.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\qnxsxh.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b4c0ba4.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\qokhatsj.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3f0ba5.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\qotnvdcm.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b480ba5.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\qtjtsbnl.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3e0baa.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\qvlivqak.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b400bac.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\qxscbwdd.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b470baf.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\rasbdlai.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b470b98.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\rkkrkaey.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3f0ba2.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\rndqis.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b380ba5.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\rnikwk.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3d0ba6.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\rthyzr.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3c0bac.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\saspgn.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b470b99.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\siayprog.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b350ba1.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\skuqdluh.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b490ba3.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\spsatpgc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b470ba8.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\sviyhs.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3d0bae.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tcbmun.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b360b9b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tjnqbo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b420ba2.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ttenaons.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b390bac.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\twetncfl.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b390baf.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ucevuc.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48feb714.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ugnqqrfd.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b420b9f.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\uiolep.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '488f4b32.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ulcpxq.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b370ba4.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\uxgsds.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3b0bb1.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\vbiymb.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f25294.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\vkgsohfm.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3b0ba4.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\vlcwzw.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b370ba5.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\vrvsgw.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b4a0bab.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\vzfrvx.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3a0bb3.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\waltastu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b400b9a.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wanqepal.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b420b9b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\waxgyduu.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b4c0b9b.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wmdreh.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b380ba7.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wogirubi.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3b0ba9.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wvlptdsj.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b400bb0.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\wxkefwjl.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3f0bb3.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\xecjqn.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b370ba0.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\xihspxyo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3c0ba4.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\xinnyudl.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b420ba4.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\xjvpuyjv.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b4a0ba5.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\xljcbg.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48e1dde0.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\xtdkoq.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b380baf.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\xtdost.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48d9ee68.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\xtkdwmoh.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3f0baf.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yaYWuvtj.dll.vir
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '4b2d0b9c.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yozhjr.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b4e0baa.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\yrcwpjwr.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b370bad.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\ysurmwpa.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b490bae.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\zizesabo.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b4e0ba4.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\zmiamx.dll.vir
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b3d0ba8.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\_yaywuvTJ_.dll.zip
[NOTE] The file was moved to '4b350bb4.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192246.exe
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[NOTE] The file was moved to '4b050b6c.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192247.exe
[DETECTION] Is the TR/Inject.ozp Trojan
[NOTE] The file was moved to '4a6ef5d5.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192249.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48ee208d.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192251.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48e938c5.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192253.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48e8301d.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192254.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48eb4855.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192255.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b6d.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192256.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f55f46.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192257.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f457ce.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192258.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b6e.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192259.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f6675f.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192261.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f17897.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192262.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f070af.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192263.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f388e7.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192264.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f2803f.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192266.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48fd9877.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192269.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48fc918f.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192270.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48ffa9c7.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192271.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48fea11f.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192272.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48f9b957.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192274.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b6f.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192275.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48fbcab8.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192276.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '48fac2e0.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192277.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c590b80.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192278.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c5803c8.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192279.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c5b1bf0.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192281.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b70.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192282.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c652b61.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192283.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c642ca9.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192286.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c6724d1.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192287.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b71.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192288.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c613442.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192290.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c604d8a.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192291.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c6345b2.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192293.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c625dfa.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192294.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c6d5522.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192296.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c6c6d6a.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192297.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c6f6692.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192298.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c6e7eda.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192299.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c697602.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192300.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c688e4a.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192301.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c6b8672.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192302.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c6a9fba.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192303.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b72.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192305.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c74af2b.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192307.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c77a753.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192308.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c76b89b.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192415.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c71b0c3.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192416.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c70c80b.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192417.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c73c033.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192418.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c72d87b.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192419.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b73.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192420.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c7ce9ec.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192421.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c7fe114.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192423.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b74.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192424.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c79f1d5.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192425.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c7b086d.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192426.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c7a00e5.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192428.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c851f7d.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192429.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c8417f5.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192430.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c872f3d.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192431.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c862765.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192432.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c8138ad.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192433.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c8030d5.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192434.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b75.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192436.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c824046.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192437.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c8d598e.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192438.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c8c51b6.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192439.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c8f69fe.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192441.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c8e6126.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192445.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c89796e.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192446.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c887296.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192447.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b76.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192448.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c8a8207.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192449.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c959a4f.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192450.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c949277.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192452.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c97abbf.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192453.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c96a3e7.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192454.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b77.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192455.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c90b358.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192456.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c93b490.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192458.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c92ccc8.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192459.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c9dc400.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192461.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c9cdc38.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192463.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c9fd470.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192464.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c9eeda8.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192465.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b78.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192467.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c98fd19.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192468.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4c9bf5a1.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192469.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ca50c29.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192470.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ca404b1.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192471.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ca71ce9.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192474.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b79.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192475.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ca12c5a.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192476.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ca02592.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192477.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ca33dca.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192479.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b7a.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192480.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cad4d3b.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192482.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cac4573.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192483.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4caf5eab.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192484.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cae56e3.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192485.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b7b.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192486.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ca86654.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192487.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cab7f8c.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192488.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4caa77c4.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192490.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cb58ffc.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192491.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cb48734.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192492.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cb79f6c.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192493.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cb690a4.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192494.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cb1a8dc.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192495.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cb0a014.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192496.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cb3b84c.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192497.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cb2b184.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192498.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cbdc9bc.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192499.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cbcc1f4.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192500.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cbfd92c.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192502.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cbed164.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192503.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cb9ea9c.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192504.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b7c.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192506.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cbbfa0d.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192507.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cbaf245.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192508.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cc40a7d.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192510.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cc70205.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192512.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cc61a8d.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192513.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b7d.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192514.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cc0299e.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192515.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cc32026.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192516.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cc2385e.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192517.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b7e.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192518.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ccc49cf.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192519.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ccf4107.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192521.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cce593f.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192522.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cc95177.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192523.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cc86aaf.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192524.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ccb62e7.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192526.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cca7a1f.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192527.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cd57257.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192528.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cd48b8f.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192529.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b7f.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192530.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cd69b00.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192532.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cd193c8.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192533.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cd0ab90.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192534.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cd3ac58.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192535.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cd2a420.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192536.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cddbce8.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192537.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cdcb4b0.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192538.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cdfcd78.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192540.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cdec540.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192541.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b80.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192542.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cd8d5d1.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192543.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cdbed99.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192544.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cdae661.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192546.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ce5fe29.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192547.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b81.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192549.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ce60eba.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192550.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ce10632.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192552.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ce01daa.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192553.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ce31522.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192554.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ce22dea.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192556.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ced25b2.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192557.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cec3e7a.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192558.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cef3642.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192559.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b82.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192560.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ce946d3.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192561.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ce85e9b.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192562.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4ceb5763.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192563.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cea6f2b.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192564.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cf567f3.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192567.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cf47fbb.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192568.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cf77783.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192569.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cf6884b.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192570.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b83.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192571.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cf098dc.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192572.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cf390a4.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192573.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cf2a96c.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1123\A0192574.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cfda134.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1126\A0193339.dll
[DETECTION] Is the TR/Dldr.Agent.bkaf Trojan
[NOTE] The file was moved to '4cfcb9fc.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1126\A0193364.dll
[DETECTION] Is the TR/Vundo.ggf.3 Trojan
[NOTE] The file was moved to '4a62d41c.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1126\A0193365.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cffb1c4.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1127\A0193856.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cf9c254.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195966.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4b050b84.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195969.exe
[DETECTION] Is the TR/Inject.ozp Trojan
[NOTE] The file was moved to '4cfbd2e5.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195971.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4cfaeaad.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195974.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4305e375.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195975.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4304fb3d.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195976.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4307f305.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195977.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '43010bcd.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195978.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '43000395.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195979.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '43031b0d.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195981.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '430213d5.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195982.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '430d2b9d.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195983.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b85.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195985.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '430f242e.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195989.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '430e3cf6.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195990.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '430934be.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195991.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b86.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195992.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '430b454f.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195994.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '430a5d17.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195995.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '431555df.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195996.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '43146da7.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195997.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4317666f.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195998.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '43167e37.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0195999.dll
[DETECTION] Is the TR/Vundo.ggm.2 Trojan
[NOTE] The file was moved to '4b050b87.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196000.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '43108ec8.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196001.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '43138680.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196002.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '43129f58.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196003.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '431d9710.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196004.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '431cafe8.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196007.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '431fa7a0.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196008.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '431eb878.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196010.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4319b030.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196012.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4318c808.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196014.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '431bc0c0.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196015.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '431ad898.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196016.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4325d150.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196017.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4324e928.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196018.dll
[DETECTION] Is the TR/BHO.9216 Trojan
[NOTE] The file was moved to '4327e1e0.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196019.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b88.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196020.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4321f271.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196022.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '43230a49.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196024.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '43220201.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196025.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '432d1ad9.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196026.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '432c1241.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196027.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '432f29c9.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196028.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '432e2131.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196029.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b89.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196030.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44949032.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196032.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4497a80a.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196033.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4496a0c2.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196035.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4491b89a.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196036.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4490b152.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196037.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4493c92a.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196038.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4492c1e2.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196039.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b8a.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196041.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '449cd273.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196042.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '449fea4b.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196043.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '449ee203.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196045.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4499fadb.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196049.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4498f293.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196050.dll
[DETECTION] Is the TR/Proxy.Agent.bpi Trojan
[NOTE] The file was moved to '449a0b6b.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196051.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44a50323.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196052.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44a41bfb.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196053.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b8b.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196054.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44a62b8c.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196056.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44a12c44.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196057.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44a0241c.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196058.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44a33cd4.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196059.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44a234ac.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196060.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b8c.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196062.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44ac453d.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196063.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44af5df5.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196065.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44ae55cd.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196067.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44a96d85.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196068.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44a8665d.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196069.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44ab7e15.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196071.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44aa759d.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196072.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44b58e55.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196073.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44b4862d.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196074.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b8d.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196075.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44b696be.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196078.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44b1af76.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196079.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44b0a74e.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196080.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44b3bf06.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196081.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44b2b7de.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196083.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44bdcf96.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196084.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44bcc06e.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196086.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44bfd826.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196087.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44bed0fe.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196088.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44b9e8b6.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196089.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b8e.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196090.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44c569ef.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196091.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44c46157.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196093.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44c778df.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196094.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44c67047.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196095.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44c18fcf.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196096.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b8f.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196097.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44c39ea0.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196098.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44c29768.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196099.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44cdaf50.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196100.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44cca718.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196101.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44cfbfc0.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196102.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44ceb788.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196103.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44c9c870.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196104.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44c8c038.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196106.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44cbd8e0.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196107.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44cad0a8.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196109.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44d5e890.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196110.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44d4e158.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196111.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44d7f900.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196112.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44d6f1c8.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196114.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b90.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196116.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44d30279.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196117.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44d21a21.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196118.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44dd12e9.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196119.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44dc2ad1.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196120.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44df2299.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196123.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44de3b41.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196125.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44d93309.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196126.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44d84bf1.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196128.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44db43b9.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196129.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44da4461.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196130.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b91.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196131.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44e46ba2.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196133.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44e7633a.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196134.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44e67ab2.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196135.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44e1720a.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196136.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44e08982.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196137.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44e3811a.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196139.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44e299c2.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196140.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b92.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196141.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44ecaa73.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196142.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44efa23b.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196144.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44eebae3.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196145.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44e9b2ab.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196147.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44e8ca93.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196149.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44ebc35b.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196150.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44eadb03.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196152.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44f5d3cb.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196153.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44f4ebb3.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196154.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44f7ec7b.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196155.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44f6e423.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196156.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '4b050b93.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196157.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44f0f4d4.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196158.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44f20c9c.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196161.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44fd0544.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196162.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44fc1d0c.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196163.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44ff15f4.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196164.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44fe2dbc.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196165.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '44f92664.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196172.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '44f83e2c.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196173.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '44fb3614.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196268.dll
[DETECTION] Is the TR/Dldr.Agent.bkaf Trojan
[NOTE] The file was moved to '44fa4edc.qua'!
C:\System Volume Information\_restore{D485DE36-662D-4FD9-A830-756723FBF38F}\RP1129\A0196274.dll
[DETECTION] Is the TR/Trash.Gen Trojan
[NOTE] The file was moved to '5b054684.qua'!

End of the scan: martes, 13 de octubre de 2009 01:08
Used time: 1:11:25 Hour(s)

The scan has been done completely.

4515 Scanned directories
158887 Files were scanned
495 Viruses and/or unwanted programs were found
1 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
495 Files were moved to quarantine
0 Files were renamed
1 Files cannot be scanned
158390 Files not concerned
1018 Archives were scanned
1 Warnings
496 Notes
44139 Objects were scanned with rootkit scan
0 Hidden objects were found

**chemist** · 10-13-2009, 06:00 AM

Hello again, AngelWest. Thanks for submitting the file. You can empty Avira's quarantine.

Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions.

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding.
Ensure that there aren't any opened browsers when you are carrying out the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

------------------------------------------------------

Close any open browsers.

Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix.

Open Notepad and copy/paste all the text in the codebox below into Notepad:

Code:

http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/417648-virus-spyware-help.html#post2388160

Collect::
c:\windows\system32\fovatfob.dll
c:\windows\system32\mlgtiuqp.dll
c:\windows\system32\uqhlnk.dll

Save this Notepad file as CFScript.txt to your Desktop and then close the file.

Referring to the picture above, drag CFScript onto ComboFix

If you are prompted to update ComboFix and have an internet connection, please choose Yes

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply.

------------------------------------------------------

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.

If you do not get a message box, please do the following:

There should be a file named [4]-Submit_date@time.zip with today's date, located here:

C:\QooBox\Quarantine\[4]-Submit_date@time.zip

Using the 'Browse' button, please submit it to this site ==> http://www.bleepingcomputer.com/subm....php?channel=4

Please let me know if you successfully submitted the file. Thanks.

------------------------------------------------------

09-29-2009, 02:38 PM	#2 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,665 OS: XP SP3	Re: Virus/Spyware help Hello and Welcome to TSF. Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription. Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. ------------------------------------------------------ One or more of the identified infections is a backdoor trojan. This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Please read this: How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud? ------------------------------------------------------ Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Please stay with me until given the 'all clear' even if symptoms seemingly abate. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper. ------------------------------------------------------ Please visit this webpage for download links, and instructions for running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix * Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix. Get help here Please post the C:\ComboFix.txt in your next reply for further review. ------------------------------------------------------ __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE

09-29-2009, 07:08 PM	#4 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,665 OS: XP SP3	Re: Virus/Spyware help Hello AngelWest. No need to attach logs going forward. Just copy/paste them directly into the Reply to Thread window. Thanks. Please go to: VirusTotal On the page you'll find a Browse button. Next to the Browse button you'll see a box to enter text. Please copy/paste the following bolded text into the box: c:\windows\system32\calc.dll Then click the Send File button just below. This will scan the file. Please be patient. If you get a message saying File has already been analysed: click Reanalyse file now Once scanned, copy and paste the results in your next reply. ------------------------------------------------------ __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE

09-29-2009, 07:45 PM	#5 (permalink)
AngelWest Registered User Join Date: Sep 2009 Posts: 36 OS: Windows XP	Re: Virus/Spyware help Thanks! Here are the results: File calc.dll_ received on 2009.09.30 01:31:13 (UTC) Current status: finished Result: 12/40 (30.00%) Antivirus Version Last Update Result AhnLab-V3 5.0.0.2 2009.09.29 - AntiVir 7.9.1.27 2009.09.29 HEUR/Crypted Antiy-AVL 2.0.3.7 2009.09.29 - Authentium 5.1.2.4 2009.09.30 - Avast 4.8.1351.0 2009.09.29 - AVG 8.5.0.412 2009.09.29 - BitDefender 7.2 2009.09.30 Trojan.Generic.2464968 CAT-QuickHeal 10.00 2009.09.29 Trojan.Scar.xvw ClamAV 0.94.1 2009.09.29 - Comodo 2469 2009.09.29 - DrWeb 5.0.0.12182 2009.09.30 - eSafe 7.0.17.0 2009.09.29 - eTrust-Vet 31.6.6768 2009.09.29 - F-Prot 4.5.1.85 2009.09.30 - F-Secure 8.0.14470.0 2009.09.30 - Fortinet 3.120.0.0 2009.09.29 - GData 19 2009.09.30 Trojan.Generic.2464968 Ikarus T3.1.1.72.0 2009.09.30 Trojan.Win32.Opachki Jiangmin 11.0.800 2009.09.27 - K7AntiVirus 7.10.856 2009.09.29 - Kaspersky 7.0.0.125 2009.09.30 - McAfee 5756 2009.09.29 - McAfee+Artemis 5756 2009.09.29 Artemis!08FA9FED6ABA McAfee-GW-Edition 6.8.5 2009.09.29 Heuristic.LooksLike.Trojan.Scar.H Microsoft 1.5005 2009.09.23 Trojan:Win32/Opachki.A NOD32 4468 2009.09.29 - Norman 6.01.09 2009.09.29 W32/Malware.IULI nProtect 2009.1.8.0 2009.09.29 - Panda 10.0.2.2 2009.09.29 Generic Trojan PCTools 4.4.2.0 2009.09.29 - Prevx 3.0 2009.09.30 Medium Risk Malware Rising 21.49.14.00 2009.09.29 - Sophos 4.45.0 2009.09.30 Mal/Generic-A Sunbelt 3.2.1858.2 2009.09.30 - Symantec 1.4.4.12 2009.09.30 - TheHacker 6.5.0.2.022 2009.09.30 - TrendMicro 8.500.0.1002 2009.09.29 - VBA32 3.12.10.11 2009.09.29 - ViRobot 2009.9.29.1963 2009.09.29 - VirusBuster 4.6.5.0 2009.09.29 - Additional information File size: 22528 bytes MD5 : 08fa9fed6aba5e3254dad2560505c217 SHA1 : b833144e448a4469c7d5ea9c451d6500acb50407 SHA256: ae68e7bcc45a5f51076a0d34609b3dbf715daf6467538adc23ddb579471b76be PEInfo: PE Structure information ( base data ) entrypointaddress.: 0x395B timedatestamp.....: 0x4AB7348A (Mon Sep 21 10:08:42 2009) machinetype.......: 0x14C (Intel I386) ( 5 sections ) name viradd virsiz rawdsiz ntrpy md5 .text 0x1000 0x3193 0x3200 6.38 eb34bd679b4997d8a233ec8637fc8b63 .rdata 0x5000 0x14DA 0x1600 6.73 7a2725fcaacaebeab513dd10d136fdfd .data 0x7000 0x3E8 0x200 2.63 83c6ec78152a7c92b937dd2dfba401dc .rsrc 0x8000 0x370 0x400 2.81 f972f860ad169139e5f0c61170100c8f .reloc 0x9000 0x5BC 0x600 6.16 bca24977ce415a14dc727b1965bdafaf ( 6 imports ) > advapi32.dll: RegCloseKey, RegCreateKeyExA, RegSetValueExA > kernel32.dll: GetProcAddress, MultiByteToWideChar, GetFileAttributesA, GetCurrentProcessId, CreateFileA, ExpandEnvironmentStringsA, CreateThread, LoadLibraryA, GetModuleHandleA, GetShortPathNameA, VirtualAllocEx, Sleep, GetSystemTime, CloseHandle, ReadFile, GetFileSize, WriteFile, SetFilePointer, GetTempFileNameA, GetTickCount, GetTempPathA, ReadProcessMemory, VirtualFreeEx, GetModuleFileNameA, WriteProcessMemory > msvcrt.dll: free, _adjust_fdiv, _initterm, _onexit, __dllonexit, __1type_info@@UAE@XZ, fopen, fwrite, fclose, memset, strcpy, wcscmp, strcmp, strstr, malloc, memmove, realloc, strlen, __2@YAPAXI@Z, __3@YAXPAX@Z > ole32.dll: CoInitialize, CoCreateInstance > shell32.dll: SHGetSpecialFolderLocation, SHGetMalloc, SHGetPathFromIDListA > user32.dll: CallNextHookEx, DispatchMessageA, MessageBoxA, TranslateMessage, GetMessageA, SetWindowsHookExA ( 1 exports ) > _CreateDva@@YGHXZ, _GetImagesFrom@@YGHPAXH@Z, _GetModuleMemopry@@YGHXZ, _LoadFileFrom@@YGHXZ, _LoadIcons@@YGHPAXH@Z, _IWMPEvents@0 TrID : File type identification Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) ssdeep: 384:lxnXzHJ5SciWmW3tS3UT2iXOOO/M1W6Vy97VFw4FI9BQD8WQQWSYLc:3nXiWmWh2iXRbWzTFOQDGAYLc Prevx Info: http://thefeedonline.com/?do=rphp&su...D6E4005E223241 PEiD : - packers (F-Prot): embedded RDS : NSRL Reference Data Set -

09-29-2009, 07:52 PM	#6 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,665 OS: XP SP3	Re: Virus/Spyware help Hello again, AngelWest. What are your plans for an antivirus? I could recommend a good, free one that is light on system resources. Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ------------------------------------------------------ Please uninstall the following via Start->(or My Computer)->Control Panel->Add or Remove Programs if it still exists: Viewpoint Media Player<<This is considered foistware instead of malware since it is installed without users approval, but doesn't spy or do anything "bad". Please read here and here ------------------------------------------------------ Close any open browsers. Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix. Open Notepad and copy/paste all the text in the codebox below into Notepad: Code: http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/417648-virus-spyware-help.html#post2367343 Collect:: c:\windows\system32\calc.dll c:\windows\system32\fcnvkw.dll c:\windows\system32\lirpqp.dll c:\windows\system32\tpffisrs.dll c:\windows\system32\yldggl.dll c:\windows\system32\yspiyvyg.dll c:\windows\system32\zgnmtv.dll c:\windows\system32\gizokoro.exe c:\documents and settings\Owner\Start Menu\Programs\Startup\scandisk.dll File:: c:\documents and settings\Owner\Start Menu\Programs\Startup\scandisk.lnk Folder:: c:\documents and settings\Owner\.housecall6(2).6\quarantine c:\documents and settings\Owner\Local Settings\Application Data\{B5666BB1-0475-47EF-BE4A-7169C9AA9183} Registry:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"=dword:00000001 DirLook:: c:\program files\cggjqi Save this Notepad file as CFScript.txt to your Desktop and then close the file. Referring to the picture above, drag CFScript onto ComboFix If you are prompted to update ComboFix and have an internet connection, please choose Yes Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply. ------------------------------------------------------ Note When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box. If you do not get a message box, please do the following: There should be a file named [4]-Submit_date@time.zip with today's date, located here: C:\QooBox\Quarantine\[4]-Submit_date@time.zip Using the 'Browse' button, please submit it to this site ==> http://www.bleepingcomputer.com/subm....php?channel=4 Please let me know if you successfully submitted the file. Thanks. ------------------------------------------------------ __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE

09-29-2009, 08:53 PM	#7 (permalink)
AngelWest Registered User Join Date: Sep 2009 Posts: 36 OS: Windows XP	Re: Virus/Spyware help Please do recommend an antivirus! I was able to submit the file after running CF. Here's the latest log: ComboFix 09-09-28.01 - Owner 29/09/2009 22:15.3.1 - NTFSx86 Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt FILE :: "c:\documents and settings\Owner\Start Menu\Programs\Startup\scandisk.lnk" file zipped: c:\documents and settings\Owner\Start Menu\Programs\Startup\scandisk.dll file zipped: c:\windows\system32\calc.dll file zipped: c:\windows\system32\fcnvkw.dll file zipped: c:\windows\system32\gizokoro.exe file zipped: c:\windows\system32\lirpqp.dll file zipped: c:\windows\system32\tpffisrs.dll file zipped: c:\windows\system32\yldggl.dll file zipped: c:\windows\system32\yspiyvyg.dll file zipped: c:\windows\system32\zgnmtv.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner\.housecall6(2).6\quarantine c:\documents and settings\Owner\Local Settings\Application Data\{B5666BB1-0475-47EF-BE4A-7169C9AA9183} c:\documents and settings\Owner\Local Settings\Application Data\{B5666BB1-0475-47EF-BE4A-7169C9AA9183}\chrome.manifest c:\documents and settings\Owner\Local Settings\Application Data\{B5666BB1-0475-47EF-BE4A-7169C9AA9183}\chrome\content\_cfg.js c:\documents and settings\Owner\Local Settings\Application Data\{B5666BB1-0475-47EF-BE4A-7169C9AA9183}\chrome\content\c.js c:\documents and settings\Owner\Local Settings\Application Data\{B5666BB1-0475-47EF-BE4A-7169C9AA9183}\chrome\content\overlay.xul c:\documents and settings\Owner\Local Settings\Application Data\{B5666BB1-0475-47EF-BE4A-7169C9AA9183}\install.rdf c:\documents and settings\Owner\protect.dll c:\documents and settings\Owner\Start Menu\Programs\Startup\scandisk.dll c:\documents and settings\Owner\Start Menu\Programs\Startup\scandisk.lnk c:\windows\system32\calc.dll c:\windows\system32\fcnvkw.dll c:\windows\system32\gizokoro.exe c:\windows\system32\lirpqp.dll c:\windows\system32\tpffisrs.dll c:\windows\system32\yldggl.dll c:\windows\system32\yspiyvyg.dll c:\windows\system32\zgnmtv.dll . ((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-30 ))))))))))))))))))))))))))))))) . 2009-09-28 01:41 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll 2009-09-27 00:24 . 2009-09-27 00:24 -------- d-----w- c:\windows\system32\wbem\Repository 2009-09-27 00:23 . 2009-09-27 00:23 -------- d-----w- c:\program files\Veoh Networks 2009-09-27 00:20 . 2009-09-27 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-09-26 20:28 . 2009-09-27 00:11 -------- d-----w- c:\documents and settings\Owner\.housecall6(2).6 2009-09-26 18:47 . 2009-09-27 00:12 -------- d-----w- c:\program files\Trend Micro 2009-09-26 15:34 . 2009-09-27 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-25 16:34 . 2009-09-25 16:34 -------- d-----w- c:\program files\Java 2009-09-25 03:19 . 2009-09-27 14:35 -------- d-----w- c:\program files\Windows Live Safety Center 2009-09-25 01:02 . 2009-09-26 01:11 -------- d-----w- c:\windows\system32\drivers\Avg(2) 2009-09-24 17:54 . 2009-09-24 17:54 -------- d-----w- c:\windows\McAfee.com 2009-09-24 17:26 . 2009-09-24 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2009-09-10 14:15 . 2009-09-27 14:40 -------- d-----w- c:\program files\cggjqi . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-30 01:58 . 2004-08-30 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-09-27 00:12 . 2004-08-10 16:23 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-25 07:54 . 2009-01-14 05:36 129024 ----a-w- c:\windows\system32\fevmlqyh.dll 2009-09-25 07:53 . 2009-02-05 00:46 129024 ----a-w- c:\windows\system32\lqkkrjvi.dll 2009-09-25 07:52 . 2009-01-12 05:30 129024 ----a-w- c:\windows\system32\uaodvaex.dll 2009-09-24 20:17 . 2007-04-14 08:05 -------- d-----w- c:\program files\DivX 2006-10-11 08:04 . 2008-03-04 21:17 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2006-10-11 08:04 . 2008-03-04 21:17 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2006-10-11 08:05 . 2008-03-04 21:17 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2006-10-11 08:05 . 2008-03-04 21:17 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2006-10-11 08:04 . 2008-03-04 21:17 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\program files\cggjqiSave this Notepad file as CFScript.txt to your Desktop and then close the file. ---- ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 3587120] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-08-30 98304] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 S3 TNET1130x;Wireless-G Notebook Adapter v.2.0;c:\windows\system32\DRIVERS\tnet1130x.sys [2004-03-10 385536] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.hotmail.com/ IE: &AOL Toolbar search Trusted Zone: hotmail.com\www Trusted Zone: hulu.com\www Trusted Zone: live.com\co106w.col106.mail Trusted Zone: live.com\login Trusted Zone: live.com\mail Trusted Zone: live.com\onecare Trusted Zone: megavideo.com\www Trusted Zone: sidereel.com\www Trusted Zone: techsupportforum.com\www Trusted Zone: yahoo.com\music FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\11mxpkaw.default\ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll . - - - - ORPHANS REMOVED - - - - HKCU-Run-calc - c:\docume~1\Owner\protect.dll HKLM-Run-calc - c:\windows\system32\calc.dll ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-29 22:31 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(948) c:\program files\Funk Software\Odyssey Client\odLogin.dll - - - - - - - > 'explorer.exe'(2820) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\wscntfy.exe c:\program files\Linksys\Wireless-G Notebook Adapter\WPC54Cfg.exe . ************************************************************************ . Completion time: 2009-09-30 22:44 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-30 02:43 ComboFix2.txt 2009-09-30 00:25 ComboFix3.txt 2009-09-29 23:21 Pre-Run: 7.147.778.048 bytes free Post-Run: 7.175.733.248 bytes free 174 --- E O F --- 2008-12-19 15:40

09-29-2009, 09:03 PM	#8 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,665 OS: XP SP3	Re: Virus/Spyware help Any particular reason why you aren't updating Windows? __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE

09-29-2009, 09:36 PM	#9 (permalink)
AngelWest Registered User Join Date: Sep 2009 Posts: 36 OS: Windows XP	Re: Virus/Spyware help I did forget to mention in my initial post that the infections were preventing me from connecting to Windows Update. It looks like that shouldn't be a problem now. Are there any particular updates I should look for?

09-30-2009, 05:22 AM	#10 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,665 OS: XP SP3	Re: Virus/Spyware help Hello again, AngelWest. Thanks for submitting the file. Please tell us how your system is behaving. Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ------------------------------------------------------ Hold off on Windows Updates for now. I will suggest an antivirus after the online scan. ------------------------------------------------------ Please tell me what you know about this folder, if anything: c:\program files\cggjqi ------------------------------------------------------ Open Notepad and copy/paste the entire contents of the codebox below into Notepad: Code: dir /a /s "c:\program files\cggjqi" > log.txt notepad log.txt del peek.bat Save this as peek.bat and choose to Save as type: - All Files then close the Notepad file. It should look like this: Double-click on peek.bat and allow it to run. A Notepad file will open. Post the contents of that file in your next reply. ------------------------------------------------------ Close any open browsers. Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix. Open Notepad and copy/paste all the text in the codebox below into Notepad: Code: http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/417648-virus-spyware-help.html#post2367522 File:: c:\windows\system32\fevmlqyh.dll c:\windows\system32\lqkkrjvi.dll c:\windows\system32\uaodvaex.dll Save this Notepad file as CFScript.txt to your Desktop and then close the file. Referring to the picture above, drag CFScript onto ComboFix If you are prompted to update ComboFix, please choose Yes Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply. ------------------------------------------------------ Note When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box. If you do not get a message box, please do the following: There should be a file named [4]-Submit_date@time.zip with today's date, located here: C:\QooBox\Quarantine\[4]-Submit_date@time.zip Using the 'Browse' button, please submit it to this site ==> http://www.bleepingcomputer.com/subm....php?channel=4 Please let me know if you successfully submitted the file. Thanks. ------------------------------------------------------ We need to install Java on your machine in order to run an online scan with Kaspersky. Download the latest version of Java Runtime Environment (JRE) 6 and Save it to your Desktop. Scroll down to where it says Java Runtime Environment (JRE) 6 Update 16 The Java SE Runtime Environment (JRE) allows end-users to run Java applications. Click the Download button to the right. Select the Windows platform from the dropdown menu. Read the License Agreement and then check the box that says: I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement Click Continue Click on the link to download Windows Offline Installation and Save the file to your Desktop. Close any programs you may have running - especially your web browser. Then from your desktop double-click on jre-6u16-windows-i586-p.exe to install the newest version. After the install is complete, go back to your Control Panel(using Classic View) and click the Java icon. (looks like a coffee cup) On the General tab, under Temporary Internet Files, click the Settings button. Next, click on the Delete Files button. There are two options in the window to clear the cache - Leave BOTH Checked Applications and Applets Trace and Log Files Click OK on Delete Temporary Files Window. Note: This deletes ALL the Downloaded Applications and Applets from the CACHE Click OK to leave the Temporary Files Window. Click OK to leave the Java Control Panel. Delete jre-6u16-windows-i586-p.exe from your desktop. ------------------------------------------------------ Please download ATF-Cleaner by Atribune and Save it to your Desktop. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. If you use Firefox browser Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt. Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu. ------------------------------------------------------ Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan. Establish an internet connection & perform an online scan at Kaspersky Online Scanner Click Accept, when prompted to download and install the program files and database of malware definitions. Click Run at any Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take several minutes. Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View scan report at the bottom. Click the Save Report As... button. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply. Note To optimize scanning time and produce a more sensible report for review: Close any open programs. Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan. Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%. ------------------------------------------------------ Please post the following in your next reply: ComboFix.txt Kaspersky report report on system behavior __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE

10-02-2009, 05:36 AM	#12 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,665 OS: XP SP3	Re: Virus/Spyware help Hello again, AngelWest. Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ------------------------------------------------------ Close any open browsers. Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix. Open Notepad and copy/paste all the text in the codebox below into Notepad: Code: http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/417648-virus-spyware-help.html#post2370544 Collect:: c:\windows\system32\fevmlqyh.dll c:\windows\system32\lqkkrjvi.dll c:\windows\system32\uaodvaex.dll Folder:: c:\windows\system32\drivers\Avg(2) c:\windows\McAfee.com c:\documents and settings\All Users\Application Data\McAfee c:\program files\cggjqi Save this Notepad file as CFScript.txt to your Desktop and then close the file. Referring to the picture above, drag CFScript onto ComboFix If you are prompted to update ComboFix, please choose Yes Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply. ------------------------------------------------------ Note When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box. If you do not get a message box, please do the following: There should be a file named [4]-Submit_date@time.zip with today's date, located here: C:\QooBox\Quarantine\[4]-Submit_date@time.zip Using the 'Browse' button, please submit it to this site ==> http://www.bleepingcomputer.com/subm....php?channel=4 Please let me know if you successfully submitted the file. Thanks. ------------------------------------------------------ Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan. Go here to run an online scannner from ESET and Save the file to your Desktop. If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'. Turn off the real-time scanner of any existing antivirus program while performing the online scan. Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the ActiveX control to install. Click Start Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked. Click on Advanced Settings and ensure these options are ticked: Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology Next to 'Current scan targets: Operating memory, Local drives, click the Change.. button. Tick all the boxes that correspond to your external/inserted drives. Click Scan Wait for the scan to finish. Use Notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Copy/paste that log as a reply to this topic and also let me know how things are now. ------------------------------------------------------ If you have trouble with your computer blocking the ActiveX, go here and temporarily turn the feature off: http://www.windowsreference.com/inte...the-publisher/ Remember to turn it back on after the scan! ------------------------------------------------------- Please post the following in your next reply: ComboFix.txt ESET report __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE

10-06-2009, 03:49 PM	#13 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,665 OS: XP SP3	Re: Virus/Spyware help Still with us, AngelWest? __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE

10-11-2009, 01:38 PM	#14 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,665 OS: XP SP3	Re: Virus/Spyware help Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here: IMPORTANT - Read This Before Posting For Malware Removal Help ------------------------------------------------------ __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE

10-12-2009, 11:33 PM	#17 (permalink)
AngelWest Registered User Join Date: Sep 2009 Posts: 36 OS: Windows XP	Re: Virus/Spyware help Thanks for your patience! I was able to get ComboFix back on the Desktop and run ComboFix (a file was submitted at the end) and Avira. That said, my computer tells me the Avira report is saved to my desktop but doesn't let me access it when I use the browse option for uploading it to the post nor does it physically show up on my desktop. Due to its size, I'll have to put it in a second reply. Here's the ComboFix log: ComboFix 09-10-12.02 - Owner 12/10/2009 22:41.6.1 - NTFSx86 Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt file zipped: c:\windows\system32\fhbefois.dll file zipped: c:\windows\system32\mblift.dll file zipped: c:\windows\system32\ulyyvfqc.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\fhbefois.dll c:\windows\system32\mblift.dll c:\windows\system32\ulyyvfqc.dll . ((((((((((((((((((((((((( Files Created from 2009-09-13 to 2009-10-13 ))))))))))))))))))))))))))))))) . 2009-10-12 01:41 . 2009-10-12 01:41 -------- d-----w- c:\program files\ESET 2009-10-11 21:13 . 2009-10-11 21:13 -------- d-----w- c:\windows\system32\wbem\Repository 2009-10-01 00:45 . 2009-10-01 00:45 -------- d-----w- c:\windows\Sun 2009-10-01 00:32 . 2009-10-01 00:31 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-09-30 06:07 . 2005-07-26 04:39 60416 -c----w- c:\windows\system32\dllcache\colbact.dll 2009-09-30 06:07 . 2009-02-09 10:20 399360 -c----w- c:\windows\system32\dllcache\rpcss.dll 2009-09-30 06:07 . 2009-02-09 10:20 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll 2009-09-30 06:07 . 2009-02-09 10:20 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2009-09-30 06:07 . 2009-02-06 17:14 110592 -c----w- c:\windows\system32\dllcache\services.exe 2009-09-30 06:07 . 2009-02-06 16:39 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2009-09-30 06:07 . 2009-02-09 10:20 616960 -c----w- c:\windows\system32\dllcache\advapi32.dll 2009-09-30 06:07 . 2009-02-09 10:20 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll 2009-09-28 01:41 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll 2009-09-27 00:20 . 2009-09-27 00:23 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-09-26 15:34 . 2009-09-27 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-09-25 16:34 . 2009-09-25 16:34 -------- d-----w- c:\program files\Java . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-10-01 01:32 . 2004-08-10 16:23 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-09-30 01:58 . 2004-08-30 18:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint 2009-09-25 07:54 . 2009-02-13 00:55 129024 ----a-w- c:\windows\system32\fovatfob.dll 2009-09-25 07:53 . 2009-01-23 06:07 129024 ----a-w- c:\windows\system32\mlgtiuqp.dll 2009-09-25 07:52 . 2009-01-30 00:37 129024 ----a-w- c:\windows\system32\uqhlnk.dll 2009-08-05 09:11 . 2004-06-28 18:10 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-29 04:53 . 2001-08-18 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll 2009-07-29 04:53 . 2001-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-07-17 18:55 . 2004-06-28 18:11 58880 ----a-w- c:\windows\system32\atl.dll . ((((((((((((((((((((((((((((( SnapShot_2009-09-30_23.45.45 ))))))))))))))))))))))))))))))))))))))))) . + 2001-08-18 12:00 . 2009-06-25 08:44 59392 c:\windows\system32\wdigest.dll - 2007-03-09 06:48 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll + 2007-03-09 06:48 . 2008-07-08 13:02 17272 c:\windows\system32\spmsg.dll + 2004-06-28 18:10 . 2009-06-25 08:44 56320 c:\windows\system32\secur32.dll - 1999-10-17 23:01 . 1999-10-17 23:01 26384 c:\windows\system32\FM20ENU.DLL + 2003-08-18 18:26 . 1999-10-17 23:01 26384 c:\windows\system32\FM20ENU.DLL + 2001-08-18 12:00 . 2009-06-22 11:34 92544 c:\windows\system32\drivers\ksecdd.sys + 2009-06-25 08:44 . 2009-06-25 08:44 59392 c:\windows\system32\dllcache\wdigest.dll + 2009-02-03 20:08 . 2009-06-25 08:44 56320 c:\windows\system32\dllcache\secur32.dll + 2001-08-18 12:00 . 2009-06-22 11:34 92544 c:\windows\system32\dllcache\ksecdd.sys + 2001-08-18 12:00 . 2009-06-25 08:44 168448 c:\windows\system32\schannel.dll + 2008-10-07 20:41 . 2009-10-11 21:14 558824 c:\windows\system32\Restore\rstrlog.dat + 2001-08-18 12:00 . 2009-06-25 08:44 133632 c:\windows\system32\msv1_0.dll + 2001-08-18 12:00 . 2009-06-25 08:44 724480 c:\windows\system32\lsasrv.dll + 2005-06-15 17:50 . 2009-06-25 08:44 298496 c:\windows\system32\kerberos.dll + 2009-10-01 00:32 . 2009-10-01 00:31 149280 c:\windows\system32\javaws.exe + 2009-10-01 00:32 . 2009-10-01 00:31 145184 c:\windows\system32\javaw.exe + 2009-10-01 00:32 . 2009-10-01 00:31 145184 c:\windows\system32\java.exe + 2007-04-25 14:21 . 2009-06-25 08:44 168448 c:\windows\system32\dllcache\schannel.dll + 2009-06-25 08:44 . 2009-06-25 08:44 133632 c:\windows\system32\dllcache\msv1_0.dll + 2006-08-17 12:28 . 2009-06-25 08:44 724480 c:\windows\system32\dllcache\lsasrv.dll + 2009-06-25 08:44 . 2009-06-25 08:44 298496 c:\windows\system32\dllcache\kerberos.dll + 2009-10-01 00:31 . 2009-10-01 00:31 537600 c:\windows\Installer\4fbca7.msi + 2003-09-25 16:07 . 1999-10-17 23:01 1129232 c:\windows\system32\FM20.DLL - 1999-10-17 23:01 . 1999-10-17 23:01 1129232 c:\windows\system32\FM20.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2004-08-30 98304] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-01 149280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360] [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 S3 TNET1130x;Wireless-G Notebook Adapter v.2.0;c:\windows\system32\DRIVERS\tnet1130x.sys [2004-03-10 385536] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.hotmail.com/ IE: &AOL Toolbar search Trusted Zone: hotmail.com\www Trusted Zone: live.com\co106w.col106.mail Trusted Zone: live.com\login Trusted Zone: live.com\mail Trusted Zone: live.com\onecare Trusted Zone: megavideo.com\www Trusted Zone: microsoft.com\update Trusted Zone: microsoft.com\windowsupdate Trusted Zone: mozilla.com\www Trusted Zone: sidereel.com\www Trusted Zone: techsupportforum.com\www Trusted Zone: videostic.com\www FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\11mxpkaw.default\ FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p= . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-12 22:54 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(940) c:\program files\Funk Software\Odyssey Client\odLogin.dll c:\windows\system32\igfxsrvc.dll c:\windows\system32\hccutils.DLL . Completion time: 2009-10-13 23:01 ComboFix-quarantined-files.txt 2009-10-13 03:01 ComboFix2.txt 2009-10-11 22:25 ComboFix3.txt 2009-09-30 23:51 ComboFix4.txt 2009-09-30 02:44 ComboFix5.txt 2009-10-13 02:27 Pre-Run: 5.938.077.696 bytes free Post-Run: 5.909.073.920 bytes free 164 --- E O F --- 2009-10-12 15:04 Upload was successful

10-13-2009, 06:00 AM	#20 (permalink)
chemist Moderator, Analyst, Security Team; Rangemaster, TSF Academy Join Date: Oct 2007 Location: Georgia Posts: 10,665 OS: XP SP3	Re: Virus/Spyware help Hello again, AngelWest. Thanks for submitting the file. You can empty Avira's quarantine. Please copy this page to Notepad and Save it to your Desktop in order to assist you when carrying out the following instructions. Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. ------------------------------------------------------ Close any open browsers. Disable your antivirus and antispyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with ComboFix. Open Notepad and copy/paste all the text in the codebox below into Notepad: Code: http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/417648-virus-spyware-help.html#post2388160 Collect:: c:\windows\system32\fovatfob.dll c:\windows\system32\mlgtiuqp.dll c:\windows\system32\uqhlnk.dll Save this Notepad file as CFScript.txt to your Desktop and then close the file. Referring to the picture above, drag CFScript onto ComboFix If you are prompted to update ComboFix and have an internet connection, please choose Yes Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal. When finished, it shall produce a log for you. Please post that log, ComboFix.txt in your next reply. ------------------------------------------------------ Note When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box. If you do not get a message box, please do the following: There should be a file named [4]-Submit_date@time.zip with today's date, located here: C:\QooBox\Quarantine\[4]-Submit_date@time.zip Using the 'Browse' button, please submit it to this site ==> http://www.bleepingcomputer.com/subm....php?channel=4 Please let me know if you successfully submitted the file. Thanks. ------------------------------------------------------ __________________ Our help is free but please donate Proud member of ASAP Proud member of UNITE