|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
11-17-2005, 02:57 PM
|
#1 (permalink) |
|
Registered User
Join Date: Nov 2005
Posts: 13
OS: Win XP
|
Bogged down with pop-ups & ads
This is a hand-me down computer and it is full of ads and pop-ups. I have completed the 5 steps to do before posting a hijack this log file. Please not that the Sharpdesk is my printer & scanner software. Thank you.
Here is the Hijack this Analyzer file: ========================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 2:56:09 AM, on 11/17/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\system32\dltomkb\qplw.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Sharp\Sharpdesk\SharpTray.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,;192.168.1.* O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\system32\nsx13.dll O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\system32\irasyora.dll O4 - HKLM\..\Run: [IndexTray] "C:\Program Files\Sharp\Sharpdesk\IndexTray.exe" O4 - HKLM\..\Run: [Indexer] "C:\Program Files\Sharp\Sharpdesk\Indexer.exe" O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe" O4 - HKLM\..\Run: [TypeRegChecker] "C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe" O4 - HKLM\..\Run: [FtpServer.exe] "C:\Program Files\Sharp\Sharpdesk\FtpServer.exe" -usedefault O4 - HKLM\..\Run: [lysudaad] C:\WINDOWS\system32\vfsne\lysudaad.exe O4 - HKLM\..\Run: [adbv] C:\WINDOWS\system32\vyndqxc\adbv.exe O4 - HKLM\..\Run: [yfqbwic] C:\WINDOWS\yfqbwic.exe O4 - HKLM\..\Run: [irassync] C:\WINDOWS\system32\irasyncd.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [qplw] C:\WINDOWS\system32\dltomkb\qplw.exe O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\kykkpp.exe reg_run O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe" O4 - HKCU\..\Run: [irassync] C:\WINDOWS\system32\irasyncd.exe O4 - Global Startup: Printer Status Monitor.lnk = C:\Program Files\SHARP\Printer Status Monitor\Smon.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FB0A501F-0F2C-4C44-BD1A-AD375533DBD4}: NameServer = 192.168.1.1 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll O23 - Service: adbvvyndqxc - Unknown owner - C:\WINDOWS\system32\vyndqxc\adbv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: lysudaadvfsne - Unknown owner - C:\WINDOWS\system32\vfsne\lysudaad.exe O23 - Service: qplwdltomkb - Unknown owner - C:\WINDOWS\system32\dltomkb\qplw.exe O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\vvwweij.exe (file missing) End of KRC HijackThis Analyzer Log. ========================================================== |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
11-17-2005, 03:48 PM
|
#2 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP
|
Hi and welcome to TSF.
I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible. You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply. Please be patient with me during this time. |
|
|
|
|
11-18-2005, 11:45 AM
|
#3 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP
|
Thank you for your patience
Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. Viewing Hidden Files Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option. Downloads Ewido Security Suite
If you are having problems with the updater, you can use this link to manually update Ewido When you have finished updating, EXIT Ewido. Running Processes Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (If they still exist)(You must kill them one at a time). C:\WINDOWS\system32\dltomkb\qplw.exe HijackThis! Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\system32\nsx13.dll O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\system32\irasyora.dll O4 - HKLM\..\Run: [lysudaad] C:\WINDOWS\system32\vfsne\lysudaad.exe O4 - HKLM\..\Run: [adbv] C:\WINDOWS\system32\vyndqxc\adbv.exe O4 - HKLM\..\Run: [yfqbwic] C:\WINDOWS\yfqbwic.exe O4 - HKLM\..\Run: [irassync] C:\WINDOWS\system32\irasyncd.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [qplw] C:\WINDOWS\system32\dltomkb\qplw.exe O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe" O4 - HKCU\..\Run: [irassync] C:\WINDOWS\system32\irasyncd.exe O23 - Service: adbvvyndqxc - Unknown owner - C:\WINDOWS\system32\vyndqxc\adbv.exe O23 - Service: lysudaadvfsne - Unknown owner - C:\WINDOWS\system32\vfsne\lysudaad.exe O23 - Service: qplwdltomkb - Unknown owner - C:\WINDOWS\system32\dltomkb\qplw.exe O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\vvwweij.exe (file missing) Please remember to close all other windows, including browsers then click Fix checked. Services Click Start->Run - type SERVICES.MSC & then click on the OK button
Repeat this procedure for these services:
Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears). Add/Remove Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs: Casino Client or CAS <<< If listed File and Folder Deletions Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\WINDOWS\system32\vfsne C:\WINDOWS\system32\vyndqxc C:\WINDOWS\yfqbwic.exe C:\WINDOWS\system32\irasyncd.exe C:\WINDOWS\system32\dltomkb C:\Program Files\CMSystem C:\WINDOWS\vvwweij.exe Tools Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
** This scan may take over an hour, after choosing the action for the first item you do not need to stay at the PC. Online Scans Perform an online scan with Internet Explorer with Panda ActiveScan ** click on "Free use ActiveScan" located on the top right hand corner
*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. *Turn off the real time scanner of any existing antivirus program while performing the online scan In your next post please include:
|
|
|
|
|
11-21-2005, 08:44 AM
|
#4 (permalink) |
|
Registered User
Join Date: Nov 2005
Posts: 13
OS: Win XP
|
Can't kill process
When I do this:
Running Processes Go into Hijack This->Config->Misc. Tools->Open process manager. Select the following and click “Kill process” for each one (If they still exist)(You must kill them one at a time). C:\WINDOWS\system32\dltomkb\qplw.exe I get a message saying The selected process could not be killed. It may have been closed or is protected by Windows. Should I skip that? |
|
|
|
|
11-21-2005, 12:19 PM
|
#5 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP
|
Please fix just these two entries in normal mode:
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe" O4 - HKCU\..\Run: [irassync] C:\WINDOWS\system32\irasyncd.exe Then proceed with the directions regarding services. After rebooting into Safe Mode and checking in Add/Remove (that program may not be listed) Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) O2 - BHO: wb - {55BE9F0D-6CAF-4c3e-B125-5A13A8C9D0EC} - C:\WINDOWS\system32\nsx13.dll O2 - BHO: IRiras Class - {95C60327-8E17-44D6-98EB-7EB70CC606DD} - C:\WINDOWS\system32\irasyora.dll O4 - HKLM\..\Run: [lysudaad] C:\WINDOWS\system32\vfsne\lysudaad.exe O4 - HKLM\..\Run: [adbv] C:\WINDOWS\system32\vyndqxc\adbv.exe O4 - HKLM\..\Run: [yfqbwic] C:\WINDOWS\yfqbwic.exe O4 - HKLM\..\Run: [irassync] C:\WINDOWS\system32\irasyncd.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [qplw] C:\WINDOWS\system32\dltomkb\qplw.exe O23 - Service: adbvvyndqxc - Unknown owner - C:\WINDOWS\system32\vyndqxc\adbv.exe O23 - Service: lysudaadvfsne - Unknown owner - C:\WINDOWS\system32\vfsne\lysudaad.exe O23 - Service: qplwdltomkb - Unknown owner - C:\WINDOWS\system32\dltomkb\qplw.exe O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\vvwweij.exe (file missing) Please remember to close all other windows, including browsers then click Fix checked. Then proceed with the directions as listed. |
|
|
|
|
11-21-2005, 02:28 PM
|
#6 (permalink) |
|
Registered User
Join Date: Nov 2005
Posts: 13
OS: Win XP
|
New Logs
Ewido Log:
--------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 3:54:17 AM, 11/21/2005 + Report-Checksum: 83D975E1 + Scan result: HKLM\SOFTWARE\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup HKLM\SOFTWARE\VGroup -> Spyware.SAHA : Cleaned with backup HKLM\SOFTWARE\VGroup\SAHPopup -> Spyware.SAHA : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -> Spyware.MoneyTree : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -> Spyware.MoneyTree : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\PC anywhere 10\PC anywhere 10.5\Full.Cab/F6762_WinNTAuth.dll -> Dialer.Generic : Cleaned with backup C:\Documents and Settings\Administrator\My Documents\PC anywhere 10.zip/PC anywhere 10.5/Full.Cab/F6762_WinNTAuth.dll -> Dialer.Generic : Cleaned with backup C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ipii.exe -> TrojanDownloader.Qoologic.ai : Cleaned with backup C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\LocalService\Cookies\system@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\LocalService\Cookies\system@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup C:\Documents and Settings\LocalService\Cookies\system@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Documents and Settings\LocalService\Cookies\system@hypertracker[2].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup C:\Documents and Settings\LocalService\Cookies\system@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup C:\Documents and Settings\LocalService\Cookies\system@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup C:\Documents and Settings\LocalService\Cookies\system@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup C:\Documents and Settings\LocalService\Cookies\system@www.epilot[1].txt -> Spyware.Cookie.Epilot : Cleaned with backup C:\Documents and Settings\pkell\Cookies\pkell@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\pkell\Cookies\pkell@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\pkell\Cookies\pkell@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup C:\Documents and Settings\pkell\Cookies\pkell@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup C:\Documents and Settings\pkell\Cookies\pkell@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup C:\Documents and Settings\pkell\Cookies\pkell@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\99_app99.exe -> TrojanDropper.Agent.xw : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\b2search_v17.exe -> TrojanDropper.Agent.abb : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\bwf1003.exe -> Adware.Saha : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\cln1.tmp -> TrojanDownloader.Dyfuca.dp : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\Cookies\pkell@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\Cookies\pkell@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\Cookies\pkell@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\crptclrs.tmp -> Spyware.SafeSurfing : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\f100031.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\f127750.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\f142781.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\f165671.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\f355015.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\f445448640.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\f583359.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\f74437.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\f74625.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\f76515.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\f79890.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\f80984.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\f81593.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\f84468.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\f84546.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\f85125.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\f85203.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\f86406.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\f90375.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\f90671.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\f91609.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\f96484.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\f99062.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\i2A8.tmp -> Spyware.SurfSide : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\i2BF.tmp -> Adware.SurfSide : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\k_3E73.tmp -> Trojan.EliteBar.a : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\k_C7A6.tmp -> Trojan.EliteBar.a : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\polu.exe -> TrojanDropper.Agent.hl : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\Temporary Internet Files\Content.IE5\Y6XU8SCN\mm[2].js -> Spyware.Chitika : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\THI2887.tmp\imGiant.cab/imGiant.dll -> Adware.BetterInternet : Cleaned with backup C:\Documents and Settings\pkell\Local Settings\Temp\THI2887.tmp\imGiant.dll -> Adware.BetterInternet : Cleaned with backup C:\Program Files\Cas\Client\casmf.dll -> Spyware.CASClient : Cleaned with backup C:\Program Files\imGiant23\Additional\VVSNInst.exe -> Adware.SaveNow : Cleaned with backup C:\Program Files\Symantec\pcAnywhere\WinNTAuth.dll -> Dialer.Generic : Cleaned with backup C:\WINDOWS\876029.exe -> Adware.SaveNow : Cleaned with backup C:\WINDOWS\9020.exe -> Spyware.MediaMotor : Cleaned with backup C:\WINDOWS\bundle_mediamotor1004.exe -> Adware.Saha : Cleaned with backup C:\WINDOWS\Downloaded Program Files\UWFX5_0001_MNINetInstaller.exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup C:\WINDOWS\exe82.exe -> Spyware.MediaMotor : Cleaned with backup C:\WINDOWS\imGiant.dll -> Adware.BetterInternet : Cleaned with backup C:\WINDOWS\mm63.ocx -> Spyware.MediaMotor : Cleaned with backup C:\WINDOWS\optimize.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup C:\WINDOWS\system32\adcomplusanalytic.exe -> TrojanDropper.Agent.hl : Cleaned with backup C:\WINDOWS\system32\allinone.exe -> TrojanDropper.Agent.hl : Cleaned with backup C:\WINDOWS\system32\app2bundle.exe -> TrojanDropper.Agent.hl : Cleaned with backup C:\WINDOWS\system32\ggvrxde.dll -> Spyware.PurityScan : Cleaned with backup C:\WINDOWS\system32\ichckupd.exe -> Spyware.SafeSurfing : Cleaned with backup C:\WINDOWS\system32\irasyncd.exe -> Spyware.SafeSurfing : Cleaned with backup C:\WINDOWS\system32\kykkpp.exe -> TrojanDownloader.Qoologic.ai : Cleaned with backup C:\WINDOWS\system32\nsn2B3.dll -> Spyware.HotSearchBar : Cleaned with backup C:\WINDOWS\system32\nsp4.dll -> Spyware.HotSearchBar : Cleaned with backup C:\WINDOWS\system32\qool3.exe -> TrojanDropper.Agent.hl : Cleaned with backup C:\WINDOWS\system32\rastmon.dll -> Spyware.SafeSurfing : Cleaned with backup C:\WINDOWS\system32\sav2.exe -> TrojanDownloader.Agent.vp : Cleaned with backup C:\WINDOWS\system32\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Agent.hl : Cleaned with backup C:\WINDOWS\system32\VB3.exe -> TrojanDropper.Agent.hl : Cleaned with backup C:\WINDOWS\system32\vgactl.cpl -> TrojanDownloader.Qoologic.ad : Cleaned with backup C:\WINDOWS\system32\vqvvw.dat -> TrojanDownloader.Qoologic.ai : Cleaned with backup C:\WINDOWS\system32\wuauclt.dll -> TrojanDownloader.Small : Cleaned with backup C:\WINDOWS\system32\wυaclt.exe -> Spyware.MediaTickets : Cleaned with backup C:\WINDOWS\whCC-GIANT.exe/WhAgent.exe -> Spyware.WebHancer : Cleaned with backup ::Report End Panda Activescan log: Incident Status Location Adware:Adware/PurityScan Not disinfected C:\PROGRAM FILES\BAAU\TIAO.EXE Adware:adware/purityscan Not disinfected C:\Documents and Settings\pkell\Local Settings\Temp\!update.exe Adware:adware/consumeralertsystemNot disinfected C:\Documents and Settings\pkell\Local Settings\Temp\cassetup.exe Spyware:spyware/dyfuca Not disinfected C:\Documents and Settings\pkell\Local Settings\Temp\cfout.txt Adware:adware/isearch Not disinfected C:\Documents and Settings\pkell\Local Settings\Temp\cmdinst.exe Adware:adware/kingporn Not disinfected C:\Documents and Settings\pkell\Local Settings\Temp\ExtractDLL.dll Adware:adware/virtualbouncer Not disinfected C:\Documents and Settings\pkell\Local Settings\Temp\wrapperouter.exe Adware:adware/maxifiles Not disinfected C:\WINDOWS\SYSTEM32\mmxp2passion.exe Spyware:spyware/safesurf Not disinfected C:\WINDOWS\SYSTEM32\pdrpdb.dll Spyware:spyware/surfsidekick Not disinfected C:\WINDOWS\SYSTEM32\SSK3_B5.exe Adware:adware/mirar Not disinfected C:\WINDOWS\SYSTEM32\WinNB57.dll Adware:adware/imgiant Not disinfected C:\WINDOWS\INF\imgiant.inf Adware:adware/sahagent Not disinfected C:\WINDOWS\unstall.exe Adware:adware/webhancer Not disinfected C:\PROGRAM FILES\whInstall Adware:adware/twain-tech Not disinfected C:\Documents and Settings\pkell\Local Settings\Temp\THI2887.tmp Adware:adware program Not disinfected C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs Adware:adware/elitebar Not disinfected C:\WINDOWS\etb Spyware:spyware/betterinet Not disinfected Windows Registry Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\2G1DBOMP\!update-2614[1].0000 Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\674PCJQD\!update-2604[1].0000 Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\674PCJQD\!update-2644[1].0000 Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\674PCJQD\!update-2644[2].0000 Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\A9M7IL0Z\!update-2624[1].0000 Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\A9M7IL0Z\!update-2634[1].0000 Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\A9M7IL0Z\!update-2704[1].0000 Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\U4ERGK0J\!update-2604[1].0000 Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\pkell\Local Settings\Temp\!update.exe Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\pkell\Local Settings\Temp\1270.WUT\SaveInstHlp.dll Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\pkell\Local Settings\Temp\1270.WUT\WUSave.cab[SaveUninst.exe] Possible Virus. Not disinfected C:\Documents and Settings\pkell\Local Settings\Temp\20.tmp Adware:Adware/ISearch Not disinfected C:\Documents and Settings\pkell\Local Settings\Temp\cmdinst.exe Spyware:Spyware/SafeSurf Not disinfected C:\Documents and Settings\pkell\Local Settings\Temp\ExtractDLL.dll Adware:Adware/ImGiant Not disinfected C:\Documents and Settings\pkell\Local Settings\Temp\THI2887.tmp\imgiant.inf Virus:Trj/Agent.ARU Not disinfected C:\Documents and Settings\pkell\Local Settings\Temp\wfwall1.exe Adware:Adware/PurityScan Not disinfected C:\Program Files\baau\tiao.exe Adware:Adware/ConsumerAlertSystemNot disinfected C:\Program Files\System Files\plugin.dll Adware:Adware/ConsumerAlertSystemNot disinfected C:\Program Files\System Files\System.exe Adware:Adware/VirtualBouncer Not disinfected C:\Program Files\VBouncer\BundleOuter.EXE Adware:Adware/Exact.BargainBuddyNot disinfected C:\WINDOWS\etb\xml\images\casino.bmp Adware:Adware/Exact.BargainBuddyNot disinfected C:\WINDOWS\etb\xml\images\dating.bmp Adware:Adware/Exact.BargainBuddyNot disinfected C:\WINDOWS\etb\xml\images\virus.bmp Adware:Adware/ClockSync Not disinfected C:\WINDOWS\imggg.exe[VVSNInst.exe] Adware:Adware/ImGiant Not disinfected C:\WINDOWS\inf\imgiant.inf Adware:Adware/ConsumerAlertSystemNot disinfected C:\WINDOWS\pf78.exe Virus:Trj/Multidropper.AZK Not disinfected C:\WINDOWS\system32\InstallerV5.exe Virus:Trj/Downloader.FHW Not disinfected C:\WINDOWS\system32\mieukc\hdswkl.exe Virus:Trj/Downloader.CIM Not disinfected C:\WINDOWS\system32\mmxp2passion.exe Spyware:Spyware/SafeSurf Not disinfected C:\WINDOWS\system32\pdrpdb.dll Virus:Trj/Agent.ARU Not disinfected C:\WINDOWS\system32\wfwall1.exe Adware:Adware/Mirar Not disinfected C:\WINDOWS\system32\WinNB57.dll Adware:Adware/ConsumerAlertSystemNot disinfected C:\WINDOWS\tmp333.exe Spyware:Spyware/Media-motor Not disinfected C:\WINDOWS\unstall.exe Hijackthis Analyzer Log: ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 4:23:27 AM, on 11/21/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Sharp\Sharpdesk\SharpTray.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.* O4 - HKLM\..\Run: [IndexTray] "C:\Program Files\Sharp\Sharpdesk\IndexTray.exe" O4 - HKLM\..\Run: [Indexer] "C:\Program Files\Sharp\Sharpdesk\Indexer.exe" O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe" O4 - HKLM\..\Run: [TypeRegChecker] "C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe" O4 - HKLM\..\Run: [FtpServer.exe] "C:\Program Files\Sharp\Sharpdesk\FtpServer.exe" -usedefault O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FB0A501F-0F2C-4C44-BD1A-AD375533DBD4}: NameServer = 192.168.1.1 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe End of KRC HijackThis Analyzer Log. ==================================================================== |
|
|
|
|
11-22-2005, 09:29 AM
|
#7 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP
|
Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.
I have attached a file called folders.zip Please download it and unzip it to your desktop. Double click on folders.bat to run it. It should open up Notepad with a log, copy and paste that log before working through the rest of the fix. You may continue after posting, you do not need to wait for a reply. Ewido nailed a lot of the badguys, but it also took out a few good files. Please launch Ewido and click the quarantine button on the left side. Highlight each of these files then click Restore C:\Program Files\Symantec\pcAnywhere\WinNTAuth.dll C:\Documents and Settings\Administrator\My Documents\PC anywhere 10\PC anywhere 10.5\Full.Cab/F6762_WinNTAuth.dll C:\Documents and Settings\Administrator\My Documents\PC anywhere 10.zip/PC anywhere 10.5/Full.Cab/F6762_WinNTAuth.dll Viewing Hidden Files Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option. Downloads LQFix- Unzip it to it's own folder on your Desktop. WinPFind-Unzip it to the desktop, but do not run it yet Track qoo-Unzip it to the desktop, but do not run it yet Cleanup! (Alternate Link)- Install it. You will use this later. *NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups. Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears). Add/Remove Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs: Vbouncer WebHancer File and Folder Deletions Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\PROGRAM FILES\BAAU C:\Program Files\Cas C:\PROGRAM FILES\whInstall C:\Program Files\System Files C:\Program Files\Vbouncer C:\WINDOWS\system32\mieukc C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs C:\WINDOWS\SYSTEM32\mmxp2passion.exe C:\WINDOWS\SYSTEM32\pdrpdb.dll C:\WINDOWS\SYSTEM32\SSK3_B5.exe C:\WINDOWS\SYSTEM32\WinNB57.dll C:\WINDOWS\INF\imgiant.inf C:\WINDOWS\unstall.exe C:\WINDOWS\imggg.exe C:\WINDOWS\pf78.exe C:\WINDOWS\system32\InstallerV5.exe C:\WINDOWS\system32\wfwall1.exe C:\WINDOWS\tmp333.exe Tools Go to your Desktop and open up the LQfix folder. Double click on ClickThis.bat to run it. Double click WinPFind.exe * Click 'Start Scan' * It will scan the entire system, so please be patient! * Once the scan is complete: 1. Go to the WinPFind folder 2. Locate WinPFind.txt 3. Copy those results in the next post! Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows: Click Options Move the slider button down to Custom CleanUp! Check the following:
Click OK, Press the CleanUp! button to start the program and reboot(Normal Mode) when prompted. Reboot your system in Normal Mode. Double click on Track qoo.vbs Wait a few seconds and Notepad will pop up. Copy & Paste those results and place them in the next post along with the results of WinPFind! Note - If you have an anti-virus program that has script blocking features, you will get a pop up window asking you what to do. Allow this entire script to run. It's harmless. Online Scans Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system. Please open IE and go to Kaspersky WebScanner Next Click on Kaspersky Online Scanner You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
* Turn off the real time scanner of any existing antivirus program while performing the online scan In your next post please include:
|
|
|
|
|
11-22-2005, 12:12 PM
|
#8 (permalink) |
|
Registered User
Join Date: Nov 2005
Posts: 13
OS: Win XP
|
Folders.bat log
Volume in drive C has no label.
Volume Serial Number is FCFB-5742 Directory of c:\Windows\system32 02/24/2005 01:04 PM <DIR> wins 02/24/2005 01:04 PM <DIR> dhcp 02/24/2005 01:04 PM <DIR> ShellExt 02/24/2005 01:04 PM <DIR> export 02/24/2005 01:04 PM <DIR> 1028 02/24/2005 01:04 PM <DIR> 1025 02/24/2005 01:04 PM <DIR> 1031 02/24/2005 01:04 PM <DIR> 1041 02/24/2005 01:04 PM <DIR> 1042 02/24/2005 01:04 PM <DIR> 1054 02/24/2005 01:04 PM <DIR> 2052 02/24/2005 01:04 PM <DIR> 3076 02/24/2005 01:04 PM <DIR> 1037 02/24/2005 01:04 PM <DIR> inetsrv 02/24/2005 01:04 PM <DIR> IME 02/24/2005 01:04 PM <DIR> 3com_dmi 02/24/2005 01:04 PM <DIR> mui 02/24/2005 01:05 PM <DIR> 1033 02/24/2005 01:05 PM <DIR> icsxml 02/24/2005 01:05 PM <DIR> ras 02/24/2005 01:08 PM <DIR> npp 02/24/2005 01:09 PM <DIR> usmt 02/24/2005 01:09 PM <DIR> Setup 02/24/2005 01:11 PM <DIR> CatRoot 02/24/2005 08:18 PM <DIR> spool 02/24/2005 08:19 PM <DIR> MsDtc 02/24/2005 08:21 PM <DIR> Macromed 02/24/2005 08:21 PM <DIR> oobe 02/24/2005 08:21 PM <DIR> DirectX 02/24/2005 08:23 PM <DIR> ias 02/24/2005 08:24 PM <DIR> xircom 02/24/2005 08:38 PM <DIR> Microsoft 02/24/2005 09:23 PM <DIR> ReinstallBackups 02/24/2005 09:28 PM <DIR> SoftwareDistribution 02/24/2005 09:49 PM <DIR> URTTemp 02/25/2005 01:25 PM <DIR> NtmsData 07/16/2005 04:23 PM <DIR> Backup 07/18/2005 02:00 AM <DIR> PreInstall 09/23/2005 01:18 PM <DIR> SCDRV 10/08/2005 10:14 AM <DIR> mieukc 10/19/2005 10:53 AM <DIR> appmgmt 10/20/2005 09:10 AM <DIR> Restore 10/20/2005 09:29 AM <DIR> Com 11/11/2005 07:22 AM <DIR> dllcache 11/17/2005 08:23 AM <DIR> cache32dsrf4535dfs 11/21/2005 03:58 AM <DIR> CatRoot2 11/21/2005 04:16 AM <DIR> ActiveScan 11/21/2005 04:16 AM <DIR> config 11/21/2005 04:19 AM <DIR> wbem 11/21/2005 04:39 AM <DIR> drivers 11/21/2005 04:39 AM <DIR> . 11/21/2005 04:39 AM <DIR> .. 0 File(s) 0 bytes 52 Dir(s) 33,213,595,648 bytes free |
|
|
|
|
11-22-2005, 03:04 PM
|
#9 (permalink) |
|
Registered User
Join Date: Nov 2005
Posts: 13
OS: Win XP
|
new posts
WinPFind Log:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 Internet Explorer Version: 6.0.2900.2180 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»» Checking %SystemDrive% folder... Checking %ProgramFilesDir% folder... Checking %WinDir% folder... PECompact2 11/16/2005 5:56:04 AM 16502861 C:\WINDOWS\LPT$VPN.951 qoologic 11/16/2005 5:56:04 AM 16502861 C:\WINDOWS\LPT$VPN.951 SAHAgent 11/16/2005 5:56:04 AM 16502861 C:\WINDOWS\LPT$VPN.951 UPX! 5/3/2005 11:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll UPX! 1/10/2005 4:17:24 PM 170053 C:\WINDOWS\tsc.exe PECompact2 11/16/2005 5:56:04 AM 16502861 C:\WINDOWS\VPTNFILE.951 qoologic 11/16/2005 5:56:04 AM 16502861 C:\WINDOWS\VPTNFILE.951 SAHAgent 11/16/2005 5:56:04 AM 16502861 C:\WINDOWS\VPTNFILE.951 UPX! 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll aspack 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll Umonitor 8/22/2005 2:41:34 PM 316416 C:\WINDOWS\vx2cleaner.dlx ZepMon 8/22/2005 2:41:34 PM 316416 C:\WINDOWS\vx2cleaner.dlx ad-w-a-r-e.com 8/22/2005 2:41:34 PM 316416 C:\WINDOWS\vx2cleaner.dlx Checking %System% folder... PEC2 8/4/2004 5:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc PTech 7/12/2005 6:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll PECompact2 11/1/2005 10:34:18 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe aspack 11/1/2005 10:34:18 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe aspack 8/4/2004 5:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll Umonitor 8/4/2004 5:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll winsync 8/4/2004 5:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu UPX! 10/20/2005 9:14:34 AM 1310376 C:\WINDOWS\SYSTEM32\wfwall1.exe Checking %System%\Drivers folder and sub-folders... Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 11/22/2005 3:04:52 AM S 2048 C:\WINDOWS\bootstat.dat 11/22/2005 3:03:28 AM H 24 C:\WINDOWS\p5J7N 11/7/2005 8:23:28 AM H 54156 C:\WINDOWS\QTFont.qfn 10/5/2005 8:33:38 PM S 12849 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896424.cat 10/4/2005 6:17:40 PM S 21737 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat 9/28/2005 10:53:30 AM S 17402 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat 11/22/2005 3:04:42 AM H 8192 C:\WINDOWS\system32\config\default.LOG 11/22/2005 3:05:06 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG 11/22/2005 3:04:54 AM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG 11/22/2005 3:12:12 AM H 122880 C:\WINDOWS\system32\config\software.LOG 11/22/2005 3:05:08 AM H 843776 C:\WINDOWS\system32\config\system.LOG 11/11/2005 7:22:38 AM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG 10/26/2005 9:52:28 AM S 6451 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1 11/15/2005 7:34:14 AM S 688 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 10/26/2005 9:52:28 AM S 18057 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019 11/15/2005 7:34:14 AM S 21514 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A8FABA189DB7D25FBA7CAC806625FD30 10/26/2005 9:52:28 AM S 120 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1 11/15/2005 7:34:14 AM S 94 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 10/26/2005 9:52:28 AM S 124 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019 11/15/2005 7:34:14 AM S 124 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A8FABA189DB7D25FBA7CAC806625FD30 11/17/2005 2:44:30 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\222dedcb-8c2e-410f-8900-0d90e2f46f84 11/17/2005 2:44:30 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred 10/19/2005 10:03:42 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\106c6b23-d9b1-4a08-9645-55106ccdd395 10/19/2005 10:03:42 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 11/22/2005 3:03:46 AM H 6 C:\WINDOWS\Tasks\SA.DAT 11/4/2005 6:58:44 AM HS 616448 C:\WINDOWS\Temp\7jncynia.TMP 10/19/2005 1:59:02 PM HS 616448 C:\WINDOWS\Temp\cz33dak2.TMP 10/19/2005 10:11:44 AM HS 616448 C:\WINDOWS\Temp\g72qjip8.TMP 10/8/2005 10:58:02 AM HS 616448 C:\WINDOWS\Temp\xmnucevl.TMP Checking for CPL files... Microsoft Corporation 8/4/2004 5:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Intel Corporation 3/11/2003 10:18:48 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl Microsoft Corporation 8/4/2004 5:00:00 AM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl Intel Corporation 3/11/2003 10:18:48 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxcpl.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 2/24/2005 8:24:06 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini Checking files in %ALLUSERSPROFILE%\Application Data folder... 2/24/2005 1:11:40 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini 9/14/2005 1:59:38 PM 1755 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache Checking files in %USERPROFILE%\Startup folder... 2/24/2005 8:24:06 PM HS 84 C:\Documents and Settings\pkell\Start Menu\Programs\Startup\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 2/24/2005 1:11:40 PM HS 62 C:\Documents and Settings\pkell\Application Data\desktop.ini 9/23/2005 1:39:48 PM 579726 C:\Documents and Settings\pkell\Application Data\fontlst2.opf 10/8/2005 10  34 AM 466056 C:\Documents and Settings\pkell\Application Data\Sskknwrd.dll»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] SV1 = acc=ventura5 = acc=none = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\HotShellExt_40 {6BC1BB05-BA15-415d-8C62-093A7F312FD2} = C:\Program Files\eFax Messenger 4.0\J2GShell.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu {BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\qgqqmmym {d0d4d224-2839-43d6-8a29-8a80788a95b2} = C:\WINDOWS\system32\lgllk.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu {BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tip of the Day = %SystemRoot%\system32\shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38} Search Band = %SystemRoot%\system32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} History Band = %SystemRoot%\system32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer Band = %SystemRoot%\system32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {2318C2B1-4965-11D4-9B18-009027A5CD4F} = : {EF99BD32-C1FB-11D2-892F-0090271D4F88} = : {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" vptray C:\PROGRA~1\SYMANT~1\VPTray.exe IndexTray "C:\Program Files\Sharp\Sharpdesk\IndexTray.exe" Indexer "C:\Program Files\Sharp\Sharpdesk\Indexer.exe" SharpTray "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe" TypeRegChecker "C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe" FtpServer.exe "C:\Program Files\Sharp\Sharpdesk\FtpServer.exe" -usedefault [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] IMAIL Installed = 1 MAPI Installed = 1 MSFS Installed = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup location Common Startup command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE item Adobe Reader Speed Launch path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup location Common Startup command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE item Adobe Reader Speed Launch HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax DllCmd 4.0.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax DllCmd 4.0.lnk backup C:\WINDOWS\pss\eFax DllCmd 4.0.lnkCommon Startup location Common Startup command C:\PROGRA~1\EFAXME~1.0\J2GDLL~1.EXE /R item eFax DllCmd 4.0 path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax DllCmd 4.0.lnk backup C:\WINDOWS\pss\eFax DllCmd 4.0.lnkCommon Startup location Common Startup command C:\PROGRA~1\EFAXME~1.0\J2GDLL~1.EXE /R item eFax DllCmd 4.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax Tray Menu 4.0.lnk path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax Tray Menu 4.0.lnk backup C:\WINDOWS\pss\eFax Tray Menu 4.0.lnkCommon Startup location Common Startup command C:\PROGRA~1\EFAXME~1.0\J2GTray.exe item eFax Tray Menu 4.0 path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax Tray Menu 4.0.lnk backup C:\WINDOWS\pss\eFax Tray Menu 4.0.lnkCommon Startup location Common Startup command C:\PROGRA~1\EFAXME~1.0\J2GTray.exe item eFax Tray Menu 4.0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^tdtt.exe path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tdtt.exe backup C:\WINDOWS\pss\tdtt.exeCommon Startup location Common Startup command C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tdtt.exe item tdtt path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tdtt.exe backup C:\WINDOWS\pss\tdtt.exeCommon Startup location Common Startup command C:\Documents and Settings\All Users\Start Menu\Programs\Startup\tdtt.exe item tdtt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\9020 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item exe82 hkey HKLM command C:\WINDOWS\exe82.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item exe82 hkey HKLM command C:\WINDOWS\exe82.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\adcomplusanalytic.exe key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item adcomplusanalytic hkey HKLM command C:\WINDOWS\system32\adcomplusanalytic.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item adcomplusanalytic hkey HKLM command C:\WINDOWS\system32\adcomplusanalytic.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\allinone.exe key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item allinone hkey HKLM command C:\WINDOWS\system32\allinone.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item allinone hkey HKLM command C:\WINDOWS\system32\allinone.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\allinone.exe3.org key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item allinone hkey HKLM command C:\WINDOWS\system32\allinone.exe3.org inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item allinone hkey HKLM command C:\WINDOWS\system32\allinone.exe3.org inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\APD123 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item APD123 hkey HKLM command C:\WINDOWS\system32\APD123.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item APD123 hkey HKLM command C:\WINDOWS\system32\APD123.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CAS Client key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item casclient hkey HKCU command "C:\Program Files\Cas\Client\casclient.exe" inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item casclient hkey HKCU command "C:\Program Files\Cas\Client\casclient.exe" inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CMSystem key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item CMSystem hkey HKCU command "C:\Program Files\CMSystem\CMSystem.exe" inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item CMSystem hkey HKCU command "C:\Program Files\CMSystem\CMSystem.exe" inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\exp key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item wfwall1 hkey HKLM command C:\WINDOWS\system32\wfwall1.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item wfwall1 hkey HKLM command C:\WINDOWS\system32\wfwall1.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\exp.exe key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item exp hkey HKLM command C:\WINDOWS\system32\exp.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item exp hkey HKLM command C:\WINDOWS\system32\exp.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hdswkl key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hdswkl hkey HKLM command C:\WINDOWS\system32\mieukc\hdswkl.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hdswkl hkey HKLM command C:\WINDOWS\system32\mieukc\hdswkl.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hkcmd hkey HKLM command C:\WINDOWS\system32\hkcmd.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item hkcmd hkey HKLM command C:\WINDOWS\system32\hkcmd.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ichckupd key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ichckupd hkey HKCU command C:\WINDOWS\system32\ichckupd.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item ichckupd hkey HKCU command C:\WINDOWS\system32\ichckupd.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item igfxtray hkey HKLM command C:\WINDOWS\system32\igfxtray.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item igfxtray hkey HKLM command C:\WINDOWS\system32\igfxtray.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Internet Optimizer key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item optimize hkey HKLM command "C:\Program Files\Internet Optimizer\optimize.exe" inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item optimize hkey HKLM command "C:\Program Files\Internet Optimizer\optimize.exe" inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item iTunesHelper hkey HKLM command "C:\Program Files\iTunes\iTunesHelper.exe" inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item iTunesHelper hkey HKLM command "C:\Program Files\iTunes\iTunesHelper.exe" inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\lysudaad key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item lysudaad hkey HKLM command C:\WINDOWS\system32\vfsne\lysudaad.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item lysudaad hkey HKLM command C:\WINDOWS\system32\vfsne\lysudaad.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item msmsgs hkey HKCU command "C:\Program Files\Messenger\msmsgs.exe" /background inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item msmsgs hkey HKCU command "C:\Program Files\Messenger\msmsgs.exe" /background inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item MsnMsgr hkey HKCU command "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item MsnMsgr hkey HKCU command "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item qttask hkey HKLM command "C:\Program Files\QuickTime\qttask.exe" -atboottime inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item qttask hkey HKLM command "C:\Program Files\QuickTime\qttask.exe" -atboottime inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\seli key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item exe82 hkey HKLM command C:\WINDOWS\exe82.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item exe82 hkey HKLM command C:\WINDOWS\exe82.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SurfSideKick 3 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item Ssk hkey HKLM command C:\Program Files\SurfSideKick 3\Ssk.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item Ssk hkey HKLM command C:\Program Files\SurfSideKick 3\Ssk.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\System service75 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item pokapoka75 hkey HKLM command C:\WINDOWS\etb\pokapoka75.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item pokapoka75 hkey HKLM command C:\WINDOWS\etb\pokapoka75.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\System service76 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item pokapoka76 hkey HKLM command C:\WINDOWS\etb\pokapoka76.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item pokapoka76 hkey HKLM command C:\WINDOWS\etb\pokapoka76.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Tlnls key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item Uaqhm hkey HKLM command C:\Program Files\Adfenuj\Uaqhm.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item Uaqhm hkey HKLM command C:\Program Files\Adfenuj\Uaqhm.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VBundleOuterDL key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item BundleOuter hkey HKLM command C:\Program Files\VBouncer\BundleOuter.EXE inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item BundleOuter hkey HKLM command C:\Program Files\VBouncer\BundleOuter.EXE inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\webHancer Agent key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item whAgent hkey HKLM command "C:\Program Files\webHancer\Programs\whAgent.exe" inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item whAgent hkey HKLM command "C:\Program Files\webHancer\Programs\whAgent.exe" inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\webHancer Survey Companion key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item whSurvey hkey HKLM command "C:\Program Files\webHancer\Programs\whSurvey.exe" inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item whSurvey hkey HKLM command "C:\Program Files\webHancer\Programs\whSurvey.exe" inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\wfwall1.exe key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item wfwall1 hkey HKLM command C:\WINDOWS\system32\wfwall1.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item wfwall1 hkey HKLM command C:\WINDOWS\system32\wfwall1.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\wfwall1.exew3.org key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item wfwall1 hkey HKLM command C:\WINDOWS\system32\wfwall1.exew3.org inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item wfwall1 hkey HKLM command C:\WINDOWS\system32\wfwall1.exew3.org inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsync key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item unuudd hkey HKLM command C:\WINDOWS\system32\unuudd.exe reg_run inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item unuudd hkey HKLM command C:\WINDOWS\system32\unuudd.exe reg_run inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinTask driver key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item wintask hkey HKLM command C:\WINDOWS\system32\wintask.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item wintask hkey HKLM command C:\WINDOWS\system32\wintask.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yunguyo.exe key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item Yunguyo hkey HKLM command C:\WINDOWS\system32\Yunguyo.exe inimapping 0 key SOFTWARE\Microsoft\Windows\CurrentVersion\Run item Yunguyo hkey HKLM command C:\WINDOWS\system32\Yunguyo.exe inimapping 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini 0 win.ini 0 bootini 0 services 0 startup 2 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, Shell = Explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 11/22/2005 3:24:35 AM Trackqoo Log: REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe" "IndexTray"="\"C:\\Program Files\\Sharp\\Sharpdesk\\IndexTray.exe\"" "Indexer"="\"C:\\Program Files\\Sharp\\Sharpdesk\\Indexer.exe\"" "SharpTray"="\"C:\\Program Files\\Sharp\\Sharpdesk\\SharpTray.exe\"" "TypeRegChecker"="\"C:\\Program Files\\Sharp\\Sharpdesk\\TypeRegChecker.exe\"" "FtpServer.exe"="\"C:\\Program Files\\Sharp\\Sharpdesk\\FtpServer.exe\" -usedefault" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" ----------------- HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers Subkey --- HotShellExt_40 {6BC1BB05-BA15-415d-8C62-093A7F312FD2} C:\Program Files\eFax Messenger 4.0\J2GShell.dll Subkey --- LDVPMenu {BDA77241-42F6-11d0-85E2-00AA001FE28C} C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll Subkey --- Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} C:\WINDOWS\System32\cscui.dll Subkey --- Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} C:\WINDOWS\system32\SHELL32.dll Subkey --- Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} C:\WINDOWS\system32\SHELL32.dll Subkey --- qgqqmmym {d0d4d224-2839-43d6-8a29-8a80788a95b2} C:\WINDOWS\system32\lgllk.dll Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin C:\WINDOWS\system32\SHELL32.dll ===================== HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871} C:\WINDOWS\system32\SHELL32.dll Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF} C:\WINDOWS\system32\SHELL32.dll Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF} C:\WINDOWS\system32\SHELL32.dll Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE} C:\WINDOWS\system32\SHELL32.dll Subkey --- {F9DB5320-233E-11D1-9F84-707F02C10627} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll ============================== C:\Documents and Settings\All Users\Start Menu\Programs\Startup desktop.ini ============================== C:\Documents and Settings\pkell\Start Menu\Programs\Startup desktop.ini desktop.ini ============================== C:\WINDOWS\system32 cpl files access.cpl Microsoft Corporation appwiz.cpl Microsoft Corporation bthprops.cpl Microsoft Corporation desk.cpl Microsoft Corporation firewall.cpl Microsoft Corporation hdwwiz.cpl Microsoft Corporation igfxcpl.cpl Intel Corporation inetcpl.cpl Microsoft Corporation intl.cpl Microsoft Corporation irprops.cpl Microsoft Corporation joy.cpl Microsoft Corporation main.cpl Microsoft Corporation mmsys.cpl Microsoft Corporation ncpa.cpl Microsoft Corporation netsetup.cpl Microsoft Corporation nusrmgr.cpl Microsoft Corporation nwc.cpl Microsoft Corporation odbccp32.cpl Microsoft Corporation powercfg.cpl Microsoft Corporation sysdm.cpl Microsoft Corporation telephon.cpl Microsoft Corporation timedate.cpl Microsoft Corporation wscui.cpl Microsoft Corporation wuaucpl.cpl Microsoft Corporation |
|
|
|
|
11-22-2005, 03:06 PM
|
#10 (permalink) |
|
Registered User
Join Date: Nov 2005
Posts: 13
OS: Win XP
|
new logs continued
Antispyware Log:
Started Scanning Internet Cookies Found 'trafficmp.com' in 'Internet Explorer Cache' Found 'exitexchange.com' in 'Internet Explorer Cache' Programs in Memory Windows Registry Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1' Found '' in 'SOFTWARE\Classes\Install.Install.1' Found '' in 'SOFTWARE\Classes\Install.Install.1\CLSID' Found '' in 'Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}' Found '' in 'Interface\{A9136CFD-FD01-41B8-9969-0B37720ED8AB}' Found '' in 'Interface\{B2EEDA99-DA99-4D0D-9F7F-143C30521388}' Found '' in 'TypeLib\{466C63AC-F26E-49F1-861A-E07DA768A46A}' Found '' in 'SOFTWARE\Classes\Interface\{A9136CFD-FD01-41B8-9969-0B37720ED8AB}' Found '' in 'SOFTWARE\Classes\Interface\{B2EEDA99-DA99-4D0D-9F7F-143C30521388}' Found '' in 'SOFTWARE\Classes\TypeLib\{466C63AC-F26E-49F1-861A-E07DA768A46A}' Internet URL Shortcuts Files and Directories Found 'creditcard32123123123asdsa123.ico' in 'C:\WINDOWS\system32' Found 'wnstssv.exe' in 'C:\WINDOWS\system32' Finished Scanning Started Backup Finished Backup Started Cleaning Checking for 'C:\WINDOWS\system32\creditcard32123123123asdsa123.ico' in shortcut areas. Checking for 'C:\WINDOWS\system32\creditcard32123123123asdsa123.ico' in startup areas. Cleaning 'C:\WINDOWS\system32\creditcard32123123123asdsa123.ico' Checking for 'C:\WINDOWS\system32\wnstssv.exe' in shortcut areas. Checking for 'C:\WINDOWS\system32\wnstssv.exe' in startup areas. Cleaning 'C:\WINDOWS\system32\wnstssv.exe' Finished Cleaning Started Scanning Internet Cookies Found 'as-us.falkag.net' in 'Internet Explorer Cache' Programs in Memory Windows Registry Internet URL Shortcuts Files and Directories Finished Scanning Started Backup Finished Backup Started Cleaning Finished Cleaning Kaspersky Log: -------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Tuesday, November 22, 2005 04:53:57 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 22/11/2005 Kaspersky Anti-Virus database records: 151337 --------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ Y:\ Scan Statistics: Total number of scanned objects: 41969 Number of viruses found: 35 Number of infected objects: 404 Number of suspicious objects: 0 Duration of the scan process: 3023 sec Infected Object Name - Virus Name C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00D40001.VBN Infected: Trojan.Win32.EliteBar.d C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00D40002.VBN Infected: Trojan.Win32.EliteBar.d C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00D40003.VBN Infected: Trojan-Downloader.Win32.Small.bkr C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00DC0000.VBN Infected: Trojan-Clicker.Win32.VB.ij C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01300000.VBN Infected: Trojan-Dropper.Win32.Agent.xw C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02580000.VBN Infected: Trojan.Win32.EliteBar.f C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02940000.VBN Infected: Trojan-Dropper.Win32.Agent.mu C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05A40000.VBN Infected: Trojan-Downloader.Win32.Agent.tv C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\071C0000.VBN Infected: Trojan-Dropper.Win32.Agent.xw C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00000.VBN Infected: Trojan-Downloader.Win32.Agent.tv C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00002.VBN Infected: Trojan.Win32.EliteBar.f C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00003.VBN Infected: Trojan-Downloader.Win32.Agent.tv C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B3C0000.VBN Infected: Trojan-Clicker.Win32.VB.ij C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B480000.VBN Infected: Trojan-Dropper.Win32.Agent.mu C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940000.VBN Infected: Trojan-Downloader.Win32.Small.bkr C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940001.VBN Infected: Trojan-Downloader.Win32.Small.bkr C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940002.VBN Infected: Trojan-Downloader.Win32.Agent.tv C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940003.VBN Infected: Trojan-Downloader.Win32.Agent.tv C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940004.VBN Infected: Trojan.Win32.EliteBar.f C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940005.VBN Infected: Trojan.Win32.EliteBar.f C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940008.VBN Infected: Trojan-Downloader.Win32.Agent.tv C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940009.VBN Infected: Trojan-Downloader.Win32.Agent.tv C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000C.VBN Infected: Trojan.Win32.EliteBar.f C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000D.VBN Infected: Trojan.Win32.EliteBar.f C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000E.VBN Infected: Trojan-Downloader.Win32.Agent.tv C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000F.VBN Infected: Trojan-Downloader.Win32.Agent.tv C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940010.VBN Infected: Trojan.Win32.EliteBar.f C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940011.VBN Infected: Trojan.Win32.EliteBar.f C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940012.VBN Infected: Trojan-Downloader.Win32.Small.bkr C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940013.VBN Infected: Trojan-Downloader.Win32.Small.bkr C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10680000.VBN Infected: Trojan-Dropper.Win32.Agent.mu C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\2C340000.VBN Infected: Trojan-Clicker.Win32.VB.ij C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\2C340001.VBN Infected: Trojan-Clicker.Win32.VB.ij C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\2C340002.VBN Infected: Trojan-Clicker.Win32.VB.ij C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\94480000.VBN Infected: Trojan-Clicker.Win32.VB.ij C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\F8680000.VBN Infected: Trojan-Clicker.Win32.VB.ij C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011694.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011702.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011703.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011704.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011705.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011710.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011711.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011712.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011718.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011722.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011725.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011727.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011728.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011729.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011731.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011734.exe Infected: Trojan-Downloader.Win32.PurityScan.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0012718.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0012723.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0012726.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0012728.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0012729.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0012730.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0012731.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0012734.exe Infected: Trojan-Downloader.Win32.VB.hw C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0012735.exe Infected: Trojan-Downloader.Win32.Agent.qg C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013718.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013722.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013724.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013727.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013728.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013729.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013731.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013734.exe Infected: Trojan-Downloader.Win32.VB.hw C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013735.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013747.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013755.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013757.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013758.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013759.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013761.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013762.exe Infected: Trojan-Downloader.Win32.PurityScan.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0014747.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0014757.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0014759.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0014760.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0014761.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0014762.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0014763.exe Infected: Trojan-Downloader.Win32.PurityScan.as C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015747.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015755.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015759.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015760.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015761.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015763.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015764.exe Infected: Trojan-Downloader.Win32.Small.abd C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015765.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015768.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015773.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015780.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015781.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015782.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015783.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015787.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015789.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015790.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0016773.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0016778.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0016780.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0016782.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0016784.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0016785.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0016786.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0016787.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0016800.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0016805.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0016807.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0016810.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0016811.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0016812.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0016813.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0016815.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0016821.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0016826.exe Infected: Trojan-Downloader.Win32.PurityScan.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017829.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017830.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017831.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017832.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017836.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017837.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017838.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017839.dll Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017840.dll Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017844.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017845.dll Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017848.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017849.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017854.dll Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017855.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017856.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017862.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017863.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017864.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017865.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017873.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017874.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017875.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017876.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017886.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017888.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017889.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017897.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017899.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017900.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017901.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017902.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017903.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017905.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0019889.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0019895.exe Infected: Trojan-Downloader.Win32.Dyfuca.dp C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0019896.exe Infected: Trojan-Downloader.Win32.Dyfuca.dp C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0020049.exe Infected: Trojan-Downloader.Win32.Agent.lg C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0020055.exe Infected: Trojan-Downloader.Win32.PurityScan.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0020108.dll Infected: Trojan-Downloader.Win32.Agent.lg C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0020109.exe Infected: Trojan-Downloader.Win32.Agent.lg C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0020111.exe Infected: Trojan-Downloader.Win32.Agent.lg C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0020144.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0020145.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0020146.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0020147.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0020148.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0020153.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0021132.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0021137.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0021139.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0021141.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0021142.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0021143.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022152.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022156.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022157.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022158.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022159.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022161.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022163.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022168.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022177.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022180.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022182.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022183.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022184.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022193.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022195.exe Infected: Trojan-Downloader.Win32.PurityScan.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0023168.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0023175.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0023177.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0023179.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0023180.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0023181.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0023191.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0023192.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0023193.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0023194.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0023195.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0023197.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0024189.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0024190.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0024192.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0024196.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0024197.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0024198.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0024200.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0025183.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0025189.exe Infected: Trojan-Downloader.Win32.PurityScan.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0025544.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0025546.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0025547.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0025548.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0025561.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0025562.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0025563.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0025565.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0025566.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0025568.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0026550.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0026555.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0026556.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0026558.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0026559.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP110\A0026563.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP110\A0026564.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP110\A0026571.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP110\A0026573.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP110\A0026581.exe Infected: Trojan-Downloader.Win32.PurityScan.as C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP110\A0026583.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP110\A0026584.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP110\A0026586.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP110\A0026591.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP110\A0026592.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP111\A0027577.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP111\A0027582.exe Infected: Trojan-Downloader.Win32.PurityScan.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP111\A0027723.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP111\A0027725.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP111\A0027726.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP111\A0027795.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP111\A0027796.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP111\A0027797.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP111\A0027840.exe Infected: Trojan-Downloader.Win32.PurityScan.as C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP111\A0027841.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP111\A0027843.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP111\A0027844.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP112\A0031839.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP112\A0031840.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP112\A0031841.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP112\A0031842.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP112\A0032169.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP112\A0032170.exe Infected: Trojan.Win32.Small.cy C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP112\A0032181.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP112\A0032182.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP112\A0032183.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP112\A0032189.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP112\A0032190.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP112\A0032191.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP113\A0032202.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP113\A0032203.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP113\A0032204.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP113\A0032241.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP113\A0032242.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP113\A0032243.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP113\A0032244.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP113\A0032345.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP113\A0032349.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP113\A0032350.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP113\A0032351.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP113\A0032352.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP114\A0032372.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP114\A0032373.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP114\A0032374.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP114\A0032375.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP115\A0032398.exe Infected: Trojan-Downloader.Win32.VB.hw C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP117\A0033372.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP117\A0033373.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP117\A0033374.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP117\A0033376.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP118\A0034372.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP118\A0034373.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP118\A0034374.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP118\A0034375.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP119\A0035372.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP119\A0035373.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP119\A0035374.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP119\A0035375.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0035414.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0035415.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0035416.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0035417.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0036415.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0036416.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0036417.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0036418.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0036439.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0036440.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0036441.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0036442.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0036447.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0036448.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0036449.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0036450.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0037447.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0037448.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0037449.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0037450.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP121\A0038447.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP121\A0038448.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP121\A0038449.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP121\A0038450.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP121\A0038460.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP121\A0038461.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP121\A0038463.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP121\A0038467.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP121\A0038470.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP122\A0039468.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP122\A0039471.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP122\A0041466.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP122\A0041469.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP122\A0042466.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP122\A0042469.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP123\A0043466.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP123\A0043469.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP123\A0044466.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP123\A0044469.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP123\A0045466.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP123\A0045469.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP124\A0046466.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP124\A0046469.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP124\A0047466.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP124\A0047469.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP125\A0048466.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP125\A0048469.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP125\A0049468.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP125\A0049471.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP126\A0052484.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP126\A0052487.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP126\A0055480.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP126\A0055483.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP126\A0056480.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP126\A0056483.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP126\A0057480.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP126\A0057483.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP126\A0058480.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP126\A0058483.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP126\A0059480.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP126\A0059483.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP127\A0060482.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP127\A0061480.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP127\A0061483.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP127\A0062480.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP127\A0062483.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP128\A0063480.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP128\A0063483.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP128\A0064480.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP128\A0064483.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP129\A0065480.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP129\A0065483.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP129\A0066481.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP129\A0066484.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP131\A0066598.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP131\A0066601.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP131\A0066604.exe Infected: Trojan-Downloader.Win32.Small.abd C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP131\A0066605.exe Infected: Trojan.Win32.Small.cy C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP131\A0066607.exe Infected: Trojan-Downloader.Win32.Small.abd C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP131\A0066608.exe Infected: Trojan-Downloader.Win32.Agent.qg C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP131\A0066609.exe Infected: Trojan-Downloader.Win32.VB.jl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP131\A0066610.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP131\A0066611.exe Infected: Trojan-Downloader.Win32.VB.if C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP131\A0066624.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP131\A0066627.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP131\A0066631.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP132\A0068647.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP132\A0068650.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP132\A0068651.dll Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP132\A0068652.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP132\A0068653.dll Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0068793.dll Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0068794.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0068799.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0068802.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0068818.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0068821.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0071834.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0071844.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0071846.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0071847.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0071848.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0071852.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0071855.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0071857.exe Infected: Trojan-Downloader.Win32.Agent.vp C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0071858.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0071859.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0071860.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0071861.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP134\A0074059.exe Infected: Trojan-Dropper.Win32.Small.qn C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP134\A0074067.exe/data0006 Infected: Backdoor.Win32.HacDef.bo C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP134\A0074067.exe Infected: Backdoor.Win32.HacDef.bo C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP134\A0074078.exe Infected: Trojan-Downloader.Win32.PurityScan.ax C:\WINDOWS\offun.exe Infected: Trojan-Downloader.Win32.VB.nw C:\WINDOWS\system32\fmiinsrv.exe Infected: Trojan.Win32.Crypt.t C:\WINDOWS\system32\lgllk.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\WINDOWS\system32\sdpssuba.exe Infected: Trojan.Win32.Crypt.t Scan process completed. Hijack This Analyzer Log: ======================================= Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 4:59:20 AM, on 11/22/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Sharp\Sharpdesk\SharpTray.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.* O4 - HKLM\..\Run: [IndexTray] "C:\Program Files\Sharp\Sharpdesk\IndexTray.exe" O4 - HKLM\..\Run: [Indexer] "C:\Program Files\Sharp\Sharpdesk\Indexer.exe" O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe" O4 - HKLM\..\Run: [TypeRegChecker] "C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe" O4 - HKLM\..\Run: [FtpServer.exe] "C:\Program Files\Sharp\Sharpdesk\FtpServer.exe" -usedefault O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FB0A501F-0F2C-4C44-BD1A-AD375533DBD4}: NameServer = 192.168.1.1 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe End of KRC HijackThis Analyzer Log. ========================= |
|
|
|
|
11-23-2005, 11:20 AM
|
#11 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP
|
Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.
Please follow Symantec’s Guide to clean out your Norton quarantine. Viewing Hidden Files Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option. Downloads KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175) I have attached a file called regfix.zip, please download it to your desktop. Double click on regfix.reg and click yes when asked if you would like to merge the information into the registry. Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears). Add/Remove Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs: Internet Optimizer File and Folder Deletions Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\Program Files\Internet Optimizer C:\Program Files\Adfenuj C:\Program Files\webHancer C:\Windows\Temp <<< Please go to this directory then push Ctrl + A then push Delete. Do not delete the folder itself. Tools Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows: Click Options Move the slider button down to Custom CleanUp! Check the following:
Click OK, Press the CleanUp! button to start the program and click no if prompted to reboot Launch KillBox.exe & select the following options:
* Click the RED X button. * Click Yes at the Delete on Reboot prompt. * Click Yes at the 'Pending Operations prompt'. Reboot your system in Normal Mode. Online Scans Please open IE and go to Kaspersky WebScanner Next Click on Kaspersky Online Scanner You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
* Turn off the real time scanner of any existing antivirus program while performing the online scan In your next post please include:
Last edited by sUBs; 11-23-2005 at 11:32 AM. |
|
|
|
|
11-28-2005, 07:49 AM
|
#12 (permalink) |
|
Registered User
Join Date: Nov 2005
Posts: 13
OS: Win XP
|
Kaspersky & Hijackthis Logs
I was told to uninstall "Internet Optimizer" using Add/Remove Programs, however, it was not listed there.
Kaspersky Log: ---------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Wednesday, November 23, 2005 05:09:00 Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 23/11/2005 Kaspersky Anti-Virus database records: 151479 --------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - Folders: C:\ Scan Statistics: Total number of scanned objects: 27036 Number of viruses found: 35 Number of infected objects: 398 Number of suspicious objects: 0 Duration of the scan process: 1777 sec Infected Object Name - Virus Name C:\!Submit\fmiinsrv.exe Infected: Trojan.Win32.Crypt.t C:\!Submit\offun.exe Infected: Trojan-Downloader.Win32.VB.nw C:\!Submit\sdpssuba.exe Infected: Trojan.Win32.Crypt.t C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00D40001.VBN Infected: Trojan.Win32.EliteBar.d C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00D40002.VBN Infected: Trojan.Win32.EliteBar.d C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00D40003.VBN Infected: Trojan-Downloader.Win32.Small.bkr C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\00DC0000.VBN Infected: Trojan-Clicker.Win32.VB.ij C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01300000.VBN Infected: Trojan-Dropper.Win32.Agent.xw C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02580000.VBN Infected: Trojan.Win32.EliteBar.f C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02940000.VBN Infected: Trojan-Dropper.Win32.Agent.mu C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\05A40000.VBN Infected: Trojan-Downloader.Win32.Agent.tv C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\071C0000.VBN Infected: Trojan-Dropper.Win32.Agent.xw C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00000.VBN Infected: Trojan-Downloader.Win32.Agent.tv C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00002.VBN Infected: Trojan.Win32.EliteBar.f C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AB00003.VBN Infected: Trojan-Downloader.Win32.Agent.tv C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B3C0000.VBN Infected: Trojan-Clicker.Win32.VB.ij C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0B480000.VBN Infected: Trojan-Dropper.Win32.Agent.mu C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940000.VBN Infected: Trojan-Downloader.Win32.Small.bkr C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940002.VBN Infected: Trojan-Downloader.Win32.Agent.tv C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940004.VBN Infected: Trojan.Win32.EliteBar.f C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940008.VBN Infected: Trojan-Downloader.Win32.Agent.tv C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000C.VBN Infected: Trojan.Win32.EliteBar.f C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E94000E.VBN Infected: Trojan-Downloader.Win32.Agent.tv C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940010.VBN Infected: Trojan.Win32.EliteBar.f C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E940012.VBN Infected: Trojan-Downloader.Win32.Small.bkr C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\10680000.VBN Infected: Trojan-Dropper.Win32.Agent.mu C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\2C340000.VBN Infected: Trojan-Clicker.Win32.VB.ij C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\2C340002.VBN Infected: Trojan-Clicker.Win32.VB.ij C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\94480000.VBN Infected: Trojan-Clicker.Win32.VB.ij C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\F8680000.VBN Infected: Trojan-Clicker.Win32.VB.ij C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011694.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011702.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011703.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011704.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011705.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011710.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011711.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011712.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011718.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011722.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011725.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011727.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011728.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011729.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011731.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0011734.exe Infected: Trojan-Downloader.Win32.PurityScan.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0012718.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0012723.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0012726.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0012728.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0012729.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0012730.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0012731.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0012734.exe Infected: Trojan-Downloader.Win32.VB.hw C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0012735.exe Infected: Trojan-Downloader.Win32.Agent.qg C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013718.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013722.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013724.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013727.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013728.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013729.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013731.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013734.exe Infected: Trojan-Downloader.Win32.VB.hw C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013735.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013747.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013755.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013757.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013758.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013759.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013761.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0013762.exe Infected: Trojan-Downloader.Win32.PurityScan.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0014747.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0014757.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0014759.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0014760.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0014761.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0014762.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0014763.exe Infected: Trojan-Downloader.Win32.PurityScan.as C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015747.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015755.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015759.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015760.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015761.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015763.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015764.exe Infected: Trojan-Downloader.Win32.Small.abd C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015765.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015768.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015773.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015780.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015781.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015782.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015783.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015787.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015789.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0015790.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0016773.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0016778.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0016780.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0016782.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0016784.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0016785.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0016786.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP108\A0016787.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0016800.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0016805.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0016807.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0016810.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0016811.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0016812.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0016813.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0016815.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0016821.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0016826.exe Infected: Trojan-Downloader.Win32.PurityScan.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017829.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017830.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017831.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017832.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017836.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017837.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017838.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017839.dll Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017840.dll Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017844.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017845.dll Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017848.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017849.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017854.dll Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017855.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017856.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017862.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017863.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017864.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017865.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017873.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017874.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017875.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017876.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017886.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017888.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017889.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017897.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017899.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017900.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017901.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017902.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017903.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0017905.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0019889.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0019895.exe Infected: Trojan-Downloader.Win32.Dyfuca.dp C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0019896.exe Infected: Trojan-Downloader.Win32.Dyfuca.dp C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0020049.exe Infected: Trojan-Downloader.Win32.Agent.lg C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0020055.exe Infected: Trojan-Downloader.Win32.PurityScan.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0020108.dll Infected: Trojan-Downloader.Win32.Agent.lg C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0020109.exe Infected: Trojan-Downloader.Win32.Agent.lg C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0020111.exe Infected: Trojan-Downloader.Win32.Agent.lg C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0020144.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0020145.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0020146.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0020147.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0020148.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0020153.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0021132.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0021137.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0021139.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0021141.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0021142.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0021143.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022152.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022156.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022157.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022158.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022159.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022161.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022163.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022168.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022177.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022180.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022182.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022183.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022184.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022193.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0022195.exe Infected: Trojan-Downloader.Win32.PurityScan.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0023168.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0023175.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0023177.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0023179.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0023180.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0023181.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0023191.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0023192.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0023193.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0023194.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0023195.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0023197.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0024189.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0024190.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0024192.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0024196.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0024197.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0024198.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0024200.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0025183.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0025189.exe Infected: Trojan-Downloader.Win32.PurityScan.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0025544.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0025546.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0025547.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0025548.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0025561.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0025562.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0025563.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0025565.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0025566.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0025568.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0026550.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0026555.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0026556.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0026558.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP109\A0026559.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP110\A0026563.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP110\A0026564.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP110\A0026571.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP110\A0026573.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP110\A0026581.exe Infected: Trojan-Downloader.Win32.PurityScan.as C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP110\A0026583.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP110\A0026584.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP110\A0026586.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP110\A0026591.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP110\A0026592.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP111\A0027577.exe Infected: Trojan-Downloader.Win32.Qoologic.al C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP111\A0027582.exe Infected: Trojan-Downloader.Win32.PurityScan.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP111\A0027723.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP111\A0027725.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP111\A0027726.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP111\A0027795.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP111\A0027796.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP111\A0027797.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP111\A0027840.exe Infected: Trojan-Downloader.Win32.PurityScan.as C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP111\A0027841.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP111\A0027843.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP111\A0027844.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP112\A0031839.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP112\A0031840.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP112\A0031841.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP112\A0031842.exe Infected: Trojan-Downloader.Win32.PurityScan.at C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP112\A0032169.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP112\A0032170.exe Infected: Trojan.Win32.Small.cy C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP112\A0032181.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP112\A0032182.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP112\A0032183.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP112\A0032189.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP112\A0032190.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP112\A0032191.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP113\A0032202.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP113\A0032203.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP113\A0032204.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP113\A0032241.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP113\A0032242.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP113\A0032243.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP113\A0032244.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP113\A0032345.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP113\A0032349.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP113\A0032350.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP113\A0032351.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP113\A0032352.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP114\A0032372.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP114\A0032373.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP114\A0032374.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP114\A0032375.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP115\A0032398.exe Infected: Trojan-Downloader.Win32.VB.hw C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP117\A0033372.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP117\A0033373.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP117\A0033374.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP117\A0033376.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP118\A0034372.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP118\A0034373.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP118\A0034374.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP118\A0034375.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP119\A0035372.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP119\A0035373.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP119\A0035374.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP119\A0035375.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0035414.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0035415.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0035416.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0035417.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0036415.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0036416.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0036417.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0036418.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0036439.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0036440.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0036441.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0036442.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0036447.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0036448.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0036449.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0036450.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0037447.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0037448.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0037449.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP120\A0037450.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP121\A0038447.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP121\A0038448.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP121\A0038449.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP121\A0038450.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP121\A0038460.exe Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP121\A0038461.dll Infected: Trojan-Downloader.Win32.Qoologic.ak C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP121\A0038463.dll Infected: Trojan-Downloader.Win32.Qoologic.ac C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP121\A0038467.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP121\A0038470.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP122\A0039468.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP122\A0039471.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP122\A0041466.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP122\A0041469.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP122\A0042466.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP122\A0042469.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP123\A0043466.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP123\A0043469.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP123\A0044466.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP123\A0044469.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP123\A0045466.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP123\A0045469.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP124\A0046466.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP124\A0046469.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP124\A0047466.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP124\A0047469.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP125\A0048466.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP125\A0048469.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP125\A0049468.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP125\A0049471.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP126\A0052484.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP126\A0052487.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP126\A0055480.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP126\A0055483.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP126\A0056480.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP126\A0056483.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP126\A0057480.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP126\A0057483.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP126\A0058480.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP126\A0058483.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP126\A0059480.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP126\A0059483.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP127\A0060482.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP127\A0061480.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP127\A0061483.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP127\A0062480.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP127\A0062483.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP128\A0063480.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP128\A0063483.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP128\A0064480.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP128\A0064483.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP129\A0065480.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP129\A0065483.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP129\A0066481.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP129\A0066484.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP131\A0066598.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP131\A0066601.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP131\A0066604.exe Infected: Trojan-Downloader.Win32.Small.abd C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP131\A0066605.exe Infected: Trojan.Win32.Small.cy C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP131\A0066607.exe Infected: Trojan-Downloader.Win32.Small.abd C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP131\A0066608.exe Infected: Trojan-Downloader.Win32.Agent.qg C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP131\A0066609.exe Infected: Trojan-Downloader.Win32.VB.jl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP131\A0066610.dll Infected: Trojan-Downloader.Win32.Qoologic.af C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP131\A0066611.exe Infected: Trojan-Downloader.Win32.VB.if C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP131\A0066624.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP131\A0066627.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP131\A0066631.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP132\A0068647.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP132\A0068650.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP132\A0068651.dll Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP132\A0068652.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP132\A0068653.dll Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0068793.dll Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0068794.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0068799.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0068802.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0068818.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0068821.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0071834.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0071844.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0071846.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0071847.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0071848.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0071852.exe Infected: Trojan-Downloader.Win32.Qoologic.ai C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0071855.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0071857.exe Infected: Trojan-Downloader.Win32.Agent.vp C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0071858.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0071859.exe Infected: Trojan-Dropper.Win32.Agent.hl C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0071860.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP133\A0071861.dll Infected: Trojan-Downloader.Win32.Qoologic.ae C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP134\A0074059.exe Infected: Trojan-Dropper.Win32.Small.qn C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP134\A0074067.exe/data0006 Infected: Backdoor.Win32.HacDef.bo C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP134\A0074067.exe Infected: Backdoor.Win32.HacDef.bo C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP134\A0074078.exe Infected: Trojan-Downloader.Win32.PurityScan.ax C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP134\A0074135.dll Infected: Trojan-Downloader.Win32.Qoologic.au C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP134\A0074148.exe Infected: Trojan-Downloader.Win32.VB.nw C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP134\A0074149.exe Infected: Trojan.Win32.Crypt.t C:\System Volume Information\_restore{3B43B4EA-890D-43D4-9072-5D5809248752}\RP134\A0074150.exe Infected: Trojan.Win32.Crypt.t Scan process completed. Hijackthis! Analyzer Log: ========================================================= Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 5:09:37 AM, on 11/23/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Sharp\Sharpdesk\SharpTray.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.* O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe" O4 - HKLM\..\Run: [TypeRegChecker] "C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe" O4 - HKLM\..\Run: [FtpServer.exe] "C:\Program Files\Sharp\Sharpdesk\FtpServer.exe" -usedefault O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FB0A501F-0F2C-4C44-BD1A-AD375533DBD4}: NameServer = 192.168.1.1 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe End of KRC HijackThis Analyzer Log. ======================================================= |
|
|
|
|
11-28-2005, 11:38 AM
|
#13 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP
|
If you have not done so already please follow
Symantec’s Guide to clean out your Norton quarantine. If you already followed this procedure, please browse to this folder: C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine And delete all files inside. You may also delete all files inside C:\!Submit. These are backups crated by Killbox and are no longer necessary. Other than that your log appears to be clean. If you still have any problems let me know and we will work on diagnosing those through other means. If not, there are just a few more things to go through to finish this off and help prevent future infections. Please post one more time even if you have no problems so we can mark this thread as resolved. Disabling the Viewing of Hidden and System Files
Setting a new Restore Point Go to Start >> Run - type control sysdm.cpl,,4 & press Enter.
Windows Update Make sure to get the latest updates for Windows and Internet Explorer at Microsoft Update Site. Prevention A good virus scanner is a necessity in today's computer environment. Many virus scanners include active components that protect you from infection without even running a scan. Some good free antivirus programs include: AVG Free Avast! Home Edition (Antivirus & Firewall) AntiVir A firewall is the first line of defense standing between the internet and your computer. Some good free firewalls are: Zone Alarm Outpost Tiny Personal Firewall Avast! Home Edition (Antivirus & Firewall) Adaware SE and Spybot SD are a pair of anti-spyware scanners that should be run every week or two. Although there is some overlap there are many pieces of malware that is caught by one of these and not the other, therefore it is recommended you use both to compliment each other. Spybot also contains two other useful pieces. The first is "Immunize", this helps protect your computer against known exploits. The second is "TeaTimer", with this feature enabled you will receive notifications of all changes to the registry such as programs adding themselves to start-up and you default search page being changed. Spyware Blaster is a powerful tool that prevents "drive-by" downloads and other unwanted installations. It also uses no system resources, run it once and you're all set. Spyware Guard Is a realtime protection engine to guard your computer from spyware. This program does for spyware what an antivirus program does for viruses. IE-Spyad is a program that only needs to be run once to protect you from many malicious sites. It adds domains of known adware companies into the Restricted List of Internet Explorer, preventing them from performing malicious actions on your PC. The MVPS HOSTS file is a file you can download and use to replace your regular hosts file. It prevents many sites from performing malicious actions by blocking the sites from ever being accessed. Together these programs form a powerful barrier between the Internet and your computer. However, all the programs stand alone and feel free to eliminate any you are not comfortable with. Any protection you add to your PC is better than no protection at all. Alternative Programs Here are some alternatives that are either less suceptible than others to malware or don't contain malware where similar programs do. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) Desktop Weather - Free taskbar weather program that is free, malware free, and resource light. Firefox - This is an increasingly popular alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness. Sun's Java - It's much more secure than Microsoft's Java Virtual Machine. |
|
|
|
|
11-28-2005, 12:45 PM
|
#14 (permalink) |
|
Registered User
Join Date: Nov 2005
Posts: 13
OS: Win XP
|
Still getting a few popups
Thank you, I am not getting nearly as many popups as i was before, but I still am. I ran a Spybot-S&D and it couldnt fix 4 problems. It said to run again at restart but it still couldnt fix it.
Here is what it found: Adware.Webext: Root class (Registry key, fixing failed) HKEY_LOCAL_MACHINE\Software\Classes\BHO.Adware Adware.Webext: Root class (Registry key, fixing failed) HKEY_LOCAL_MACHINE\Software\Classes\BHO.Adware1 Adware.Webext: Root class (Registry key, fixing failed) HKEY_LOCAL_MACHINE\Software\Classes\BHO.Hider Adware.Webext: Root class (Registry key, fixing failed) HKEY_LOCAL_MACHINE\Software\Classes\BHO.Hider1 Do you know how I could get rid of them? |
|
|
|
|
11-28-2005, 03:13 PM
|
#15 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP
|
Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.
Downloads(make sure to save these in a permanent location) AproposFix- Save it to your desktop but do NOT run it yet. Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears). Tools Double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts. Open HijackThis, click Config, then click Misc Tools. Click "Open Uninstall Manager" Click "Save List" (generates uninstall_list.txt) Click Save, copy and paste the results in your next post. Reboot your system in Normal Mode. Online Scans Perform an online scan with Internet Explorer with Panda ActiveScan ** click on "Free use ActiveScan" located on the top right hand corner
*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. *Turn off the real time scanner of any existing antivirus program while performing the online scan In your next post please include:
|
|
|
|
|
11-28-2005, 04:06 PM
|
#16 (permalink) |
|
Registered User
Join Date: Nov 2005
Posts: 13
OS: Win XP
|
New Logs
Uninstall List:
Ad-Aware SE Personal Adobe Reader 7.0 Business Contact Manager for Outlook 2003 CleanUp! Communication Manager eFax Messenger 4.0 ewido security suite HijackThis 1.99.1 Intel(R) PRO Network Adapters and Drivers Kaspersky On-line Scanner Lavasoft VX2 Cleaner LiveReg (Symantec Corporation) LiveUpdate 2.0 (Symantec Corporation) Macromedia Flash Player 8 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft MapPoint North America 2004 Microsoft Office Live Meeting 2005 Microsoft Office Small Business Edition 2003 MSN Messenger 7.5 Office 2003 Setup Files Panda ActiveScan Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899589) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) SHARP AR-M230/M270 Series PCL/PS Printer Driver Sharpdesk Spybot - Search & Destroy 1.4 Symantec AntiVirus Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows Media Player 10 Windows Overlay Components Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893086 Log.txt from the aproposfix folder: Log of AproposFix v1 ************ Running from directory: C:\Documents and Settings\pkell\Desktop\aproposfix ************ Registry entries found: [HKEY_LOCAL_MACHINE\Software\C5iesAF5cWpm] @="125ARPCabbabbcb:ARHPNabbaqdb6w\\r.62bSYSTEMhgbDRIVERSbFSVFSVGAcSYS" "Device"="\\\\.\\Parhpn" "DriverPath"="C:\\WINDOWS\\system32\\drivers\\fsvfsvga.sys" "DriverName"="RSVarpc" "HideUninstallerName"="C:\\Program Files\\Scager 4\\rdoembed.exe" "HDll"="C:\\WINDOWS\\system32\\vb2input.dll" "ServerAddress"="adchannel.contextplus.net" "LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html" "PartnerId"="CP.SAV2" "InstallationId"="{X1c6ff1f-7d12-63f7-8731-8645f5ce2166}" "PageFiltering"=dword:00000001 "ClientName"="C:\\Program Files\\Scager 4\\loalbiop.exe" "AutoUpdater"="C:\\WINDOWS\\system32\\paqneth.exe" "Version"="2.0.131" "CrMnTmt"=dword:0036ee80 ************ Removing hidden service: Service RSVarpc removed. Removing hidden folder: Deleting files: Deletion of file C:\WINDOWS\system32\drivers\fsvfsvga.sys succeeded! Deletion of file C:\WINDOWS\system32\paqneth.exe succeeded! Deletion of file C:\WINDOWS\system32\vb2input.dll succeeded! Backing up files: Done! Removing registry entries: REGEDIT4 [-HKEY_CURRENT_USER\Software\C5iesAF5cWpm] [-HKEY_LOCAL_MACHINE\Software\C5iesAF5cWpm] Done! Finished! Panda Active Scan did not return any malware. Hijackthis Analyzer log: ==================================================================== Log was analyzed using KRC HijackThis Analyzer - Updated on 9/28/05 Get updates at http://www.greyknight17.com/download.htm#programs ***Security Programs Detected*** C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of HijackThis v1.99.1 Scan saved at 4:03:39 PM, on 11/28/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe C:\Program Files\Sharp\Sharpdesk\SharpTray.exe C:\Program Files\Sharp\Sharpdesk\FtpServer.exe C:\Program Files\Sharp\Sharpdesk\nsapp.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 192.168.1.* O4 - HKLM\..\Run: [SharpTray] "C:\Program Files\Sharp\Sharpdesk\SharpTray.exe" O4 - HKLM\..\Run: [TypeRegChecker] "C:\Program Files\Sharp\Sharpdesk\TypeRegChecker.exe" O4 - HKLM\..\Run: [FtpServer.exe] "C:\Program Files\Sharp\Sharpdesk\FtpServer.exe" -usedefault O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FB0A501F-0F2C-4C44-BD1A-AD375533DBD4}: NameServer = 192.168.1.1 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Protocol: sds - {79E0F14C-9C52-4218-89A7-7C4B0563D121} - C:\Program Files\Sharp\Sharpdesk\ExplorerExtensions.dll O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe End of KRC HijackThis Analyzer Log. ==================================================================== |
|
|
|
|
11-29-2005, 09:45 AM
|
#19 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP
|
Those entries belong to some mlaware we have already taken out, but if you would like to delete them try this:
Click Start->Run->Then Type "regedit" Click File->Export and save a copy of your registry somewhere just in case Then navigate to and delete the entries listed in Red: HKEY_LOCAL_MACHINE\Software\Classes\BHO.Adware HKEY_LOCAL_MACHINE\Software\Classes\BHO.Adware1 HKEY_LOCAL_MACHINE\Software\Classes\BHO.Hider HKEY_LOCAL_MACHINE\Software\Classes\BHO.Hider1 If any of the above registry keys are giving you problems deleting, right click on them and click on Permissions. Then click on the Advanced button. Make sure the first box (Inherit from parent...) is checked. Click OK and OK. Then try deleting the entry again. Once you're done, close the Registry Editor. |
|
|
|
| Thread Tools | |
|
|
