Sign In
Create Account
1
I've recently been infected with the Security Tool virus, and I can't get rid of it. It has turned my desktop black, and I can't fix it. I have tried to install Process Explorer to disable it, and this works, but my desktop does not return like it says it should.
The main problem is that Malwarebytes does not install. It tells me that it cannot find the specified files, and the one time I got the program to install and start up, it vanished as soon as I pressed the 'Scan' button. I don't understand why it will not run or install properly.
Please help?
-
This topic is locked
Back to top
#2
Posted 16 October 2009 - 11:37 PM
-
- Moderators
-
- 6,031 posts
Forum Deity
Please visit this webpage for instructions for downloading and running ComboFix:
http://www.bleepingc...to-use-combofix
Post the log from ComboFix when you've accomplished that.
http://www.bleepingc...to-use-combofix
Post the log from ComboFix when you've accomplished that.
#3
Posted 17 October 2009 - 12:26 AM
-
- Members
-
- 17 posts
New Member
- Gender:Female
ComboFix 09-10-16.06 - Becky 10/16/2009 19:05.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.170 [GMT -5:00]
Running from: c:\documents and settings\Becky\My Documents\Downloads\ComboFix.exe
AV: Trend Micro AntiVirus *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\04071820
c:\documents and settings\All Users\Application Data\04071820\04071820.bat
c:\documents and settings\All Users\Application Data\04071820\04071820.exe
c:\documents and settings\All Users\Application Data\19586029
c:\documents and settings\All Users\Application Data\19586029\19586029.exe
c:\documents and settings\All Users\Application Data\31626826
c:\documents and settings\All Users\Application Data\31626826\31626826.exe
c:\documents and settings\All Users\Application Data\54830727
c:\documents and settings\All Users\Application Data\54830727\54830727.exe
c:\documents and settings\All Users\Application Data\61402821
c:\documents and settings\All Users\Application Data\61402821\61402821.bat
c:\documents and settings\All Users\Application Data\61402821\61402821.exe
c:\documents and settings\All Users\Application Data\96650026
c:\documents and settings\All Users\Application Data\96650026\96650026.exe
c:\documents and settings\Becky\Desktop\Security Tool.lnk
c:\documents and settings\Becky\My Documents\explorer.exe
c:\documents and settings\Becky\Start Menu\Programs\Security Tool.lnk
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\windows\svchast.exe
c:\windows\system32\ahjwpqft.ini
c:\windows\system32\aphhhihp.ini
c:\windows\system32\besmuymu.ini
c:\windows\system32\beziseno.dll
c:\windows\system32\bincd32.dat
c:\windows\system32\birokone.dll
c:\windows\system32\cbadd.bak2
c:\windows\system32\cbadd.ini
c:\windows\system32\cwgqoplk.ini
c:\windows\system32\dgxrdehq.ini
c:\windows\system32\dimoburi.dll
c:\windows\system32\dxyeeusr.ini
c:\windows\system32\eajxrcgs.ini
c:\windows\system32\exekkdri.ini
c:\windows\system32\fanqppdx.ini
c:\windows\system32\fbkmjlid.ini
c:\windows\system32\feluniko.dll
c:\windows\system32\fevubitu.dll
c:\windows\system32\fhfcrxtl.ini
c:\windows\system32\gcjyrcro.ini
c:\windows\system32\gfoucleh.ini
c:\windows\system32\ghkmp.ini
c:\windows\system32\gidajari.dll
c:\windows\system32\grmefdwt.ini
c:\windows\system32\iaryyoou.ini
c:\windows\system32\isapiyqq.ini
c:\windows\system32\jobobuwi.dll
c:\windows\system32\jojubasa.exe
c:\windows\system32\kdhkfcfi.ini
c:\windows\system32\kgexbbou.ini
c:\windows\system32\khdoriwt.ini
c:\windows\system32\lliekdta.ini
c:\windows\system32\llrlpbjv.ini
c:\windows\system32\lohinher.ini
c:\windows\system32\losorede.exe
c:\windows\system32\lsgmsqmc.ini
c:\windows\system32\mevkyenl.ini
c:\windows\system32\mhjetfiy.ini
c:\windows\system32\mymnpjbp.ini
c:\windows\system32\nilokuke.dll
c:\windows\system32\ojgsqjal.ini
c:\windows\system32\onnotupq.ini
c:\windows\system32\onnykcti.ini
c:\windows\system32\oqtwa.ini
c:\windows\system32\pgdoaggr.ini
c:\windows\system32\popiwoba.dll
c:\windows\system32\ptrmetes.ini
c:\windows\system32\pump.exe
c:\windows\system32\qcaegxxc.ini
c:\windows\system32\qcoytylt.ini
c:\windows\system32\qiagxiie.ini
c:\windows\system32\qsvtunvo.ini
c:\windows\system32\rafomife.dll
c:\windows\system32\rqtwa.ini
c:\windows\system32\ruzunife.dll
c:\windows\system32\schtml
c:\windows\system32\schtml\dbsinit.exe
c:\windows\system32\schtml\images\i1.gif
c:\windows\system32\schtml\images\i2.gif
c:\windows\system32\schtml\images\i3.gif
c:\windows\system32\schtml\images\j1.gif
c:\windows\system32\schtml\images\j2.gif
c:\windows\system32\schtml\images\j3.gif
c:\windows\system32\schtml\images\jj1.gif
c:\windows\system32\schtml\images\jj2.gif
c:\windows\system32\schtml\images\jj3.gif
c:\windows\system32\schtml\images\l1.gif
c:\windows\system32\schtml\images\l2.gif
c:\windows\system32\schtml\images\l3.gif
c:\windows\system32\schtml\images\pix.gif
c:\windows\system32\schtml\images\t1.gif
c:\windows\system32\schtml\images\t2.gif
c:\windows\system32\schtml\images\up1.gif
c:\windows\system32\schtml\images\up2.gif
c:\windows\system32\schtml\images\w1.gif
c:\windows\system32\schtml\images\w11.gif
c:\windows\system32\schtml\images\w2.gif
c:\windows\system32\schtml\images\w3.gif
c:\windows\system32\schtml\images\w3.jpg
c:\windows\system32\schtml\images\wt1.gif
c:\windows\system32\schtml\images\wt2.gif
c:\windows\system32\schtml\images\wt3.gif
c:\windows\system32\schtml\wispex.html
c:\windows\system32\sgimybxh.ini
c:\windows\system32\sinodisi.dll
c:\windows\system32\sisifeme.exe
c:\windows\system32\sonudodu.exe
c:\windows\system32\srutv.ini
c:\windows\system32\ssvsyhjx.ini
c:\windows\system32\sunezihe.dll
c:\windows\system32\taxxwvvj.ini
c:\windows\system32\tinonere.dll
c:\windows\system32\tjwnnqdc.ini
c:\windows\system32\toraheke.dll
c:\windows\system32\tugojogu.dll
c:\windows\system32\tukideka.exe
c:\windows\system32\uiextdkl.ini
c:\windows\system32\ulbcsglf.ini
c:\windows\system32\urribxru.ini
c:\windows\system32\utkmewsv.ini
c:\windows\system32\vcrnedtr.ini
c:\windows\system32\volosejo.dll
c:\windows\system32\vovrthkd.ini
c:\windows\system32\wfilirfs.ini
c:\windows\system32\wpxdgwfs.ini
c:\windows\system32\wvsvbjsp.ini
c:\windows\system32\xwbvbqap.ini
c:\windows\system32\xxjwecqt.ini
c:\windows\system32\ybqstskn.ini
c:\windows\system32\yejedufi.dll
c:\windows\system32\yregyqax.ini
c:\windows\wf3.dat
c:\windows\wf4.dat
Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :^)
.
((((((((((((((((((((((((( Files Created from 2009-09-17 to 2009-10-17 )))))))))))))))))))))))))))))))
.
2009-10-16 21:45 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-16 21:45 . 2009-10-16 22:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-16 21:45 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-13 07:10 . 2009-10-13 07:10 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-07 01:10 . 2008-06-07 01:49 118272 ----a-w- c:\windows\system32\hpz3l692.dll
2009-10-07 01:10 . 2008-04-16 04:05 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-10-07 01:09 . 2008-04-16 04:05 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-10-07 01:09 . 2008-04-16 04:05 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2009-10-07 01:09 . 2008-02-28 10:08 303104 ----a-r- c:\windows\system32\hposc_p01a.dll
2009-10-07 01:09 . 2008-04-16 04:05 974848 ----a-r- c:\windows\system32\hpost_p01a.dll
2009-10-07 01:09 . 2008-04-16 04:05 729088 ----a-r- c:\windows\system32\hposwia_p01a.dll
2009-10-06 22:22 . 2009-10-06 22:22 -------- d-----w- c:\documents and settings\Becky\Application Data\Malwarebytes
2009-10-06 22:21 . 2009-10-16 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-03 23:46 . 2009-10-03 23:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-03 07:12 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-10-03 07:12 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-10-03 07:12 . 2009-06-25 08:25 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-10-03 07:12 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-15 22:43 . 2007-04-29 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-07 01:13 . 2006-11-17 21:18 -------- d-----w- c:\program files\HP
2009-10-03 07:10 . 2009-09-14 22:23 -------- d-----w- c:\documents and settings\Becky\Application Data\FrostWire
2009-09-14 22:22 . 2009-09-14 22:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-14 22:21 . 2006-11-17 21:34 -------- d-----w- c:\program files\Java
2009-08-07 00:24 . 2006-11-16 01:32 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2006-11-16 01:32 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2006-11-16 01:32 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2005-05-26 12:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2006-11-16 01:32 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-04 20:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2006-11-16 01:32 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2006-11-16 01:32 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-04 20:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-12 17:12 . 2009-07-12 17:12 51200 --sha-w- c:\windows\system32\bebuviza.dll
2009-07-15 17:11 . 2009-07-15 17:11 1113643 --sha-w- c:\windows\system32\fanenoto.exe
2009-07-12 17:13 . 2009-07-12 17:13 51200 --sha-w- c:\windows\system32\fegufula.dll.tmp
2009-07-12 17:13 . 2009-07-12 17:13 51200 --sha-w- c:\windows\system32\lohulatu.dll.tmp
2009-07-16 05:11 . 2009-07-16 05:11 1114427 --sha-w- c:\windows\system32\nowuvaku.exe
2009-07-12 17:13 . 2009-07-12 17:13 51200 --sha-w- c:\windows\system32\wesokaru.dll.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 188416]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-26 1398024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-14 149280]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Becky\\Desktop\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Apoint2K\\ApntEx.exe"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security\\SfCtlCom.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security\\TmProxy.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\HP\\QuickPlay\\QPService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/30/2008 6:19 AM 52240]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2/16/2008 12:34 AM 36368]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [3/30/2008 6:20 AM 648456]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
2009-08-26 c:\windows\Tasks\HP DArC Task 2003-04-08 07:12ewlett-Packard77002003-04-08 16:45Y37N130MXD7.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-04-08 16:45]
2009-10-16 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2007-08-26 13:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\t8wz0iij.default\
FF - plugin: c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\t8wz0iij.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
.
- - - - ORPHANS REMOVED - - - -
BHO-{a22e19e8-5f35-49a9-96ce-858bb4a9c430} - beziseno.dll
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-04071820 - c:\documents and settings\All Users\Application Data\04071820\04071820.exe
HKLM-Run-61402821 - c:\documents and settings\All Users\Application Data\61402821\61402821.exe
HKLM-Run-31626826 - c:\docume~1\ALLUSE~1\APPLIC~1\31626826\31626826.exe
HKLM-Run-19586029 - c:\docume~1\ALLUSE~1\APPLIC~1\19586029\19586029.exe
HKLM-Run-zekenegul - c:\windows\system32\ruzunife.dll
HKLM-Run-54830727 - c:\docume~1\ALLUSE~1\APPLIC~1\54830727\54830727.exe
HKLM-Run-wahaguwele - jobobuwi.dll
SharedTaskScheduler-{c5599114-0ad4-440c-9172-e1aed263923f} - c:\windows\system32\raziwanu.dll
SharedTaskScheduler-{eed1d2df-8ae3-40bf-a9b3-9dc1b8b59a14} - c:\windows\system32\ruzunife.dll
SSODL-rizizenih-{c5599114-0ad4-440c-9172-e1aed263923f} - c:\windows\system32\raziwanu.dll
SSODL-sasegiluz-{eed1d2df-8ae3-40bf-a9b3-9dc1b8b59a14} - c:\windows\system32\ruzunife.dll
Notify-ddcAtrQH - ddcAtrQH.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-16 19:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2092)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-10-17 19:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-17 00:22
Pre-Run: 64,089,350,144 bytes free
Post-Run: 64,035,418,112 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
317 --- E O F --- 2009-10-09 19:11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.170 [GMT -5:00]
Running from: c:\documents and settings\Becky\My Documents\Downloads\ComboFix.exe
AV: Trend Micro AntiVirus *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\04071820
c:\documents and settings\All Users\Application Data\04071820\04071820.bat
c:\documents and settings\All Users\Application Data\04071820\04071820.exe
c:\documents and settings\All Users\Application Data\19586029
c:\documents and settings\All Users\Application Data\19586029\19586029.exe
c:\documents and settings\All Users\Application Data\31626826
c:\documents and settings\All Users\Application Data\31626826\31626826.exe
c:\documents and settings\All Users\Application Data\54830727
c:\documents and settings\All Users\Application Data\54830727\54830727.exe
c:\documents and settings\All Users\Application Data\61402821
c:\documents and settings\All Users\Application Data\61402821\61402821.bat
c:\documents and settings\All Users\Application Data\61402821\61402821.exe
c:\documents and settings\All Users\Application Data\96650026
c:\documents and settings\All Users\Application Data\96650026\96650026.exe
c:\documents and settings\Becky\Desktop\Security Tool.lnk
c:\documents and settings\Becky\My Documents\explorer.exe
c:\documents and settings\Becky\Start Menu\Programs\Security Tool.lnk
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\windows\svchast.exe
c:\windows\system32\ahjwpqft.ini
c:\windows\system32\aphhhihp.ini
c:\windows\system32\besmuymu.ini
c:\windows\system32\beziseno.dll
c:\windows\system32\bincd32.dat
c:\windows\system32\birokone.dll
c:\windows\system32\cbadd.bak2
c:\windows\system32\cbadd.ini
c:\windows\system32\cwgqoplk.ini
c:\windows\system32\dgxrdehq.ini
c:\windows\system32\dimoburi.dll
c:\windows\system32\dxyeeusr.ini
c:\windows\system32\eajxrcgs.ini
c:\windows\system32\exekkdri.ini
c:\windows\system32\fanqppdx.ini
c:\windows\system32\fbkmjlid.ini
c:\windows\system32\feluniko.dll
c:\windows\system32\fevubitu.dll
c:\windows\system32\fhfcrxtl.ini
c:\windows\system32\gcjyrcro.ini
c:\windows\system32\gfoucleh.ini
c:\windows\system32\ghkmp.ini
c:\windows\system32\gidajari.dll
c:\windows\system32\grmefdwt.ini
c:\windows\system32\iaryyoou.ini
c:\windows\system32\isapiyqq.ini
c:\windows\system32\jobobuwi.dll
c:\windows\system32\jojubasa.exe
c:\windows\system32\kdhkfcfi.ini
c:\windows\system32\kgexbbou.ini
c:\windows\system32\khdoriwt.ini
c:\windows\system32\lliekdta.ini
c:\windows\system32\llrlpbjv.ini
c:\windows\system32\lohinher.ini
c:\windows\system32\losorede.exe
c:\windows\system32\lsgmsqmc.ini
c:\windows\system32\mevkyenl.ini
c:\windows\system32\mhjetfiy.ini
c:\windows\system32\mymnpjbp.ini
c:\windows\system32\nilokuke.dll
c:\windows\system32\ojgsqjal.ini
c:\windows\system32\onnotupq.ini
c:\windows\system32\onnykcti.ini
c:\windows\system32\oqtwa.ini
c:\windows\system32\pgdoaggr.ini
c:\windows\system32\popiwoba.dll
c:\windows\system32\ptrmetes.ini
c:\windows\system32\pump.exe
c:\windows\system32\qcaegxxc.ini
c:\windows\system32\qcoytylt.ini
c:\windows\system32\qiagxiie.ini
c:\windows\system32\qsvtunvo.ini
c:\windows\system32\rafomife.dll
c:\windows\system32\rqtwa.ini
c:\windows\system32\ruzunife.dll
c:\windows\system32\schtml
c:\windows\system32\schtml\dbsinit.exe
c:\windows\system32\schtml\images\i1.gif
c:\windows\system32\schtml\images\i2.gif
c:\windows\system32\schtml\images\i3.gif
c:\windows\system32\schtml\images\j1.gif
c:\windows\system32\schtml\images\j2.gif
c:\windows\system32\schtml\images\j3.gif
c:\windows\system32\schtml\images\jj1.gif
c:\windows\system32\schtml\images\jj2.gif
c:\windows\system32\schtml\images\jj3.gif
c:\windows\system32\schtml\images\l1.gif
c:\windows\system32\schtml\images\l2.gif
c:\windows\system32\schtml\images\l3.gif
c:\windows\system32\schtml\images\pix.gif
c:\windows\system32\schtml\images\t1.gif
c:\windows\system32\schtml\images\t2.gif
c:\windows\system32\schtml\images\up1.gif
c:\windows\system32\schtml\images\up2.gif
c:\windows\system32\schtml\images\w1.gif
c:\windows\system32\schtml\images\w11.gif
c:\windows\system32\schtml\images\w2.gif
c:\windows\system32\schtml\images\w3.gif
c:\windows\system32\schtml\images\w3.jpg
c:\windows\system32\schtml\images\wt1.gif
c:\windows\system32\schtml\images\wt2.gif
c:\windows\system32\schtml\images\wt3.gif
c:\windows\system32\schtml\wispex.html
c:\windows\system32\sgimybxh.ini
c:\windows\system32\sinodisi.dll
c:\windows\system32\sisifeme.exe
c:\windows\system32\sonudodu.exe
c:\windows\system32\srutv.ini
c:\windows\system32\ssvsyhjx.ini
c:\windows\system32\sunezihe.dll
c:\windows\system32\taxxwvvj.ini
c:\windows\system32\tinonere.dll
c:\windows\system32\tjwnnqdc.ini
c:\windows\system32\toraheke.dll
c:\windows\system32\tugojogu.dll
c:\windows\system32\tukideka.exe
c:\windows\system32\uiextdkl.ini
c:\windows\system32\ulbcsglf.ini
c:\windows\system32\urribxru.ini
c:\windows\system32\utkmewsv.ini
c:\windows\system32\vcrnedtr.ini
c:\windows\system32\volosejo.dll
c:\windows\system32\vovrthkd.ini
c:\windows\system32\wfilirfs.ini
c:\windows\system32\wpxdgwfs.ini
c:\windows\system32\wvsvbjsp.ini
c:\windows\system32\xwbvbqap.ini
c:\windows\system32\xxjwecqt.ini
c:\windows\system32\ybqstskn.ini
c:\windows\system32\yejedufi.dll
c:\windows\system32\yregyqax.ini
c:\windows\wf3.dat
c:\windows\wf4.dat
Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :^)
.
((((((((((((((((((((((((( Files Created from 2009-09-17 to 2009-10-17 )))))))))))))))))))))))))))))))
.
2009-10-16 21:45 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-16 21:45 . 2009-10-16 22:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-16 21:45 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-13 07:10 . 2009-10-13 07:10 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-07 01:10 . 2008-06-07 01:49 118272 ----a-w- c:\windows\system32\hpz3l692.dll
2009-10-07 01:10 . 2008-04-16 04:05 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-10-07 01:09 . 2008-04-16 04:05 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-10-07 01:09 . 2008-04-16 04:05 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2009-10-07 01:09 . 2008-02-28 10:08 303104 ----a-r- c:\windows\system32\hposc_p01a.dll
2009-10-07 01:09 . 2008-04-16 04:05 974848 ----a-r- c:\windows\system32\hpost_p01a.dll
2009-10-07 01:09 . 2008-04-16 04:05 729088 ----a-r- c:\windows\system32\hposwia_p01a.dll
2009-10-06 22:22 . 2009-10-06 22:22 -------- d-----w- c:\documents and settings\Becky\Application Data\Malwarebytes
2009-10-06 22:21 . 2009-10-16 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-03 23:46 . 2009-10-03 23:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-03 07:12 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-10-03 07:12 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-10-03 07:12 . 2009-06-25 08:25 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-10-03 07:12 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-15 22:43 . 2007-04-29 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-07 01:13 . 2006-11-17 21:18 -------- d-----w- c:\program files\HP
2009-10-03 07:10 . 2009-09-14 22:23 -------- d-----w- c:\documents and settings\Becky\Application Data\FrostWire
2009-09-14 22:22 . 2009-09-14 22:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-14 22:21 . 2006-11-17 21:34 -------- d-----w- c:\program files\Java
2009-08-07 00:24 . 2006-11-16 01:32 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2006-11-16 01:32 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2006-11-16 01:32 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2005-05-26 12:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2006-11-16 01:32 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-04 20:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2006-11-16 01:32 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2006-11-16 01:32 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-04 20:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-12 17:12 . 2009-07-12 17:12 51200 --sha-w- c:\windows\system32\bebuviza.dll
2009-07-15 17:11 . 2009-07-15 17:11 1113643 --sha-w- c:\windows\system32\fanenoto.exe
2009-07-12 17:13 . 2009-07-12 17:13 51200 --sha-w- c:\windows\system32\fegufula.dll.tmp
2009-07-12 17:13 . 2009-07-12 17:13 51200 --sha-w- c:\windows\system32\lohulatu.dll.tmp
2009-07-16 05:11 . 2009-07-16 05:11 1114427 --sha-w- c:\windows\system32\nowuvaku.exe
2009-07-12 17:13 . 2009-07-12 17:13 51200 --sha-w- c:\windows\system32\wesokaru.dll.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 188416]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-26 1398024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-14 149280]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Becky\\Desktop\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Apoint2K\\ApntEx.exe"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security\\SfCtlCom.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security\\TmProxy.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\HP\\QuickPlay\\QPService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/30/2008 6:19 AM 52240]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2/16/2008 12:34 AM 36368]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [3/30/2008 6:20 AM 648456]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
2009-08-26 c:\windows\Tasks\HP DArC Task 2003-04-08 07:12ewlett-Packard77002003-04-08 16:45Y37N130MXD7.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-04-08 16:45]
2009-10-16 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2007-08-26 13:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\t8wz0iij.default\
FF - plugin: c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\t8wz0iij.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
.
- - - - ORPHANS REMOVED - - - -
BHO-{a22e19e8-5f35-49a9-96ce-858bb4a9c430} - beziseno.dll
HKLM-Run-Malwarebytes Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe
HKLM-Run-04071820 - c:\documents and settings\All Users\Application Data\04071820\04071820.exe
HKLM-Run-61402821 - c:\documents and settings\All Users\Application Data\61402821\61402821.exe
HKLM-Run-31626826 - c:\docume~1\ALLUSE~1\APPLIC~1\31626826\31626826.exe
HKLM-Run-19586029 - c:\docume~1\ALLUSE~1\APPLIC~1\19586029\19586029.exe
HKLM-Run-zekenegul - c:\windows\system32\ruzunife.dll
HKLM-Run-54830727 - c:\docume~1\ALLUSE~1\APPLIC~1\54830727\54830727.exe
HKLM-Run-wahaguwele - jobobuwi.dll
SharedTaskScheduler-{c5599114-0ad4-440c-9172-e1aed263923f} - c:\windows\system32\raziwanu.dll
SharedTaskScheduler-{eed1d2df-8ae3-40bf-a9b3-9dc1b8b59a14} - c:\windows\system32\ruzunife.dll
SSODL-rizizenih-{c5599114-0ad4-440c-9172-e1aed263923f} - c:\windows\system32\raziwanu.dll
SSODL-sasegiluz-{eed1d2df-8ae3-40bf-a9b3-9dc1b8b59a14} - c:\windows\system32\ruzunife.dll
Notify-ddcAtrQH - ddcAtrQH.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-16 19:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2092)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-10-17 19:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-17 00:22
Pre-Run: 64,089,350,144 bytes free
Post-Run: 64,035,418,112 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
317 --- E O F --- 2009-10-09 19:11
#4
Posted 17 October 2009 - 12:33 AM
-
- Moderators
-
- 6,031 posts
Forum Deity
Open NOTEPAD and copy/paste the text in the quotebox below into it:
Save this as "CFScript"
Referring to the picture above, drag CFScript.txt into ComboFix.exe
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
Additonally, ComboFix will generate a zipped file at C:\Qoobox\Quarantine\[4]Submit@Date_Time.zip
Before proceeding to the next step, please submit this file to http://www.bleepingc...e.php?channel=4
---------------
You should be able to install MalwareByte's Anti Malware after this.
Do a 'Quick Scan' with MBAM and show me the log it produces.
---------------
In your next post, please include fresh logs from:
COLLECT:: c:\windows\system32\bebuviza.dll c:\windows\system32\fanenoto.exe c:\windows\system32\fegufula.dll.tmp c:\windows\system32\lohulatu.dll.tmp c:\windows\system32\nowuvaku.exe c:\windows\system32\wesokaru.dll.tmp REGISTY:: [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\spoolsv.exe"=-
Save this as "CFScript"
Referring to the picture above, drag CFScript.txt into ComboFix.exe
When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.
Additonally, ComboFix will generate a zipped file at C:\Qoobox\Quarantine\[4]Submit@Date_Time.zip
Before proceeding to the next step, please submit this file to http://www.bleepingc...e.php?channel=4
---------------
You should be able to install MalwareByte's Anti Malware after this.
Do a 'Quick Scan' with MBAM and show me the log it produces.
---------------
In your next post, please include fresh logs from:
- Online scan
- ComboFix's log
#5
Posted 17 October 2009 - 01:02 AM
-
- Members
-
- 17 posts
New Member
- Gender:Female
This is the next scan you told me give you. I'm going to try to install Malwarebyts again.
ComboFix 09-10-16.06 - Becky 10/16/2009 19:40.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.184 [GMT -5:00]
Running from: c:\documents and settings\Becky\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Becky\Desktop\CFScript.txt
AV: Trend Micro AntiVirus *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
file zipped: c:\windows\system32\bebuviza.dll
file zipped: c:\windows\system32\fanenoto.exe
file zipped: c:\windows\system32\fegufula.dll.tmp
file zipped: c:\windows\system32\lohulatu.dll.tmp
file zipped: c:\windows\system32\nowuvaku.exe
file zipped: c:\windows\system32\wesokaru.dll.tmp
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\bebuviza.dll
c:\windows\system32\fanenoto.exe
c:\windows\system32\fegufula.dll.tmp
c:\windows\system32\lohulatu.dll.tmp
c:\windows\system32\nowuvaku.exe
c:\windows\system32\wesokaru.dll.tmp
.
((((((((((((((((((((((((( Files Created from 2009-09-17 to 2009-10-17 )))))))))))))))))))))))))))))))
.
2009-10-17 00:25 . 2009-10-17 00:25 -------- d-----w- c:\windows\LastGood
2009-10-16 21:45 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-16 21:45 . 2009-10-16 22:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-16 21:45 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-13 07:10 . 2009-10-13 07:10 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-07 01:10 . 2008-06-07 01:49 118272 ----a-w- c:\windows\system32\hpz3l692.dll
2009-10-07 01:10 . 2008-04-16 04:05 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-10-07 01:09 . 2008-04-16 04:05 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-10-07 01:09 . 2008-04-16 04:05 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2009-10-07 01:09 . 2008-02-28 10:08 303104 ----a-r- c:\windows\system32\hposc_p01a.dll
2009-10-07 01:09 . 2008-04-16 04:05 974848 ----a-r- c:\windows\system32\hpost_p01a.dll
2009-10-07 01:09 . 2008-04-16 04:05 729088 ----a-r- c:\windows\system32\hposwia_p01a.dll
2009-10-06 22:22 . 2009-10-06 22:22 -------- d-----w- c:\documents and settings\Becky\Application Data\Malwarebytes
2009-10-06 22:21 . 2009-10-16 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-03 23:46 . 2009-10-03 23:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-03 07:12 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-10-03 07:12 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-10-03 07:12 . 2009-06-25 08:25 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-10-03 07:12 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-15 22:43 . 2007-04-29 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-07 01:13 . 2006-11-17 21:18 -------- d-----w- c:\program files\HP
2009-10-03 07:10 . 2009-09-14 22:23 -------- d-----w- c:\documents and settings\Becky\Application Data\FrostWire
2009-09-14 22:22 . 2009-09-14 22:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-14 22:21 . 2006-11-17 21:34 -------- d-----w- c:\program files\Java
2009-08-07 00:24 . 2006-11-16 01:32 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2006-11-16 01:32 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2006-11-16 01:32 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2005-05-26 12:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2006-11-16 01:32 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-04 20:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2006-11-16 01:32 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2006-11-16 01:32 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-04 20:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-17_00.17.47 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 188416]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-26 1398024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-14 149280]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Becky\\Desktop\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Apoint2K\\ApntEx.exe"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security\\SfCtlCom.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security\\TmProxy.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\HP\\QuickPlay\\QPService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/30/2008 6:19 AM 52240]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2/16/2008 12:34 AM 36368]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [3/30/2008 6:20 AM 648456]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
2009-08-26 c:\windows\Tasks\HP DArC Task 2003-04-08 07:12ewlett-Packard77002003-04-08 16:45Y37N130MXD7.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-04-08 16:45]
2009-10-16 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2007-08-26 13:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\t8wz0iij.default\
FF - plugin: c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\t8wz0iij.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-16 19:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-10-17 19:53
ComboFix-quarantined-files.txt 2009-10-17 00:53
ComboFix2.txt 2009-10-17 00:22
ComboFix 09-10-16.06 - Becky 10/16/2009 19:40.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.184 [GMT -5:00]
Running from: c:\documents and settings\Becky\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Becky\Desktop\CFScript.txt
AV: Trend Micro AntiVirus *On-access scanning disabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
file zipped: c:\windows\system32\bebuviza.dll
file zipped: c:\windows\system32\fanenoto.exe
file zipped: c:\windows\system32\fegufula.dll.tmp
file zipped: c:\windows\system32\lohulatu.dll.tmp
file zipped: c:\windows\system32\nowuvaku.exe
file zipped: c:\windows\system32\wesokaru.dll.tmp
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\bebuviza.dll
c:\windows\system32\fanenoto.exe
c:\windows\system32\fegufula.dll.tmp
c:\windows\system32\lohulatu.dll.tmp
c:\windows\system32\nowuvaku.exe
c:\windows\system32\wesokaru.dll.tmp
.
((((((((((((((((((((((((( Files Created from 2009-09-17 to 2009-10-17 )))))))))))))))))))))))))))))))
.
2009-10-17 00:25 . 2009-10-17 00:25 -------- d-----w- c:\windows\LastGood
2009-10-16 21:45 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-16 21:45 . 2009-10-16 22:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-16 21:45 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-13 07:10 . 2009-10-13 07:10 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-07 01:10 . 2008-06-07 01:49 118272 ----a-w- c:\windows\system32\hpz3l692.dll
2009-10-07 01:10 . 2008-04-16 04:05 271704 ----a-r- c:\windows\system32\hpzids01.dll
2009-10-07 01:09 . 2008-04-16 04:05 309760 ----a-r- c:\windows\system32\difxapi.dll
2009-10-07 01:09 . 2008-04-16 04:05 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2009-10-07 01:09 . 2008-02-28 10:08 303104 ----a-r- c:\windows\system32\hposc_p01a.dll
2009-10-07 01:09 . 2008-04-16 04:05 974848 ----a-r- c:\windows\system32\hpost_p01a.dll
2009-10-07 01:09 . 2008-04-16 04:05 729088 ----a-r- c:\windows\system32\hposwia_p01a.dll
2009-10-06 22:22 . 2009-10-06 22:22 -------- d-----w- c:\documents and settings\Becky\Application Data\Malwarebytes
2009-10-06 22:21 . 2009-10-16 18:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-03 23:46 . 2009-10-03 23:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-03 07:12 . 2009-06-25 08:25 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-10-03 07:12 . 2009-06-25 08:25 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-10-03 07:12 . 2009-06-25 08:25 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-10-03 07:12 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-15 22:43 . 2007-04-29 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-07 01:13 . 2006-11-17 21:18 -------- d-----w- c:\program files\HP
2009-10-03 07:10 . 2009-09-14 22:23 -------- d-----w- c:\documents and settings\Becky\Application Data\FrostWire
2009-09-14 22:22 . 2009-09-14 22:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-14 22:21 . 2006-11-17 21:34 -------- d-----w- c:\program files\Java
2009-08-07 00:24 . 2006-11-16 01:32 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 00:24 . 2006-11-16 01:32 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 00:24 . 2006-11-16 01:32 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 00:24 . 2005-05-26 12:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 00:24 . 2006-11-16 01:32 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-07 00:24 . 2004-08-04 20:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 00:23 . 2006-11-16 01:32 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 00:23 . 2006-11-16 01:32 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-04 20:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-10-17_00.17.47 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2005-12-12 94208]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-05-07 188416]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2005-12-07 409600]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2008-02-26 1398024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-14 149280]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Becky\\Desktop\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Apoint2K\\ApntEx.exe"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security\\SfCtlCom.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\Trend Micro\\Internet Security\\TmProxy.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
"c:\\Program Files\\HP\\QuickPlay\\QPService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [3/30/2008 6:19 AM 52240]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2/16/2008 12:34 AM 36368]
R3 tmproxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [3/30/2008 6:20 AM 648456]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-10-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
2009-08-26 c:\windows\Tasks\HP DArC Task 2003-04-08 07:12ewlett-Packard77002003-04-08 16:45Y37N130MXD7.job
- c:\program files\HP\hpcoretech\comp\hpdarc.exe [2003-04-08 16:45]
2009-10-16 c:\windows\Tasks\HP Usg Daily.job
- c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\pexpress\hphped05.exe [2007-08-26 13:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\t8wz0iij.default\
FF - plugin: c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\t8wz0iij.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-16 19:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-10-17 19:53
ComboFix-quarantined-files.txt 2009-10-17 00:53
ComboFix2.txt 2009-10-17 00:22
#6
Posted 17 October 2009 - 01:23 AM
-
- Members
-
- 17 posts
New Member
- Gender:Female
This is the scan from Malwarebytes. It installed just fine.
Malwarebytes' Anti-Malware 1.41
Database version: 2971
Windows 5.1.2600 Service Pack 3
10/16/2009 8:16:36 PM
mbam-log-2009-10-16 (20-16-36).txt
Scan type: Quick Scan
Objects scanned: 105276
Time elapsed: 5 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\todomeko.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\leveboju.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Becky\My Documents\downloads\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.41
Database version: 2971
Windows 5.1.2600 Service Pack 3
10/16/2009 8:16:36 PM
mbam-log-2009-10-16 (20-16-36).txt
Scan type: Quick Scan
Objects scanned: 105276
Time elapsed: 5 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\todomeko.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\leveboju.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Becky\My Documents\downloads\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
#7
Posted 17 October 2009 - 01:42 AM
-
- Moderators
-
- 6,031 posts
Forum Deity
Quote
C:\Documents and Settings\Becky\My Documents\downloads\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
#8
Posted 17 October 2009 - 01:44 AM
-
- Members
-
- 17 posts
New Member
- Gender:Female
No, because I don't know what that is.
#9
Posted 17 October 2009 - 01:45 AM
-
- Moderators
-
- 6,031 posts
Forum Deity
Now aren't you glad MBAM is installed? 
ESET Online Scanner
ESET Online Scanner
- Please go to the following link ESET Online Scanner Link
- Tick the box YES, I accept the Terms Of Use
- Click the Start button
- Now click the Install button
- Click Start
The scanner engine will initialise and update
- Do Not tick the box Remove found threats
- Click the Scan button
The scan will now run, please be patient
- When the scan finishes click the Details tab
- Copy and paste the contents of the C:\Program Files\EsetOnlineScanner\log.txt back here.
#10
Posted 17 October 2009 - 03:48 AM
-
- Members
-
- 17 posts
New Member
- Gender:Female
This is what the scan came up with.
ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=1c09cd021f65ba419aec8756d1733bc1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-17 02:59:15
# local_time=2009-10-16 09:59:15 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=514 41 100 97 60130937500
# scanned=81276
# found=257
# cleaned=0
# scan_time=3841
C:\Documents and Settings\Becky\My Documents\My Music\Hannah\crow warrior nightwish new cover version.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\[4]-Submit_2009-10-16_19.40.38.zip multiple threats 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\04071820\04071820.exe.vir a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\19586029\19586029.exe.vir a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\31626826\31626826.exe.vir a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\54830727\54830727.exe.vir a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\61402821\61402821.exe.vir a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\96650026\96650026.exe.vir a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ahjwpqft.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\aphhhihp.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\besmuymu.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\beziseno.dll.vir a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\cbadd.bak2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\cbadd.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\cwgqoplk.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\dgxrdehq.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\dimoburi.dll.vir a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\dxyeeusr.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\eajxrcgs.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\exekkdri.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fanqppdx.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fbkmjlid.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\feluniko.dll.vir a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fevubitu.dll.vir a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fhfcrxtl.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\gcjyrcro.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\gfoucleh.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ghkmp.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\gidajari.dll.vir Win32/KillAV.NFO trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\grmefdwt.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\iaryyoou.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\isapiyqq.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\jobobuwi.dll.vir a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\jojubasa.exe.vir a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\kdhkfcfi.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\kgexbbou.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\khdoriwt.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\lliekdta.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\llrlpbjv.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\lohinher.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\losorede.exe.vir a variant of Win32/Kryptik.AVH trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\lsgmsqmc.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\mevkyenl.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\mhjetfiy.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\mymnpjbp.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\nilokuke.dll.vir a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ojgsqjal.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\onnotupq.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\onnykcti.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\oqtwa.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\pgdoaggr.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\popiwoba.dll.vir a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ptrmetes.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\qcaegxxc.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\qcoytylt.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\qiagxiie.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\qsvtunvo.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\rafomife.dll.vir a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\rqtwa.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sgimybxh.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sinodisi.dll.vir a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sisifeme.exe.vir a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sonudodu.exe.vir a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\srutv.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ssvsyhjx.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sunezihe.dll.vir a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\taxxwvvj.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\tinonere.dll.vir a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\tjwnnqdc.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\tugojogu.dll.vir a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\tukideka.exe.vir a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\uiextdkl.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ulbcsglf.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\urribxru.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\utkmewsv.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\vcrnedtr.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\volosejo.dll.vir a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\vovrthkd.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\wfilirfs.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\wpxdgwfs.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\wvsvbjsp.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\xwbvbqap.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\xxjwecqt.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ybqstskn.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\yejedufi.dll.vir a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\yregyqax.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.OF virus 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\schtml\dbsinit.exe.vir Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\schtml\wispex.html.vir Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP28\A0016620.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP28\A0016621.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP28\A0016622.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP28\A0017614.dll a variant of Win32/Adware.Virtumonde.NFQ application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017686.dll a variant of Win32/Kryptik.ARO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017687.dll a variant of Win32/Kryptik.ARO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017688.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017694.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017696.dll a variant of Win32/Adware.Virtumonde.NFP application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017698.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017710.dll a variant of Win32/Adware.Virtumonde.NFP application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017712.dll a variant of Win32/Adware.Virtumonde.NFP application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017713.dll a variant of Win32/Adware.Virtumonde.NFP application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017834.dll a variant of Win32/Kryptik.ARO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017835.dll a variant of Win32/Kryptik.ARO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017836.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017837.dll a variant of Win32/Adware.Virtumonde.NFP application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP32\A0018308.dll Win32/Adware.Virtumonde.NFU application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP32\A0018317.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP32\A0018318.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP32\A0018319.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP33\A0019326.dll a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP33\A0019345.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP34\A0019408.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP35\A0020419.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP35\A0020454.dll a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP35\A0020489.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP35\A0020490.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP35\A0020491.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP35\A0021509.dll a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022531.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022532.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022533.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022542.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022543.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022552.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022553.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022554.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022568.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022569.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022570.dll a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022571.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022572.exe a variant of Win32/Kryptik.AVH trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022580.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022602.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022603.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022604.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022605.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022627.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022628.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022629.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022631.dll Win32/KillAV.NFO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022632.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022633.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037211.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037212.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037213.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037224.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037225.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037226.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037291.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037292.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037293.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037297.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037298.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037305.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037306.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037307.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037318.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037319.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037320.dll a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037321.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037322.exe a variant of Win32/Kryptik.AVH trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037327.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037337.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037338.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037339.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037340.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037360.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037361.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037362.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037364.dll Win32/KillAV.NFO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037365.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037366.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044952.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044953.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044954.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044955.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044957.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044958.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044965.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044966.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044967.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044968.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044970.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044971.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044972.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044973.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044974.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044975.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044976.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044977.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044978.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044979.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044980.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044981.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044982.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044983.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044984.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044985.dll Win32/KillAV.NFO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044986.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044987.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044988.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044989.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044990.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044991.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044992.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044993.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044994.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044995.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044996.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044997.exe a variant of Win32/Kryptik.AVH trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044998.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044999.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045000.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045001.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045002.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045003.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045004.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045005.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045006.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045007.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045008.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045009.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045011.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045012.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045013.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045014.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045015.dll a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045016.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045018.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045019.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045020.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045021.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045022.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045023.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045024.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045025.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045026.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045027.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045028.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045030.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045031.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045032.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045033.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045034.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045035.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045036.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045037.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045038.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045039.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045040.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045041.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045042.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045043.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045044.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045045.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045046.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=1c09cd021f65ba419aec8756d1733bc1
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-17 03:40:13
# local_time=2009-10-16 10:40:13 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=514 41 100 97 84706718750
# scanned=81272
# found=256
# cleaned=0
# scan_time=2259
C:\Documents and Settings\Becky\My Documents\My Music\Hannah\crow warrior nightwish new cover version.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\04071820\04071820.exe.vir a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\19586029\19586029.exe.vir a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\31626826\31626826.exe.vir a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\54830727\54830727.exe.vir a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\61402821\61402821.exe.vir a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\96650026\96650026.exe.vir a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ahjwpqft.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\aphhhihp.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\besmuymu.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\beziseno.dll.vir a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\cbadd.bak2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\cbadd.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\cwgqoplk.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\dgxrdehq.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\dimoburi.dll.vir a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\dxyeeusr.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\eajxrcgs.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\exekkdri.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fanqppdx.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fbkmjlid.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\feluniko.dll.vir a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fevubitu.dll.vir a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fhfcrxtl.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\gcjyrcro.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\gfoucleh.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ghkmp.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\gidajari.dll.vir Win32/KillAV.NFO trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\grmefdwt.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\iaryyoou.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\isapiyqq.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\jobobuwi.dll.vir a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\jojubasa.exe.vir a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\kdhkfcfi.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\kgexbbou.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\khdoriwt.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\lliekdta.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\llrlpbjv.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\lohinher.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\losorede.exe.vir a variant of Win32/Kryptik.AVH trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\lsgmsqmc.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\mevkyenl.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\mhjetfiy.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\mymnpjbp.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\nilokuke.dll.vir a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ojgsqjal.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\onnotupq.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\onnykcti.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\oqtwa.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\pgdoaggr.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\popiwoba.dll.vir a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ptrmetes.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\qcaegxxc.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\qcoytylt.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\qiagxiie.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\qsvtunvo.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\rafomife.dll.vir a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\rqtwa.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sgimybxh.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sinodisi.dll.vir a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sisifeme.exe.vir a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sonudodu.exe.vir a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\srutv.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ssvsyhjx.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sunezihe.dll.vir a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\taxxwvvj.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\tinonere.dll.vir a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\tjwnnqdc.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\tugojogu.dll.vir a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\tukideka.exe.vir a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\uiextdkl.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ulbcsglf.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\urribxru.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\utkmewsv.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\vcrnedtr.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\volosejo.dll.vir a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\vovrthkd.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\wfilirfs.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\wpxdgwfs.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\wvsvbjsp.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\xwbvbqap.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\xxjwecqt.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ybqstskn.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\yejedufi.dll.vir a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\yregyqax.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.OF virus 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\schtml\dbsinit.exe.vir Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\schtml\wispex.html.vir Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP28\A0016620.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP28\A0016621.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP28\A0016622.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP28\A0017614.dll a variant of Win32/Adware.Virtumonde.NFQ application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017686.dll a variant of Win32/Kryptik.ARO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017687.dll a variant of Win32/Kryptik.ARO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017688.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017694.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017696.dll a variant of Win32/Adware.Virtumonde.NFP application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017698.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017710.dll a variant of Win32/Adware.Virtumonde.NFP application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017712.dll a variant of Win32/Adware.Virtumonde.NFP application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017713.dll a variant of Win32/Adware.Virtumonde.NFP application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017834.dll a variant of Win32/Kryptik.ARO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017835.dll a variant of Win32/Kryptik.ARO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017836.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017837.dll a variant of Win32/Adware.Virtumonde.NFP application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP32\A0018308.dll Win32/Adware.Virtumonde.NFU application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP32\A0018317.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP32\A0018318.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP32\A0018319.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP33\A0019326.dll a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP33\A0019345.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP34\A0019408.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP35\A0020419.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP35\A0020454.dll a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP35\A0020489.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP35\A0020490.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP35\A0020491.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP35\A0021509.dll a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022531.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022532.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022533.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022542.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022543.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022552.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022553.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022554.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022568.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022569.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022570.dll a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022571.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022572.exe a variant of Win32/Kryptik.AVH trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022580.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022602.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022603.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022604.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022605.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022627.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022628.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022629.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022631.dll Win32/KillAV.NFO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022632.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022633.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037211.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037212.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037213.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037224.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037225.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037226.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037291.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037292.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037293.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037297.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037298.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037305.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037306.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037307.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037318.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037319.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037320.dll a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037321.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037322.exe a variant of Win32/Kryptik.AVH trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037327.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037337.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037338.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037339.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037340.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037360.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037361.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037362.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037364.dll Win32/KillAV.NFO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037365.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037366.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044952.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044953.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044954.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044955.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044957.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044958.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044965.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044966.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044967.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044968.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044970.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044971.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044972.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044973.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044974.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044975.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044976.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044977.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044978.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044979.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044980.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044981.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044982.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044983.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044984.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044985.dll Win32/KillAV.NFO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044986.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044987.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044988.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044989.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044990.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044991.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044992.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044993.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044994.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044995.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044996.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044997.exe a variant of Win32/Kryptik.AVH trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044998.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044999.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045000.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045001.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045002.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045003.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045004.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045005.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045006.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045007.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045008.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045009.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045011.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045012.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045013.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045014.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045015.dll a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045016.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045018.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045019.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045020.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045021.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045022.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045023.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045024.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045025.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045026.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045027.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045028.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045030.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045031.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045032.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045033.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045034.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045035.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045036.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045037.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045038.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045039.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045040.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045041.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045042.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045043.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045044.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045045.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045046.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=1c09cd021f65ba419aec8756d1733bc1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-17 02:59:15
# local_time=2009-10-16 09:59:15 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=514 41 100 97 60130937500
# scanned=81276
# found=257
# cleaned=0
# scan_time=3841
C:\Documents and Settings\Becky\My Documents\My Music\Hannah\crow warrior nightwish new cover version.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\[4]-Submit_2009-10-16_19.40.38.zip multiple threats 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\04071820\04071820.exe.vir a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\19586029\19586029.exe.vir a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\31626826\31626826.exe.vir a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\54830727\54830727.exe.vir a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\61402821\61402821.exe.vir a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\96650026\96650026.exe.vir a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ahjwpqft.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\aphhhihp.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\besmuymu.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\beziseno.dll.vir a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\cbadd.bak2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\cbadd.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\cwgqoplk.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\dgxrdehq.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\dimoburi.dll.vir a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\dxyeeusr.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\eajxrcgs.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\exekkdri.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fanqppdx.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fbkmjlid.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\feluniko.dll.vir a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fevubitu.dll.vir a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fhfcrxtl.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\gcjyrcro.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\gfoucleh.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ghkmp.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\gidajari.dll.vir Win32/KillAV.NFO trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\grmefdwt.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\iaryyoou.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\isapiyqq.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\jobobuwi.dll.vir a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\jojubasa.exe.vir a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\kdhkfcfi.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\kgexbbou.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\khdoriwt.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\lliekdta.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\llrlpbjv.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\lohinher.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\losorede.exe.vir a variant of Win32/Kryptik.AVH trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\lsgmsqmc.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\mevkyenl.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\mhjetfiy.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\mymnpjbp.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\nilokuke.dll.vir a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ojgsqjal.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\onnotupq.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\onnykcti.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\oqtwa.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\pgdoaggr.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\popiwoba.dll.vir a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ptrmetes.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\qcaegxxc.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\qcoytylt.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\qiagxiie.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\qsvtunvo.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\rafomife.dll.vir a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\rqtwa.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sgimybxh.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sinodisi.dll.vir a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sisifeme.exe.vir a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sonudodu.exe.vir a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\srutv.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ssvsyhjx.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sunezihe.dll.vir a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\taxxwvvj.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\tinonere.dll.vir a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\tjwnnqdc.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\tugojogu.dll.vir a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\tukideka.exe.vir a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\uiextdkl.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ulbcsglf.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\urribxru.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\utkmewsv.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\vcrnedtr.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\volosejo.dll.vir a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\vovrthkd.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\wfilirfs.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\wpxdgwfs.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\wvsvbjsp.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\xwbvbqap.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\xxjwecqt.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ybqstskn.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\yejedufi.dll.vir a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\yregyqax.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.OF virus 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\schtml\dbsinit.exe.vir Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\schtml\wispex.html.vir Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP28\A0016620.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP28\A0016621.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP28\A0016622.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP28\A0017614.dll a variant of Win32/Adware.Virtumonde.NFQ application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017686.dll a variant of Win32/Kryptik.ARO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017687.dll a variant of Win32/Kryptik.ARO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017688.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017694.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017696.dll a variant of Win32/Adware.Virtumonde.NFP application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017698.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017710.dll a variant of Win32/Adware.Virtumonde.NFP application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017712.dll a variant of Win32/Adware.Virtumonde.NFP application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017713.dll a variant of Win32/Adware.Virtumonde.NFP application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017834.dll a variant of Win32/Kryptik.ARO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017835.dll a variant of Win32/Kryptik.ARO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017836.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017837.dll a variant of Win32/Adware.Virtumonde.NFP application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP32\A0018308.dll Win32/Adware.Virtumonde.NFU application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP32\A0018317.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP32\A0018318.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP32\A0018319.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP33\A0019326.dll a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP33\A0019345.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP34\A0019408.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP35\A0020419.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP35\A0020454.dll a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP35\A0020489.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP35\A0020490.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP35\A0020491.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP35\A0021509.dll a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022531.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022532.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022533.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022542.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022543.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022552.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022553.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022554.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022568.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022569.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022570.dll a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022571.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022572.exe a variant of Win32/Kryptik.AVH trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022580.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022602.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022603.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022604.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022605.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022627.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022628.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022629.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022631.dll Win32/KillAV.NFO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022632.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022633.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037211.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037212.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037213.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037224.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037225.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037226.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037291.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037292.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037293.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037297.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037298.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037305.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037306.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037307.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037318.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037319.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037320.dll a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037321.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037322.exe a variant of Win32/Kryptik.AVH trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037327.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037337.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037338.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037339.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037340.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037360.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037361.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037362.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037364.dll Win32/KillAV.NFO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037365.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037366.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044952.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044953.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044954.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044955.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044957.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044958.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044965.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044966.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044967.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044968.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044970.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044971.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044972.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044973.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044974.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044975.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044976.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044977.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044978.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044979.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044980.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044981.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044982.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044983.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044984.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044985.dll Win32/KillAV.NFO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044986.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044987.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044988.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044989.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044990.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044991.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044992.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044993.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044994.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044995.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044996.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044997.exe a variant of Win32/Kryptik.AVH trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044998.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044999.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045000.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045001.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045002.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045003.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045004.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045005.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045006.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045007.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045008.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045009.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045011.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045012.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045013.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045014.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045015.dll a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045016.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045018.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045019.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045020.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045021.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045022.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045023.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045024.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045025.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045026.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045027.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045028.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045030.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045031.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045032.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045033.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045034.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045035.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045036.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045037.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045038.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045039.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045040.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045041.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045042.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045043.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045044.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045045.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045046.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=6
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6050
# api_version=3.0.2
# EOSSerial=1c09cd021f65ba419aec8756d1733bc1
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-10-17 03:40:13
# local_time=2009-10-16 10:40:13 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=514 41 100 97 84706718750
# scanned=81272
# found=256
# cleaned=0
# scan_time=2259
C:\Documents and Settings\Becky\My Documents\My Music\Hannah\crow warrior nightwish new cover version.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\04071820\04071820.exe.vir a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\19586029\19586029.exe.vir a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\31626826\31626826.exe.vir a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\54830727\54830727.exe.vir a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\61402821\61402821.exe.vir a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\96650026\96650026.exe.vir a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ahjwpqft.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\aphhhihp.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\besmuymu.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\beziseno.dll.vir a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\cbadd.bak2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\cbadd.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\cwgqoplk.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\dgxrdehq.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\dimoburi.dll.vir a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\dxyeeusr.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\eajxrcgs.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\exekkdri.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fanqppdx.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fbkmjlid.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\feluniko.dll.vir a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fevubitu.dll.vir a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\fhfcrxtl.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\gcjyrcro.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\gfoucleh.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ghkmp.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\gidajari.dll.vir Win32/KillAV.NFO trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\grmefdwt.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\iaryyoou.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\isapiyqq.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\jobobuwi.dll.vir a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\jojubasa.exe.vir a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\kdhkfcfi.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\kgexbbou.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\khdoriwt.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\lliekdta.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\llrlpbjv.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\lohinher.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\losorede.exe.vir a variant of Win32/Kryptik.AVH trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\lsgmsqmc.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\mevkyenl.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\mhjetfiy.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\mymnpjbp.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\nilokuke.dll.vir a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ojgsqjal.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\onnotupq.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\onnykcti.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\oqtwa.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\pgdoaggr.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\popiwoba.dll.vir a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ptrmetes.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\qcaegxxc.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\qcoytylt.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\qiagxiie.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\qsvtunvo.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\rafomife.dll.vir a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\rqtwa.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sgimybxh.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sinodisi.dll.vir a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sisifeme.exe.vir a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sonudodu.exe.vir a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\srutv.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ssvsyhjx.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\sunezihe.dll.vir a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\taxxwvvj.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\tinonere.dll.vir a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\tjwnnqdc.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\tugojogu.dll.vir a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\tukideka.exe.vir a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\uiextdkl.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ulbcsglf.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\urribxru.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\utkmewsv.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\vcrnedtr.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\volosejo.dll.vir a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\vovrthkd.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\wfilirfs.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\wpxdgwfs.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\wvsvbjsp.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\xwbvbqap.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\xxjwecqt.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\ybqstskn.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\yejedufi.dll.vir a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\yregyqax.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.OF virus 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\schtml\dbsinit.exe.vir Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\schtml\wispex.html.vir Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP28\A0016620.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP28\A0016621.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP28\A0016622.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP28\A0017614.dll a variant of Win32/Adware.Virtumonde.NFQ application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017686.dll a variant of Win32/Kryptik.ARO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017687.dll a variant of Win32/Kryptik.ARO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017688.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017694.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017696.dll a variant of Win32/Adware.Virtumonde.NFP application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017698.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017710.dll a variant of Win32/Adware.Virtumonde.NFP application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017712.dll a variant of Win32/Adware.Virtumonde.NFP application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017713.dll a variant of Win32/Adware.Virtumonde.NFP application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017834.dll a variant of Win32/Kryptik.ARO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017835.dll a variant of Win32/Kryptik.ARO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017836.dll a variant of Win32/Adware.Virtumonde.NFR application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP30\A0017837.dll a variant of Win32/Adware.Virtumonde.NFP application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP32\A0018308.dll Win32/Adware.Virtumonde.NFU application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP32\A0018317.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP32\A0018318.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP32\A0018319.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP33\A0019326.dll a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP33\A0019345.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP34\A0019408.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP35\A0020419.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP35\A0020454.dll a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP35\A0020489.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP35\A0020490.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP35\A0020491.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP35\A0021509.dll a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022531.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022532.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022533.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022542.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022543.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022552.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022553.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022554.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022568.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022569.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022570.dll a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022571.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022572.exe a variant of Win32/Kryptik.AVH trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022580.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022602.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022603.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022604.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022605.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022627.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022628.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022629.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022631.dll Win32/KillAV.NFO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022632.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP36\A0022633.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037211.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037212.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037213.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037224.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037225.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037226.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037291.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037292.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037293.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037297.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037298.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037305.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037306.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037307.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037318.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037319.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037320.dll a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037321.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037322.exe a variant of Win32/Kryptik.AVH trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037327.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037337.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037338.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037339.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037340.exe probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037360.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037361.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037362.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037364.dll Win32/KillAV.NFO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037365.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0037366.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044952.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044953.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044954.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044955.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044957.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044958.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044965.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044966.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044967.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044968.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044970.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044971.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044972.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044973.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044974.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044975.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044976.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044977.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044978.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044979.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044980.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044981.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044982.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044983.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044984.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044985.dll Win32/KillAV.NFO trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044986.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044987.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044988.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044989.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044990.exe a variant of Win32/Kryptik.AVG trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044991.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044992.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044993.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044994.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044995.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044996.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044997.exe a variant of Win32/Kryptik.AVH trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044998.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0044999.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045000.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045001.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045002.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045003.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045004.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045005.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045006.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045007.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045008.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045009.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045011.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045012.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045013.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045014.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045015.dll a variant of Win32/Adware.Virtumonde.NFT application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045016.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045018.exe Win32/Adware.WinAntiVirus application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045019.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045020.dll a variant of Win32/Adware.SuperJuan.H application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045021.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045022.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045023.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045024.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045025.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045026.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045027.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045028.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045030.dll a variant of Win32/KillAV.NFZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045031.exe a variant of Win32/Kryptik.AEA trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045032.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045033.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045034.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045035.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045036.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045037.dll a variant of Win32/AntiAV.NCZ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045038.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045039.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045040.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045041.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045042.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045043.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045044.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045045.dll a variant of Win32/Adware.SuperJuan.F application 00000000000000000000000000000000 I
C:\System Volume Information\_restore{59674A27-FD3B-4F11-A742-8F3941688B37}\RP37\A0045046.ini Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
#11
Posted 17 October 2009 - 10:30 AM
-
- Moderators
-
- 6,031 posts
Forum Deity
Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:
Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run
Post back to tell me what it says
@echo off if exist "%temp%\log.txt" del "%temp%\log.txt" for %%g in ( "C:\Documents and Settings\Becky\My Documents\My Music\Hannah\crow warrior nightwish new cover version.mp3" ) do ( del /a/f/q %%g >nul 2>&1 if exist %%g echo.%%~g>>"%temp%\log.txt" ) for %%g in ( "%systemdrive%\VundoFix Backups" %systemdrive%\Qoobox ) do ( rd /s/q %%g >nul 2>&1 if exist %%g echo.%%~g>>"%temp%\log.txt" ) if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt" ) else echo.Deleted Successfully !! pause del %0
Save this as fix.bat Choose to "Save type as - All Files"
It should look like this:
Double click on fix.bat & allow it to run
Post back to tell me what it says
#12
Posted 17 October 2009 - 09:34 PM
-
- Members
-
- 17 posts
New Member
- Gender:Female
All it said was deleted successfully, press any key to exit.
Should something else have happened? Or is this what was expected?
Should something else have happened? Or is this what was expected?
#13
Posted 17 October 2009 - 09:48 PM
-
- Moderators
-
- 6,031 posts
Forum Deity
Quote
s this what was expected
Of the stuff found,
C:\QooBox is ComboFix's quarantine folder. We'll take care of it when we uninstall ComboFix
C:\System Volume Information\ is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be reseting/clearing the cache in a little while
----------------------
Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:
- Uninstall ComboFix ... do not skip this step
This process will perform some post cleanup measures.
Do this by going to to Start > Run & typing in ComboFix /U
- ANTIVIRUS SOFTWARE
It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
- Microsoft Windows Update → http://www.windowsupdate.com
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
- http://www.mozilla.o...oducts/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
- http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
- http://www.aumha.org...erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://www.spywarein...showtopic=60955
After doing all these, your system will be optimised against future threats.
.
Have a safe & happy computing day.
Kindly respond to this thread once more so we can mark this thread as resolved.
#14
Posted 17 October 2009 - 09:58 PM
-
- Members
-
- 17 posts
New Member
- Gender:Female
Thank you very much, I'll get right on these.
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users
