 |  |  |  |  |  |  |  |
wtta.exe ?
Thread Solved |
I've used various types of antispyware software and haven't been able to get rid of it. I'm not sure if there is other spyware or viruses on my computer so i have a log. Any help is much appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 11:52:02 PM, on 01/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\TRENDM~1\INTERN~1\tmproxy.exe
C:\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\explorer.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINDOWS\System32\ejgbyp.exe
C:\BitComet\BitComet.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\True Sword\TrueSword.exe
C:\Program Files\Real\RealOne Player\realplay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Winrar\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.235\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kelcom.igs.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kelcom.igs.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kelcom.igs.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kelcom.igs.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Kelcom Internet
R3 - URLSearchHook: (no name) - {69B73011-D7D7-F901-845F-AE7F671BD59B} - C:\WINDOWS\System32\vslcls.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {69B73011-D7D7-F901-845F-AE7F671BD59B} - C:\WINDOWS\System32\vslcls.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [Outpost Center] C:\WINDOWS\System32\outpstd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\mstool.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\paqcok.exe reg_run
O4 - HKCU\..\Run: [Summdt] C:\WINDOWS\System32\ejgbyp.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Notn] "C:\Program Files\apsi\wtta.exe" -vt ndrv
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1127527317593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138732278343
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\TRENDM~1\INTERN~1\Tmntsrv.exe
Thanks in advance.
Logfile of HijackThis v1.99.1
Scan saved at 11:52:02 PM, on 01/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\TRENDM~1\INTERN~1\tmproxy.exe
C:\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\explorer.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Trend Micro\Internet Security 2005\pccguide.exe
C:\WINDOWS\System32\ejgbyp.exe
C:\BitComet\BitComet.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\True Sword\TrueSword.exe
C:\Program Files\Real\RealOne Player\realplay.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Winrar\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.235\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kelcom.igs.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kelcom.igs.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kelcom.igs.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kelcom.igs.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Kelcom Internet
R3 - URLSearchHook: (no name) - {69B73011-D7D7-F901-845F-AE7F671BD59B} - C:\WINDOWS\System32\vslcls.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {69B73011-D7D7-F901-845F-AE7F671BD59B} - C:\WINDOWS\System32\vslcls.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [Outpost Center] C:\WINDOWS\System32\outpstd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\mstool.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\paqcok.exe reg_run
O4 - HKCU\..\Run: [Summdt] C:\WINDOWS\System32\ejgbyp.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [Notn] "C:\Program Files\apsi\wtta.exe" -vt ndrv
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1127527317593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138732278343
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\TRENDM~1\INTERN~1\Tmntsrv.exe
Thanks in advance.
Hi,
Download KillBox, extract it to your desktop.
Download CCleaner and install it. Do not run it now!
Download PuritySCAN Uninstaller.
Download and install Ewido Security Suite v3.5. After download, double click on the file to launch the install process. During installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". Launch ewido by double-clicking the "e" icon on your desktop. The program will prompt you to update - click the "OK" button. On the left side of the main screen, click on "Update" and then click "Start Update". The update will start and a progress bar will show the updates being installed. After the updates are installed, you will see "Update Successful" in the lower left corner.
If you are having problems with the updater, use this link to manually update.
Exit Ewido when done - DO NOT perform a scan yet.
Make Windows to show all files:-
Go to Start > My Computer. Go to Tools menu, click Folder Options. Uncheck Hide protected operating system files. Then, click to select the option Show hidden files and folders. Click Apply and then click OK to exit.
Run PuritySCAN Uninstaller and remove the PuritySCNAN if found.
Reboot in Safe Mode:-
Restart (or switch ON) the PC. Then, keep tapping the F8 Key. From the menu that will be displayed, out of which choose Safe Mode and press Enter.
Uninstall this Software from Add/Remove Programs in Control Panel:-
True Sword (This is a dubious software!)
Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {69B73011-D7D7-F901-845F-AE7F671BD59B} - C:\WINDOWS\System32\vslcls.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O2 - BHO: (no name) - {69B73011-D7D7-F901-845F-AE7F671BD59B} - C:\WINDOWS\System32\vslcls.dll
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\mstool.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\paqcok.exe reg_run
O4 - HKCU\..\Run: [Summdt] C:\WINDOWS\System32\ejgbyp.exe
O4 - HKCU\..\Run: [Notn] "C:\Program Files\apsi\wtta.exe" -vt ndrv
Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.
Exit from HijackThis.
Run CCleaner, click "Options" button and here go to "Advanced" tab and uncheck the option "Only delete files in Windows Temp folder older than 48 hours". Click OK to exit from the Options. Finally click "Run Cleaner" and click "OK" to continue cleaning.
Run Ewido, click on the "Scanner" button in the left menu, then click on the "Settings", here select the option "Scan every file" and click "OK". Next, click "Complete System Scan" button to start scan. If ewido finds anything, it will pop up a notification. You can select "Clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
Next, delete this folder, if found:-
C:\True Sword
Open KillBox.exe. Check the following box:-
Delete on Reboot
Highlight all the entries in the quote box below and then Copy them.
Then in Killbox click File > Paste from Clipboard.
At this point the "All Files" button should be enabled so you can click it. Click the "All Files" button.
Then click the Red X button and for the confirmation message that will appear, you will need to click "Yes". A second message will ask to Reboot now? you will need to click "Yes" to allow the reboot.
Note: Killbox will let you know if a file does not exist.
If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click yes to allow the reboot.
Reboot to Normal Mode. Now, scan the below mentioned file at www.virustotal.com and if its found to be infected, delete it:-
After this, perform an online virus scan at Kaspersky Online Scanner. Save the log it gives after the scan.
Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Kaspersky log.
Download KillBox, extract it to your desktop.
Download CCleaner and install it. Do not run it now!
Download PuritySCAN Uninstaller.
Download and install Ewido Security Suite v3.5. After download, double click on the file to launch the install process. During installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". Launch ewido by double-clicking the "e" icon on your desktop. The program will prompt you to update - click the "OK" button. On the left side of the main screen, click on "Update" and then click "Start Update". The update will start and a progress bar will show the updates being installed. After the updates are installed, you will see "Update Successful" in the lower left corner.
If you are having problems with the updater, use this link to manually update.
Exit Ewido when done - DO NOT perform a scan yet.
Make Windows to show all files:-
Go to Start > My Computer. Go to Tools menu, click Folder Options. Uncheck Hide protected operating system files. Then, click to select the option Show hidden files and folders. Click Apply and then click OK to exit.
Run PuritySCAN Uninstaller and remove the PuritySCNAN if found.
Reboot in Safe Mode:-
Restart (or switch ON) the PC. Then, keep tapping the F8 Key. From the menu that will be displayed, out of which choose Safe Mode and press Enter.
Uninstall this Software from Add/Remove Programs in Control Panel:-
True Sword (This is a dubious software!)
Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - {69B73011-D7D7-F901-845F-AE7F671BD59B} - C:\WINDOWS\System32\vslcls.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O2 - BHO: (no name) - {69B73011-D7D7-F901-845F-AE7F671BD59B} - C:\WINDOWS\System32\vslcls.dll
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\mstool.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\paqcok.exe reg_run
O4 - HKCU\..\Run: [Summdt] C:\WINDOWS\System32\ejgbyp.exe
O4 - HKCU\..\Run: [Notn] "C:\Program Files\apsi\wtta.exe" -vt ndrv
Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.
Exit from HijackThis.
Run CCleaner, click "Options" button and here go to "Advanced" tab and uncheck the option "Only delete files in Windows Temp folder older than 48 hours". Click OK to exit from the Options. Finally click "Run Cleaner" and click "OK" to continue cleaning.
Run Ewido, click on the "Scanner" button in the left menu, then click on the "Settings", here select the option "Scan every file" and click "OK". Next, click "Complete System Scan" button to start scan. If ewido finds anything, it will pop up a notification. You can select "Clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
Next, delete this folder, if found:-
C:\True Sword
Open KillBox.exe. Check the following box:-
Delete on Reboot
Highlight all the entries in the quote box below and then Copy them.
•
•
•
•
C:\WINDOWS\System32\ejgbyp.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\WINDOWS\System32\mstool.exe
C:\WINDOWS\System32\paqcok.exe
C:\Program Files\apsi\wtta.exe
At this point the "All Files" button should be enabled so you can click it. Click the "All Files" button.
Then click the Red X button and for the confirmation message that will appear, you will need to click "Yes". A second message will ask to Reboot now? you will need to click "Yes" to allow the reboot.
Note: Killbox will let you know if a file does not exist.
If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click yes to allow the reboot.
Reboot to Normal Mode. Now, scan the below mentioned file at www.virustotal.com and if its found to be infected, delete it:-
•
•
•
•
C:\WINDOWS\System32\outpstd.exe
After this, perform an online virus scan at Kaspersky Online Scanner. Save the log it gives after the scan.
Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Kaspersky log.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
-Albert Einstein.
Thank you for your help i've completed most of the instructions, but was unable to find a couple of the items in the hijack this log and fix them. Here is the new log:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\TRENDM~1\INTERN~1\tmproxy.exe
C:\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Trend Micro\Internet Security 2005\pccguide.exe
C:\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Real\RealOne Player\realplay.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.500\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kelcom.igs.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kelcom.igs.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kelcom.igs.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kelcom.igs.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Kelcom Internet
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [Outpost Center] C:\WINDOWS\System32\outpstd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\mstool.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1127527317593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138732278343
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: ewido security suite control - ewido networks - C:\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\TRENDM~1\INTERN~1\tmproxy.exe
Here is the kaspersky scan log:
Scan Statistics:
Total number of scanned objects: 78100
Number of viruses found: 52
Number of infected objects: 201
Number of suspicious objects: 0
Duration of the scan process: 6119 sec
Infected Object Name - Virus Name
C:\!KillBox\mstool.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\Microsoft AntiSpyware\DeactivatedItems\023A8B72-ADCF-4B4C-A3C0-C0AF54.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\02CBED05-C01F-4CBD-9CDD-501886.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\04554E0F-8062-4248-B6FC-0FA587.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\081E0EC7-D3D7-4D05-8732-CBE2C5.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\0877C3DC-94E7-4BE4-BB32-8E9720.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\0D582DC4-828C-4802-A33B-1EA1E3.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\0E51A1AD-FE25-4556-A495-683289.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\253C76A1-C80D-47CD-96A6-A5D9E0.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\521ADF7E-6D5D-411D-9D91-01CF1C.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\5D25CACE-AF60-4303-B61D-05141A.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\9D37025E-C0D3-4BA7-8F9B-C86CDC.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\B498E7C0-6DD5-4C3C-8ACF-B3CD8E.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\C365B5E3-6AFC-4020-8E46-245D85.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\D532C008-9C28-4F0D-9961-CB027A.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\D940F163-49E1-431F-BC5D-6437F6.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\EE326E8C-9529-4728-A566-08D904.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\F08B0412-1E29-469E-AC3C-9F94A1.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\Quarantine\37D4D343-E213-4909-843F-456539\AE8E07E3-C369-4F50-966D-DF3674/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n
C:\Microsoft AntiSpyware\Quarantine\37D4D343-E213-4909-843F-456539\AE8E07E3-C369-4F50-966D-DF3674/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p
C:\Microsoft AntiSpyware\Quarantine\37D4D343-E213-4909-843F-456539\AE8E07E3-C369-4F50-966D-DF3674/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\Microsoft AntiSpyware\Quarantine\37D4D343-E213-4909-843F-456539\AE8E07E3-C369-4F50-966D-DF3674/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\Microsoft AntiSpyware\Quarantine\37D4D343-E213-4909-843F-456539\AE8E07E3-C369-4F50-966D-DF3674 Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\secure32.html Infected: not-virus:Hoax.Win32.Renos.y
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP139\A0010809.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP139\A0011812.exe Infected: Trojan-Downloader.Win32.TSUpdate.n
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP139\A0011813.exe Infected: Trojan-Downloader.Win32.TSUpdate.p
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP139\A0011814.exe Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP139\A0011815.exe Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP139\A0011816.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011842.exe Infected: Trojan-Downloader.Win32.Keenval
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011843.exe Infected: Trojan-Downloader.Win32.Keenval
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011844.exe Infected: Trojan-Downloader.Win32.Keenval
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011849.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011850.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011915.exe Infected: Trojan.Win32.StartPage.agi
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011916.exe Infected: Trojan-Downloader.Win32.CWS.n
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011925.exe Infected: Packed.Win32.Klone.b
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011926.exe Infected: Packed.Win32.Klone.b
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011944.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011953.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011960.dll Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011963.exe Infected: Trojan-Clicker.Win32.Spywad.k
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011976.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0012979.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0012996.exe Infected: Trojan-Proxy.Win32.Xorpix.d
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0012997.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0013011.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0013023.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0013034.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0013038.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP141\A0013042.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP141\A0013079.exe Infected: Trojan-Downloader.Win32.VB.ri
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP141\A0013080.exe Infected: Trojan-Downloader.Win32.Small.buy
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP141\A0013081.exe Infected: Trojan-Downloader.Win32.TSUpdate.o
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP141\A0013148.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP142\A0013206.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP142\A0013231.exe Infected: Trojan-Downloader.Win32.PurityScan.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP144\A0013373.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP144\A0013379.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP145\A0013503.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP146\A0013586.exe Infected: Trojan-PSW.Win32.Agent.bu
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP146\A0013587.exe Infected: Trojan-Downloader.Win32.Small.byf
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP146\A0013588.dll Infected: Trojan-PSW.Win32.Agent.bu
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP146\A0013589.dll Infected: Trojan-PSW.Win32.Agent.bu
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP146\A0013590.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP146\A0013591.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP146\A0013592.exe Infected: Trojan-Downloader.Win32.TSUpdate.n
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP146\A0013593.exe Infected: Trojan-Clicker.Win32.Spywad.k
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP147\A0013614.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP150\A0013664.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP152\A0014104.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP152\A0014106.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP154\A0014452.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP154\A0014522.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP155\A0014584.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP155\A0014649.exe Infected: Trojan-Proxy.Win32.Xorpix.i
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP156\A0014701.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP158\A0014769.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP161\A0014917.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP161\A0015094.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP161\A0015100.exe Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP161\A0015102.exe Infected: Trojan-Downloader.Win32.TSUpdate.p
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP161\A0015105.exe Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP162\A0015209.dll Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP162\A0015216.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP162\A0015238.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP163\A0015283.dll Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP163\A0015316.exe Infected: Trojan-Downloader.Win32.PurityScan.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP164\A0015328.exe Infected: Trojan-Proxy.Win32.Xorpix.b
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP164\A0015373.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP166\A0015398.exe Infected: Trojan-Proxy.Win32.Xorpix.b
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP167\A0015428.exe Infected: Trojan-Downloader.Win32.Small.buh
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP167\A0015429.exe Infected: Packed.Win32.Klone.b
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP167\A0015430.exe Infected: SpamTool.Win32.Mailbot.d
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP167\A0015431.exe Infected: Trojan-Proxy.Win32.Wopla.n
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP167\A0015432.exe Infected: Trojan-Proxy.Win32.Wopla.n
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP167\A0015433.exe Infected: Packed.Win32.Klone.b
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP167\A0015434.dll Infected: Trojan-Downloader.Win32.Small.bug
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP167\A0015435.dll Infected: Trojan-Proxy.Win32.Wopla.n
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP167\A0015436.dll Infected: Trojan-Proxy.Win32.Wopla.n
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP167\A0015437.exe Infected: Trojan.Win32.StartPage.aw
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP168\A0015484.exe Infected: Trojan-Downloader.Win32.PurityScan.bo
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP170\A0015539.exe Infected: Trojan-Downloader.Win32.PurityScan.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP171\A0016536.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP173\A0016650.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP173\A0017650.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP176\A0017772.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP178\A0017829.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP178\A0017836.exe Infected: Trojan-Downloader.Win32.PurityScan.br
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP180\A0017896.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP181\A0017938.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP183\A0017996.exe Infected: Trojan-Proxy.Win32.Xorpix.b
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP183\A0017997.exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP183\A0017998.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP183\A0017999.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP183\A0018028.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP189\A0018127.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP193\A0018219.exe Infected: Trojan-Proxy.Win32.Xorpix.k
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP193\A0018220.exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP193\A0018221.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP193\A0018222.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP194\A0018303.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP195\A0018325.exe Infected: Trojan-Downloader.Win32.PurityScan.br
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP196\A0018433.exe Infected: Trojan-Downloader.Win32.PurityScan.br
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP204\A0018739.exe Infected: Trojan-Downloader.Win32.PurityScan.br
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP205\A0018812.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP205\A0018813.exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP205\A0018814.exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP205\A0018815.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP205\A0018816.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0018958.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0018959.exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0018960.exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0018961.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0018962.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0018982.exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0018983.exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0018984.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0018985.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019750.exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019751.exe/data0010 Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019751.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019752.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019753.exe Infected: Trojan-Proxy.Win32.Delf.aa
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019757.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019758.exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019759.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019760.dll Infected: SpamTool.Win32.Mailbot.d
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019761.exe Infected: Trojan-Proxy.Win32.Xorpix.k
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019762.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019763.exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019764.dll Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019765.cpl Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019766.exe Infected: Packed.Win32.Klone.b
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019768.dll Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019769.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019776.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP88\A0008422.exe Infected: Trojan-Downloader.Win32.PurityScan.au
C:\Trend Micro\Internet Security 2005\Quarantine\21.tmp Infected: Email-Worm.Win32.Delf.i
C:\Trend Micro\Internet Security 2005\Quarantine\501.tmp Infected: Exploit.Java.ByteVerify
C:\Trend Micro\Internet Security 2005\Quarantine\502.tmp Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Trend Micro\Internet Security 2005\Quarantine\503.tmp Infected: Exploit.Java.ByteVerify
C:\Trend Micro\Internet Security 2005\Quarantine\507.tmp Infected: Exploit.Java.ByteVerify
C:\Trend Micro\Internet Security 2005\Quarantine\56.tmp/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Trend Micro\Internet Security 2005\Quarantine\56.tmp/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Trend Micro\Internet Security 2005\Quarantine\56.tmp Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Trend Micro\Internet Security 2005\Quarantine\57.tmp/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w
C:\Trend Micro\Internet Security 2005\Quarantine\57.tmp Infected: Trojan-Downloader.Java.OpenStream.w
C:\Trend Micro\Internet Security 2005\Quarantine\58.tmp/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Trend Micro\Internet Security 2005\Quarantine\58.tmp/Counter.class Infected: Trojan.Java.ClassLoader.h
C:\Trend Micro\Internet Security 2005\Quarantine\58.tmp/Parser.class Infected: Trojan.Java.ClassLoader.d
C:\Trend Micro\Internet Security 2005\Quarantine\58.tmp Infected: Trojan.Java.ClassLoader.d
C:\Trend Micro\Internet Security 2005\Quarantine\59.tmp Infected: Email-Worm.Win32.Delf.i
C:\Trend Micro\Internet Security 2005\Quarantine\5D.tmp/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w
C:\Trend Micro\Internet Security 2005\Quarantine\5D.tmp Infected: Trojan-Downloader.Java.OpenStream.w
C:\Trend Micro\Internet Security 2005\Quarantine\5E.tmp/data0003 Infected: Trojan-Downloader.Win32.Keenval.f
C:\Trend Micro\Internet Security 2005\Quarantine\5E.tmp Infected: Trojan-Downloader.Win32.Keenval.f
C:\Trend Micro\Internet Security 2005\Quarantine\5F.tmp/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w
C:\Trend Micro\Internet Security 2005\Quarantine\5F.tmp Infected: Trojan-Downloader.Java.OpenStream.w
C:\Trend Micro\Internet Security 2005\Quarantine\70.tmp Infected: Exploit.Java.ByteVerify
C:\Trend Micro\Internet Security 2005\Quarantine\72.tmp Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Trend Micro\Internet Security 2005\Quarantine\74.tmp Infected: Exploit.Java.ByteVerify
C:\Trend Micro\Internet Security 2005\Quarantine\82.tmp/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Trend Micro\Internet Security 2005\Quarantine\82.tmp/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Trend Micro\Internet Security 2005\Quarantine\82.tmp/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Trend Micro\Internet Security 2005\Quarantine\82.tmp/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Trend Micro\Internet Security 2005\Quarantine\82.tmp Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Trend Micro\Internet Security 2005\Quarantine\83.tmp/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Trend Micro\Internet Security 2005\Quarantine\83.tmp/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Trend Micro\Internet Security 2005\Quarantine\83.tmp/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Trend Micro\Internet Security 2005\Quarantine\83.tmp Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Trend Micro\Internet Security 2005\Quarantine\92B.tmp/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w
C:\Trend Micro\Internet Security 2005\Quarantine\92B.tmp Infected: Trojan-Downloader.Java.OpenStream.w
C:\Trend Micro\Internet Security 2005\Quarantine\B0.tmp Infected: Email-Worm.Win32.Delf.i
C:\Trend Micro\Internet Security 2005\Quarantine\EE.tmp/data0003 Infected: Trojan-Downloader.Win32.Keenval.f
C:\Trend Micro\Internet Security 2005\Quarantine\EE.tmp Infected: Trojan-Downloader.Win32.Keenval.f
C:\Trend Micro\Internet Security 2005\Quarantine\FB.tmp Infected: Email-Worm.Win32.Delf.i
C:\WINDOWS\secure32.html Infected: not-virus:Hoax.Win32.Renos.y
C:\WINDOWS\svchost.exe Infected: Trojan-Dropper.Win32.Agent.agf
C:\WINDOWS\system32\mstool.exe Infected: Trojan-Proxy.Win32.Xorpix.g
Scan process completed.
Thank you in advance for your help.
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\TRENDM~1\INTERN~1\tmproxy.exe
C:\TRENDM~1\INTERN~1\TmPfw.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Trend Micro\Internet Security 2005\pccguide.exe
C:\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Real\RealOne Player\realplay.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.500\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kelcom.igs.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kelcom.igs.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kelcom.igs.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kelcom.igs.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Kelcom Internet
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll (file missing)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [Outpost Center] C:\WINDOWS\System32\outpstd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Microsoft Office] C:\WINDOWS\System32\mstool.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://files.ea.com/downloads/rtpatch/v2/EARTPX.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1127527317593
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1138732278343
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll
O23 - Service: ewido security suite control - ewido networks - C:\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\TRENDM~1\INTERN~1\tmproxy.exe
Here is the kaspersky scan log:
Scan Statistics:
Total number of scanned objects: 78100
Number of viruses found: 52
Number of infected objects: 201
Number of suspicious objects: 0
Duration of the scan process: 6119 sec
Infected Object Name - Virus Name
C:\!KillBox\mstool.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\Microsoft AntiSpyware\DeactivatedItems\023A8B72-ADCF-4B4C-A3C0-C0AF54.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\02CBED05-C01F-4CBD-9CDD-501886.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\04554E0F-8062-4248-B6FC-0FA587.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\081E0EC7-D3D7-4D05-8732-CBE2C5.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\0877C3DC-94E7-4BE4-BB32-8E9720.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\0D582DC4-828C-4802-A33B-1EA1E3.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\0E51A1AD-FE25-4556-A495-683289.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\253C76A1-C80D-47CD-96A6-A5D9E0.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\521ADF7E-6D5D-411D-9D91-01CF1C.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\5D25CACE-AF60-4303-B61D-05141A.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\9D37025E-C0D3-4BA7-8F9B-C86CDC.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\B498E7C0-6DD5-4C3C-8ACF-B3CD8E.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\C365B5E3-6AFC-4020-8E46-245D85.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\D532C008-9C28-4F0D-9961-CB027A.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\D940F163-49E1-431F-BC5D-6437F6.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\EE326E8C-9529-4728-A566-08D904.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\DeactivatedItems\F08B0412-1E29-469E-AC3C-9F94A1.asq Infected: Trojan-Dropper.Win32.Agent.agf
C:\Microsoft AntiSpyware\Quarantine\37D4D343-E213-4909-843F-456539\AE8E07E3-C369-4F50-966D-DF3674/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n
C:\Microsoft AntiSpyware\Quarantine\37D4D343-E213-4909-843F-456539\AE8E07E3-C369-4F50-966D-DF3674/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p
C:\Microsoft AntiSpyware\Quarantine\37D4D343-E213-4909-843F-456539\AE8E07E3-C369-4F50-966D-DF3674/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\Microsoft AntiSpyware\Quarantine\37D4D343-E213-4909-843F-456539\AE8E07E3-C369-4F50-966D-DF3674/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\Microsoft AntiSpyware\Quarantine\37D4D343-E213-4909-843F-456539\AE8E07E3-C369-4F50-966D-DF3674 Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\secure32.html Infected: not-virus:Hoax.Win32.Renos.y
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP139\A0010809.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP139\A0011812.exe Infected: Trojan-Downloader.Win32.TSUpdate.n
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP139\A0011813.exe Infected: Trojan-Downloader.Win32.TSUpdate.p
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP139\A0011814.exe Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP139\A0011815.exe Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP139\A0011816.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011842.exe Infected: Trojan-Downloader.Win32.Keenval
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011843.exe Infected: Trojan-Downloader.Win32.Keenval
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011844.exe Infected: Trojan-Downloader.Win32.Keenval
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011849.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011850.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011915.exe Infected: Trojan.Win32.StartPage.agi
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011916.exe Infected: Trojan-Downloader.Win32.CWS.n
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011925.exe Infected: Packed.Win32.Klone.b
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011926.exe Infected: Packed.Win32.Klone.b
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011944.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011953.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011960.dll Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011963.exe Infected: Trojan-Clicker.Win32.Spywad.k
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0011976.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0012979.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0012996.exe Infected: Trojan-Proxy.Win32.Xorpix.d
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0012997.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0013011.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0013023.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0013034.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP140\A0013038.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP141\A0013042.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP141\A0013079.exe Infected: Trojan-Downloader.Win32.VB.ri
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP141\A0013080.exe Infected: Trojan-Downloader.Win32.Small.buy
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP141\A0013081.exe Infected: Trojan-Downloader.Win32.TSUpdate.o
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP141\A0013148.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP142\A0013206.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP142\A0013231.exe Infected: Trojan-Downloader.Win32.PurityScan.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP144\A0013373.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP144\A0013379.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP145\A0013503.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP146\A0013586.exe Infected: Trojan-PSW.Win32.Agent.bu
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP146\A0013587.exe Infected: Trojan-Downloader.Win32.Small.byf
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP146\A0013588.dll Infected: Trojan-PSW.Win32.Agent.bu
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP146\A0013589.dll Infected: Trojan-PSW.Win32.Agent.bu
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP146\A0013590.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP146\A0013591.exe Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP146\A0013592.exe Infected: Trojan-Downloader.Win32.TSUpdate.n
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP146\A0013593.exe Infected: Trojan-Clicker.Win32.Spywad.k
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP147\A0013614.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP150\A0013664.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP152\A0014104.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP152\A0014106.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP154\A0014452.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP154\A0014522.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP155\A0014584.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP155\A0014649.exe Infected: Trojan-Proxy.Win32.Xorpix.i
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP156\A0014701.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP158\A0014769.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP161\A0014917.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP161\A0015094.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP161\A0015100.exe Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP161\A0015102.exe Infected: Trojan-Downloader.Win32.TSUpdate.p
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP161\A0015105.exe Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP162\A0015209.dll Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP162\A0015216.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP162\A0015238.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP163\A0015283.dll Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP163\A0015316.exe Infected: Trojan-Downloader.Win32.PurityScan.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP164\A0015328.exe Infected: Trojan-Proxy.Win32.Xorpix.b
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP164\A0015373.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP166\A0015398.exe Infected: Trojan-Proxy.Win32.Xorpix.b
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP167\A0015428.exe Infected: Trojan-Downloader.Win32.Small.buh
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP167\A0015429.exe Infected: Packed.Win32.Klone.b
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP167\A0015430.exe Infected: SpamTool.Win32.Mailbot.d
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP167\A0015431.exe Infected: Trojan-Proxy.Win32.Wopla.n
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP167\A0015432.exe Infected: Trojan-Proxy.Win32.Wopla.n
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP167\A0015433.exe Infected: Packed.Win32.Klone.b
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP167\A0015434.dll Infected: Trojan-Downloader.Win32.Small.bug
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP167\A0015435.dll Infected: Trojan-Proxy.Win32.Wopla.n
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP167\A0015436.dll Infected: Trojan-Proxy.Win32.Wopla.n
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP167\A0015437.exe Infected: Trojan.Win32.StartPage.aw
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP168\A0015484.exe Infected: Trojan-Downloader.Win32.PurityScan.bo
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP170\A0015539.exe Infected: Trojan-Downloader.Win32.PurityScan.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP171\A0016536.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP173\A0016650.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP173\A0017650.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP176\A0017772.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP178\A0017829.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP178\A0017836.exe Infected: Trojan-Downloader.Win32.PurityScan.br
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP180\A0017896.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP181\A0017938.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP183\A0017996.exe Infected: Trojan-Proxy.Win32.Xorpix.b
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP183\A0017997.exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP183\A0017998.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP183\A0017999.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP183\A0018028.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP189\A0018127.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP193\A0018219.exe Infected: Trojan-Proxy.Win32.Xorpix.k
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP193\A0018220.exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP193\A0018221.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP193\A0018222.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP194\A0018303.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP195\A0018325.exe Infected: Trojan-Downloader.Win32.PurityScan.br
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP196\A0018433.exe Infected: Trojan-Downloader.Win32.PurityScan.br
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP204\A0018739.exe Infected: Trojan-Downloader.Win32.PurityScan.br
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP205\A0018812.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP205\A0018813.exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP205\A0018814.exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP205\A0018815.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP205\A0018816.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0018958.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0018959.exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0018960.exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0018961.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0018962.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0018982.exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0018983.exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0018984.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0018985.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019750.exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019751.exe/data0010 Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019751.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019752.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019753.exe Infected: Trojan-Proxy.Win32.Delf.aa
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019757.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019758.exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019759.dll Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019760.dll Infected: SpamTool.Win32.Mailbot.d
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019761.exe Infected: Trojan-Proxy.Win32.Xorpix.k
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019762.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019763.exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019764.dll Infected: Backdoor.Win32.Agent.qs
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019765.cpl Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019766.exe Infected: Packed.Win32.Klone.b
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019768.dll Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019769.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP208\A0019776.exe Infected: Trojan-Proxy.Win32.Xorpix.g
C:\System Volume Information\_restore{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP88\A0008422.exe Infected: Trojan-Downloader.Win32.PurityScan.au
C:\Trend Micro\Internet Security 2005\Quarantine\21.tmp Infected: Email-Worm.Win32.Delf.i
C:\Trend Micro\Internet Security 2005\Quarantine\501.tmp Infected: Exploit.Java.ByteVerify
C:\Trend Micro\Internet Security 2005\Quarantine\502.tmp Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Trend Micro\Internet Security 2005\Quarantine\503.tmp Infected: Exploit.Java.ByteVerify
C:\Trend Micro\Internet Security 2005\Quarantine\507.tmp Infected: Exploit.Java.ByteVerify
C:\Trend Micro\Internet Security 2005\Quarantine\56.tmp/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Trend Micro\Internet Security 2005\Quarantine\56.tmp/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Trend Micro\Internet Security 2005\Quarantine\56.tmp Infected: Trojan-Downloader.Java.OpenConnection.aj
C:\Trend Micro\Internet Security 2005\Quarantine\57.tmp/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w
C:\Trend Micro\Internet Security 2005\Quarantine\57.tmp Infected: Trojan-Downloader.Java.OpenStream.w
C:\Trend Micro\Internet Security 2005\Quarantine\58.tmp/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c
C:\Trend Micro\Internet Security 2005\Quarantine\58.tmp/Counter.class Infected: Trojan.Java.ClassLoader.h
C:\Trend Micro\Internet Security 2005\Quarantine\58.tmp/Parser.class Infected: Trojan.Java.ClassLoader.d
C:\Trend Micro\Internet Security 2005\Quarantine\58.tmp Infected: Trojan.Java.ClassLoader.d
C:\Trend Micro\Internet Security 2005\Quarantine\59.tmp Infected: Email-Worm.Win32.Delf.i
C:\Trend Micro\Internet Security 2005\Quarantine\5D.tmp/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w
C:\Trend Micro\Internet Security 2005\Quarantine\5D.tmp Infected: Trojan-Downloader.Java.OpenStream.w
C:\Trend Micro\Internet Security 2005\Quarantine\5E.tmp/data0003 Infected: Trojan-Downloader.Win32.Keenval.f
C:\Trend Micro\Internet Security 2005\Quarantine\5E.tmp Infected: Trojan-Downloader.Win32.Keenval.f
C:\Trend Micro\Internet Security 2005\Quarantine\5F.tmp/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w
C:\Trend Micro\Internet Security 2005\Quarantine\5F.tmp Infected: Trojan-Downloader.Java.OpenStream.w
C:\Trend Micro\Internet Security 2005\Quarantine\70.tmp Infected: Exploit.Java.ByteVerify
C:\Trend Micro\Internet Security 2005\Quarantine\72.tmp Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Trend Micro\Internet Security 2005\Quarantine\74.tmp Infected: Exploit.Java.ByteVerify
C:\Trend Micro\Internet Security 2005\Quarantine\82.tmp/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Trend Micro\Internet Security 2005\Quarantine\82.tmp/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Trend Micro\Internet Security 2005\Quarantine\82.tmp/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Trend Micro\Internet Security 2005\Quarantine\82.tmp/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Trend Micro\Internet Security 2005\Quarantine\82.tmp Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Trend Micro\Internet Security 2005\Quarantine\83.tmp/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Trend Micro\Internet Security 2005\Quarantine\83.tmp/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Trend Micro\Internet Security 2005\Quarantine\83.tmp/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Trend Micro\Internet Security 2005\Quarantine\83.tmp Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Trend Micro\Internet Security 2005\Quarantine\92B.tmp/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w
C:\Trend Micro\Internet Security 2005\Quarantine\92B.tmp Infected: Trojan-Downloader.Java.OpenStream.w
C:\Trend Micro\Internet Security 2005\Quarantine\B0.tmp Infected: Email-Worm.Win32.Delf.i
C:\Trend Micro\Internet Security 2005\Quarantine\EE.tmp/data0003 Infected: Trojan-Downloader.Win32.Keenval.f
C:\Trend Micro\Internet Security 2005\Quarantine\EE.tmp Infected: Trojan-Downloader.Win32.Keenval.f
C:\Trend Micro\Internet Security 2005\Quarantine\FB.tmp Infected: Email-Worm.Win32.Delf.i
C:\WINDOWS\secure32.html Infected: not-virus:Hoax.Win32.Renos.y
C:\WINDOWS\svchost.exe Infected: Trojan-Dropper.Win32.Agent.agf
C:\WINDOWS\system32\mstool.exe Infected: Trojan-Proxy.Win32.Xorpix.g
Scan process completed.
Thank you in advance for your help.
Hi,
HijackThis log looks clean. But, there are some files to delete now. Run KillBox, and select the Delete on reboot option.
Highlight all the entries in the quote box below and then Copy them.
Then in Killbox click File > Paste from Clipboard.
At this point the "All Files" button should be enabled so you can click it. Click the "All Files" button.
Then click the Red X button and for the confirmation message that will appear, you will need to click "Yes". A second message will ask to Reboot now? you will need to click "Yes" to allow the reboot.
Note: Killbox will let you know if a file does not exist.
[If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click yes to allow the reboot.]
Have you scanned the file C:\WINDOWS\System32\outpstd.exe at www.virustotal.com ? Is it clean?
Also, there are lots of virus files in the System Restore folder. If you do "System Restore", then they will get back to their original locations. So, its better delete the System REstore points created by Windows XP. To do that, please follow the steps provided here. Once you turn off the System Restore, it deletes all the restore points. After that, you can enable it again.
Apart from these, everything looks clean. Is the PC running fine?
HijackThis log looks clean. But, there are some files to delete now. Run KillBox, and select the Delete on reboot option.
Highlight all the entries in the quote box below and then Copy them.
•
•
•
•
C:\secure32.html
C:\WINDOWS\secure32.html
C:\WINDOWS\svchost.exe
C:\WINDOWS\system32\mstool.exe
At this point the "All Files" button should be enabled so you can click it. Click the "All Files" button.
Then click the Red X button and for the confirmation message that will appear, you will need to click "Yes". A second message will ask to Reboot now? you will need to click "Yes" to allow the reboot.
Note: Killbox will let you know if a file does not exist.
[If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click yes to allow the reboot.]
Have you scanned the file C:\WINDOWS\System32\outpstd.exe at www.virustotal.com ? Is it clean?
Also, there are lots of virus files in the System Restore folder. If you do "System Restore", then they will get back to their original locations. So, its better delete the System REstore points created by Windows XP. To do that, please follow the steps provided here. Once you turn off the System Restore, it deletes all the restore points. After that, you can enable it again.
Apart from these, everything looks clean. Is the PC running fine?
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
-Albert Einstein.
I followed the instructions posted and did check outpstd.exe but ended up deleting it. I also followed the system restore instructions to get rid of the viruses in the system restore folder. My PC is running well now. Thank you for your help.
 |
Similar Threads
- 9 Popups, HJT Included (Viruses, Spyware and other Nasties)
- Need help with Aurora popups and probably some other junk - please (Viruses, Spyware and other Nasties)
- Computer nearly inoperable (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: HJT Log, does it seem clean?
- Next Thread: Need Serious Help With My HIJACKTHIS Log
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos domains education email europe exam exploit facebook fake fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting report research risk rogueantivirus samhain sans scareware search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
