|
-
October 11th, 2008, 12:59 AM
#1
 "Windows has detected spyware infection!" Balloon popup msg.
Hi, I recently began receiving this balloon popup message on my taskbar:
When I click on this balloon it pretends to install antivirus programs but I am certain that this is malware, notice how "prevent" is mispelt.
The balloon pops up at three times a minute and is frustrating, I want to remove it before the damage gets worse.
The malware has also disabled my task manager, when I attempt to access task manager I get an error message saying "Task manager has been disabled by administrator" however I am the administrator and did not disable it.
I have had experience using Hijack this and safe mode etc to clean my computer, please just direct me with all the appropiate steps and help me a.s.a.p. I am online now and will be most of the day, thanks.
Thankyou,
Cheetah2007
-
October 11th, 2008, 01:45 AM
#2
Download Malwarebytes' Anti-Malware (http://www.majorgeeks.com/Malwarebyt...are_d5756.html) to your desktop.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure to checkmark the Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.
Make sure that you restart the computer.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
====
Download HijackThis Executable from here. Save it to your desktop.
Start HJT & press the "Do a system scan and save a log file" button. When the scan is finished a window will pop up giving you the option of where to save it. Save it to desktop where it is easy to access. Open the log file and then go to the format Tab and make sure that wordwrap is unchecked. Copy the entire contents of the file & paste it into the body of your post. DO NOT FIX ANYTHING YET. Most of what is there is necessary for the running of your system.
-
October 11th, 2008, 08:02 PM
#3
Thanks for the help crunchie, here are the logs:
I'll have to make a few posts to fit it all in.
---
Malwarebytes' Anti-Malware 1.28
Database version: 1255
Windows 5.1.2600 Service Pack 3
12/10/2008 10:33:13 AM
mbam-log-2008-10-12 (10-33-13).txt
Scan type: Full Scan (C:\|)
Objects scanned: 103344
Time elapsed: 36 minute(s), 6 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 35
Registry Values Infected: 5
Registry Data Items Infected: 1
Folders Infected: 16
Files Infected: 507
Memory Processes Infected:
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.
Memory Modules Infected:
C:\Program Files\guhaqdc\hlpsyswin.dll (Trojan.Agent) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{618685D1-4E5A-F8ED-18F2-01B95CF4F502} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\dpcproxy (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\HOL5_VXIEWER.FULL.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\hol5_vxiewer.full.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Classes\applications\accessdiver.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fwbd (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\HolLol (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Inet Delivery (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mslagent (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Invictus (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Golden Palace Casino PT (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Golden Palace Casino NEW (Trojan.DNSChanger) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\wkey (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\mwc (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\hlpsyswin (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\brastk (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\j8q5yv1acc (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Folders Infected:
C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\102.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\31.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Settings (Rogue.SpywareBot) -> Quarantined and deleted successfully.
-
October 11th, 2008, 08:06 PM
#4
Files Infected:
C:\Program Files\guhaqdc\hlpsyswin.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\system32\brastk.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\vutmtmnk\jqfujejs.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\karna.dat (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\rs.dat (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Log\2007 Dec 02 - 03_00_07 AM_968.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Log\2007 Dec 02 - 03_00_24 AM_703.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\0.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\0.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\1.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\1.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\10.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\10.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\11.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\11.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\12.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\12.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\13.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\13.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\14.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\14.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\15.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\15.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\16.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\16.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\17.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\17.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\18.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\18.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\19.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\19.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\2.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\2.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\20.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\20.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\21.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\21.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\22.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\22.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\23.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\23.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\24.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\24.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\25.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\25.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\26.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\26.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\27.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\27.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\3.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\3.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\4.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\4.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\5.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\5.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\6.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\6.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\7.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\7.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\8.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\8.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\9.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\11-11-2007-20-28-11\9.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\0.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\0.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\1.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\1.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\10.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\10.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\100.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\100.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\101.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\101.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\102.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\103.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\104.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\105.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\105.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\106.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\106.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\107.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\108.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\109.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\109.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
-
October 11th, 2008, 08:09 PM
#5
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\11.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\11.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\110.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\12.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\12.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\13.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\13.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\14.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\14.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\15.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\15.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\16.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\16.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\17.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\17.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\18.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\18.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\19.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\19.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\2.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\2.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\20.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\20.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\21.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\21.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\22.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\22.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\23.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\23.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\24.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\24.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\25.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\25.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\26.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\26.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\27.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\27.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\28.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\28.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\29.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\29.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\3.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\3.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\30.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\30.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\31.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\32.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\32.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\33.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\33.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\34.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\34.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\35.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\35.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\36.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\36.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\37.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\37.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\38.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\38.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\39.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\39.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\4.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\4.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\40.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\40.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
-
October 11th, 2008, 08:12 PM
#6
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\41.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\41.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\42.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\42.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\43.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\43.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\44.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\44.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\45.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\45.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\46.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\46.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\47.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\47.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\48.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\48.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\49.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\49.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\5.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\5.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\50.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\50.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\51.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\51.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\52.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\52.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\53.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\53.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\54.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\54.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\55.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\55.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\56.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\56.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\57.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\57.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\58.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\58.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\59.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\59.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\6.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\6.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\60.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\60.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\61.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
-
October 11th, 2008, 08:20 PM
#7
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\62.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\62.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\63.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\63.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\64.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\64.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\65.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\65.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\66.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\66.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\67.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\67.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\68.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\68.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\69.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\69.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\7.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\7.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\70.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\70.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\71.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\71.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\72.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\72.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\73.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\73.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\74.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\74.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\75.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\75.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\76.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\76.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\77.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\77.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\78.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\78.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\79.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\79.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\8.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\8.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\80.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\80.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\81.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\81.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\82.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\82.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\83.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\83.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\84.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\84.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\85.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\85.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\86.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\86.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\87.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\87.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\88.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\88.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\89.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\89.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\9.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
-
October 11th, 2008, 08:23 PM
#8
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\9.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\90.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\90.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\91.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\91.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\92.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\92.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\93.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\93.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\94.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\94.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\95.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\95.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\96.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\96.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\97.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\97.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\98.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\98.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\99.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\13-10-2007-22-19-37\99.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\0.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\0.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\1.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\1.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\10.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\10.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\11.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\11.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\12.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\12.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\13.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\13.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\14.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\14.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\15.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\15.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\16.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\16.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\17.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\17.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\18.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\18.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\19.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\19.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\2.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\2.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\20.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\20.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\21.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\21.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\22.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\22.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\23.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\23.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\24.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\24.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\25.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\25.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\26.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\26.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\27.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\27.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\28.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\28.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\29.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\29.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\3.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\3.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\30.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\30.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\31.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\31.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\32.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\32.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\33.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\33.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\34.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\34.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\35.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\35.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\36.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\36.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\37.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\37.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\4.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\4.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\5.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\5.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\6.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\6.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\7.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\7.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\8.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\8.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\9.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-31-57\9.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\0.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\1.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\10.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
-
October 11th, 2008, 08:24 PM
#9
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\10.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\11.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\11.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\12.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\12.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\13.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\13.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\2.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\3.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\3.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\4.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\4.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\5.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\5.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\6.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\6.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\7.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\7.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\8.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\8.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\9.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-11-43-13\9.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\0.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\0.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\1.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\1.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\10.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\10.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\11.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\11.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\12.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\12.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\13.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\13.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\2.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\2.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\3.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\3.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\4.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\4.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\5.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\5.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\6.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\6.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\7.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\7.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\8.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\8.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\9.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\14-11-2007-18-14-34\9.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\0.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\0.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\1.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\1.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\10.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\10.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\11.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\11.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\12.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\12.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\13.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\13.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\14.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\14.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\2.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\2.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\3.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\3.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\4.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\4.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\5.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\5.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\6.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\6.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\7.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\7.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\8.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\8.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\9.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Quarantine\18-11-2007-23-29-58\9.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\CHRISTIAN\Application Data\SpywareBot\Settings\ScanResults.pie (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\WINDOWS\brastk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
-
October 11th, 2008, 08:25 PM
#10
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:49:03 AM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\obmrgpab.exe
C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=144.140.22.190:80;gopher=144.140.22.190:80;http=144.140.22.190:80;https=144.140.22.190:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.runescape.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\scvhost\svchost.exe,wuauserv.exe,
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] launchapp
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [flockbox] E:\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [winsh] C:\WINDOWS\system32\obmrgpab.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: karna.dat
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 9518 bytes
-
October 11th, 2008, 09:21 PM
#11
Still got nasties on board.
Please download ComboFix by sUBs from HERE or HERE- You must download it to and run it from your Desktop
- Physically disconnect from the internet.
- Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
- Double click combofix.exe & follow the prompts.
- When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
- Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
-
October 11th, 2008, 11:13 PM
#12
Ok, here's the ComboFix log:
-------------------------------------
ComboFix 08-10-11.02 - CHRISTIAN 2008-10-12 13:41:09.4 - NTFSx86
Running from: C:\Documents and Settings\CHRISTIAN\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - system32: deleted 12 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\ktd32.atm
C:\WINDOWS\system32\28463
C:\WINDOWS\system32\28463\akv.cfg
C:\WINDOWS\system32\28463\HDNU.001
C:\WINDOWS\system32\28463\HDNU.002
C:\WINDOWS\system32\28463\HDNU.005
C:\WINDOWS\system32\28463\test
C:\WINDOWS\system32\28463\VEKB.001
C:\WINDOWS\system32\28463\VEKB.002
C:\WINDOWS\system32\28463\VEKB.005
C:\WINDOWS\system32\dekxewlo.ini
C:\WINDOWS\system32\nwxwlrlf.ini
C:\WINDOWS\system32\sprybvnr.ini
C:\WINDOWS\system32\xsmtvaoc.ini
.
((((((((((((((((((((((((( Files Created from 2008-09-12 to 2008-10-12 )))))))))))))))))))))))))))))))
.
2008-10-11 17:46 . 2008-10-11 17:46 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-11 17:46 . 2008-10-11 17:46 <DIR> d-------- C:\Documents and Settings\CHRISTIAN\Application Data\Malwarebytes
2008-10-11 17:46 . 2008-10-11 17:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-11 17:46 . 2008-09-10 00:08 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-11 17:46 . 2008-09-10 00:08 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-11 17:12 . 2004-08-04 16:00 4,224 --a------ C:\WINDOWS\system32\drivers\beep.sys
2008-10-11 17:12 . 2004-08-04 16:00 4,224 --a--c--- C:\WINDOWS\system32\dllcache\beep.sys
2008-10-11 13:38 . 2008-10-12 09:43 65,428 --a------ C:\WINDOWS\system32\wini104552502.exe
2008-10-11 11:20 . 2008-10-12 10:36 <DIR> d-------- C:\Program Files\guhaqdc
2008-10-11 11:20 . 2008-10-12 10:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vutmtmnk
2008-10-11 11:20 . 2008-10-11 11:20 81,920 --a------ C:\WINDOWS\system32\obmrgpab.exe
2008-09-12 18:54 . 2008-09-12 19:27 22,040 --a------ C:\Documents and Settings\Guest\Application Data\data.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-12 02:58 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-10-11 00:20 --------- d-----w C:\Program Files\SwiftKit
2008-10-10 08:26 --------- d-----w C:\Program Files\Incomplete
2008-10-10 08:15 --------- d-----w C:\Program Files\LimeWire
2008-10-10 07:41 --------- d-----w C:\Program Files\Steam
2008-10-10 07:20 24 ----a-w C:\Documents and Settings\CHRISTIAN\jagex_runescape_preferences.dat
2008-10-03 13:58 22,040 ----a-w C:\Documents and Settings\CHRISTIAN\Application Data\data.dat
2008-09-22 08:20 --------- d-----w C:\Documents and Settings\CHRISTIAN\Application Data\Vidalia
2008-09-22 08:20 --------- d-----w C:\Documents and Settings\CHRISTIAN\Application Data\tor
2008-09-07 09:34 --------- d-----w C:\Documents and Settings\CHRISTIAN\Application Data\IcoFX
2008-09-07 08:15 --------- d-----w C:\Program Files\IcoFX 1.6
2008-09-07 03:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-07 01:48 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-09-07 01:48 --------- d-----w C:\Program Files\Microsoft Synchronization Services
2008-09-07 01:48 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-09-07 01:48 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-09-07 01:39 --------- d-----w C:\Program Files\Microsoft SDKs
2008-09-07 01:36 --------- d-----w C:\Program Files\Reference Assemblies
2008-09-07 01:36 --------- d-----w C:\Program Files\MSBuild
2008-08-28 12:02 --------- d-----w C:\Program Files\Vidalia Bundle
2008-08-26 14:30 --------- d-----w C:\Program Files\Devious Codeworks
2008-07-30 12:10 94,923 ----a-w C:\WINDOWS\IRC scanner Uninstaller.exe
2008-07-30 11:13 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-07-29 11:10 73,720 ----a-w C:\WINDOWS\system32\dxva2.dll
2008-07-29 11:10 493,048 ----a-w C:\WINDOWS\system32\evr.dll
2008-07-29 11:10 26,112 ----a-w C:\WINDOWS\system32\TsWpfWrp.exe
2008-07-29 10:35 326,160 ----a-w C:\WINDOWS\system32\PresentationHost.exe
2008-07-29 09:59 781,344 ----a-w C:\WINDOWS\system32\PresentationNative_v0300.dll
2008-07-29 09:59 43,544 ----a-w C:\WINDOWS\system32\PresentationHostProxy.dll
2008-07-29 09:59 161,296 ----a-w C:\WINDOWS\system32\UIAutomationCore.dll
2008-07-29 09:59 105,016 ----a-w C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2008-07-29 09:24 97,800 ----a-w C:\WINDOWS\system32\infocardapi.dll
2008-07-29 09:24 622,080 ----a-w C:\WINDOWS\system32\icardagt.exe
2008-07-29 09:24 11,264 ----a-w C:\WINDOWS\system32\icardres.dll
2008-07-25 01:16 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2008-07-25 01:16 83,968 ----a-w C:\WINDOWS\system32\mscories.dll
2008-07-25 01:16 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2008-07-25 01:16 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2008-07-18 12:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 12:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 12:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 12:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 12:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 12:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 12:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 12:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-04-07 10:14 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-12-11 14:26 34,665 ----a-w C:\Program Files\rsdeadst7.png
2007-05-20 11:30 652 --sha-w C:\WINDOWS\system32\2 rehctiwS dlroW.dat
2008-02-18 10:02 457 --sh--w C:\WINDOWS\system32\boothide.reg
2008-02-18 10:02 172 --sh--w C:\WINDOWS\system32\bootrun.reg
2007-08-06 07:52 641 --sha-w C:\WINDOWS\system32\vmw2divepacsenur.dat
2007-08-06 08:27 1,499 --sha-w C:\WINDOWS\system32\VMW_setiS_sratS_onroP.dat
2007-08-06 10:45 2,376 --sha-w C:\WINDOWS\system32\VMW_tuO_yaD_giB_seinniV.dat
.
Code:
<pre>
----a-w 7,126,528 2002-05-25 06:17:22 C:\Documents and Settings\CHRISTIAN\My Documents\WHOLE\N64ROM\GBColor (with all pokemon roms) (Works great) .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"winsh"="C:\WINDOWS\system32\obmrgpab.exe" [2008-10-11 81920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="launchapp" [X]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-07 761946]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-12-12 344064]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2005-12-06 1077322]
"DDWMon"="C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2006-04-26 299008]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2005-12-16 188416]
"Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2006-05-25 1773568]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-06-30 180269]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2005-11-23 1544192]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2005-10-19 49152]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-11-18 1115728]
"flockbox"="E:\My Lockbox\flockbox.exe" [N/A]
"BitDefender Antiphishing Helper"="C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-09-16 368640]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"NDSTray.exe"="NDSTray.exe" [N/A]
"TPSMain"="TPSMain.exe" [2005-06-01 C:\WINDOWS\system32\TPSMain.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-03-18 C:\WINDOWS\agrsmmsg.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 C:\WINDOWS\RTHDCPL.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Privoxy.lnk - C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe [2006-11-21 250368]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2006-05-13 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= ir41_32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\TOSHIBA\\ConfigFree\\CFXFER.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12193:TCP"= 12193:TCP:BitComet 12193 TCP
"12193:UDP"= 12193:UDP:BitComet 12193 UDP
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{46d389a0-36be-11dd-9379-00163654f04d}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a7140118-ec42-11dc-92e2-00173f162b7e}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3362C6F3-CCC8-B7BD-0400-080303050000}]
C:\WINDOWS\system32\scvhost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F61DE146-5ABB-25AE-E095-721261669916}]
C:\Program Files\NetMeeting\cb35.exe s
.
Contents of the 'Scheduled Tasks' folder
2008-10-12 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\CHRISTIAN\Application Data\Mozilla\Firefox\Profiles\iw1sdzmp.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.au
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-12 13:54:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2008-10-12 14:05:22 - machine was rebooted [CHRISTIAN]
ComboFix-quarantined-files.txt 2008-10-12 03:05:07
Pre-Run: 13,465,227,264 bytes free
Post-Run: 14,462,717,952 bytes free
218 --- E O F --- 2008-10-10 23:04:45
-
October 11th, 2008, 11:16 PM
#13
Here's the next HJT log:
---------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:15:53 PM, on 12/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\obmrgpab.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=144.140.22.190:80;gopher=144.140.22.190:80;http=144.140.22.190:80;https=144.140.22.190:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = www.runescape.com
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [LaunchApp] launchapp
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [flockbox] E:\My Lockbox\flockbox.exe /a
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [winsh] C:\WINDOWS\system32\obmrgpab.exe
O4 - Global Startup: Privoxy.lnk = C:\Program Files\Vidalia Bundle\Privoxy\privoxy.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe (file missing)
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DVD-RAM_Service - Matsu****a Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Cryptainer service (ssoftservice) - Cypherix Software (India) Pvt. Ltd. - C:\WINDOWS\SYSTEM32\cryptainersrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 9348 bytes
-
October 11th, 2008, 11:47 PM
#14
I noticed that combofix has been run 4 times. Any reason?
==
Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.
C:\WINDOWS\system32\drivers\beep.sys
C:\WINDOWS\system32\dllcache\beep.sys
C:\WINDOWS\system32\wini104552502.exe
C:\WINDOWS\system32\obmrgpab.exe
==
I also need to know the contents of these folders and the results from Jotti's if there are any files in them.
C:\Program Files\guhaqdc
C:\Documents and Settings\All Users\Application Data\vutmtmnk
-
October 12th, 2008, 12:14 AM
#15
Ok no problem.
Here are the scan results for:
C:\WINDOWS\system32\drivers\beep.sys
File: beep.sys
Status:
OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: da1f27d85e0d1525f6621372e7b685e9
Packers detected:
-
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
G DATA
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
===
C:\WINDOWS\system32\dllcache\beep.sys
File: beep.sys
Status:
OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: da1f27d85e0d1525f6621372e7b685e9
Packers detected:
-
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
G DATA
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
==
C:\WINDOWS\system32\wini104552502.exe
File: wini104552502.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 29011a82de29823d45f9749a37c50d99
Packers detected:
PE_PATCH, UPACK
A-Squared
Found Backdoor.Win32.Agent.ahj!IK
AntiVir
Found SPR/Dldr.Agent.BS
ArcaVir
Found Heur.Win32.I
Avast
Found Win32:Trojan-gen {Other}
AVG Antivirus
Found nothing
BitDefender
Found Trojan.FakeAV.CF
ClamAV
Found nothing
CPsecure
Found Packed.W32.CPEX-based.dw
Dr.Web
Found Trojan.Fakealert.1475
F-Prot Antivirus
Found W32/Agent.L.gen!Eldorado
F-Secure Anti-Virus
Found not-a-virus ownloader.Win32.Agent.bs (6, 2, 603)
G DATA
Found Win32:Trojan-gen
Ikarus
Found Backdoor.Win32.Agent.ahj
Kaspersky Anti-Virus
Found not-a-virusownloader.Win32.Agent.bs
NOD32
Found Win32/Adware.WinAntiSpyware application
Norman Virus Control
Found W32/Packed_Upack.A
Panda Antivirus
Found nothing
Sophos Antivirus
Found Mal/Heuri-E
VirusBuster
Found nothing
VBA32
Found Downloader.Win32.Agent.bs
==
*This last one has continually asked for permission to connect to the internet from Comodo but I have been denying it thus far.
C:\WINDOWS\system32\obmrgpab.exe
File: obmrgpab.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 55ba2db2b9a0e6d5ed936de612594f29
Packers detected:
-
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found Win32:PureMorph
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found Trojan.Win32.Obfuscated.gx
G DATA
Found Win32:PureMorph
Ikarus
Found Virus.Trojan.Win32.Obfuscated.gx
Kaspersky Anti-Virus
Found Trojan.Win32.Obfuscated.gx
NOD32
Found a variant of Win32/TrojanDownloader.FakeAlert.IQ
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found Mal/EncPk-DG
VirusBuster
Found nothing
VBA32
Found nothing
==
Both of the following folders are empty:
C:\Program Files\guhaqdc
C:\Documents and Settings\All Users\Application Data\vutmtmnk
Last edited by Cheetah2007; October 12th, 2008 at 12:25 AM.
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
