hijack help please

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

michelle23

Thread Starter
Joined
Dec 10, 2005
Messages
22
Hello all! Happy New Years! To make a long story short since I cannot type on this computer because errors constantly occur and spyware and viruses are taking over! I did a spybot adaware and virus scan but the problems are still active. here is the hijcak scan. I'm sorry for my poor spelling and grammar, the computer keeps slowing down and pop ups keep popping.

Logfile of HijackThis v1.99.1
Scan saved at 4:35:15 PM, on 1/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\scvhost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\igps.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Lacerte Shared\UpdNotif\UpdNotif.EXE
C:\WINDOWS\system32\pgws.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\newfrn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\HijackThis.exe
C:\WINDOWS\system32\dwwin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\gebya.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: GoogleCatch.clsIESpy - {4508E20C-ACAD-11D2-9FC0-00550076E06F} - C:\Program Files\2search\2search.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\Program Files\QL\qlink32.dll
O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [0go40rm8.dll] RUNDLL32.EXE 0go40rm8.dll,b 70699687
O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\system32\igps.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [\SWO] C:\WINDOWS\mrjj.exe
O4 - HKLM\..\Run: [=NOI] C:\WINDOWS\mrjj.exe
O4 - HKLM\..\Run: [2Search] C:\Program Files\2search\main.exe
O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\prarop.exe reg_run
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Updates Notifier] C:\Program Files\Common Files\Lacerte Shared\UpdNotif\UpdNotif.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.norun
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} (007installer Control) - http://www.bardownload.com/prompt/cabs/media.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcophotocenter.com/CostcoUpload.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dll
O20 - Winlogon Notify: gebya - gebya.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
 
Joined
Jul 8, 2002
Messages
14,681
Please save or print these instructions before beginning.
  • Go to Start>>Control Panel>>Add or Remove Program
  • Uninstall any of the following programs that appear in the list:

    2Search
    QuickLinks
    ViewPoint Manager
    webHancer

  • Run HijackThis and click Do a system scan only
  • Put a checkmark next to any of the following entries that appear, and click Fix Checked:

    O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\gebya.dll (file missing)
    O2 - BHO: GoogleCatch.clsIESpy - {4508E20C-ACAD-11D2-9FC0-00550076E06F} - C:\Program Files\2search\2search.dll
    O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\Program Files\QL\qlink32.dll
    O2 - BHO: (no name) - {C5AF2622-8C75-4dfb-9693-23AB7686A456} - C:\WINDOWS\DH.dll
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [lspins] "C:\WINDOWS\system32\igps.exe"
    O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
    O4 - HKLM\..\Run: [\SWO] C:\WINDOWS\mrjj.exe
    O4 - HKLM\..\Run: [=NOI] C:\WINDOWS\mrjj.exe
    O4 - HKLM\..\Run: [2Search] C:\Program Files\2search\main.exe
    O4 - HKLM\..\Run: [NewFrn] C:\WINDOWS\newfrn.exe
    O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\prarop.exe reg_run
    O15 - Trusted Zone: http://click.getmirar.com (HKLM)
    O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
    O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
    O16 - DPF: {20048BB3-DB68-11CF-9CAF-00AA006CB425} (007installer Control) - http://www.bardownload.com/prompt/cabs/media.cab
    O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
    O18 - Filter: text/html - {3551784B-E99A-474f-B782-3EC814442918} - C:\Program Files\QL\qlink32.dll
    O20 - Winlogon Notify: gebya - gebya.dll (file missing)
  • Exit HijackThis
  • Run KillBox and select Delete on Reboot
  • Copy this list of file and folder locations:

    C:\Program Files\Viewpoint\Viewpoint Manager\
    C:\Program Files\webHancer\
    C:\Program Files\2search\
    C:\WINDOWS\mrjj.exe
    C:\WINDOWS\newfrn.exe
    C:\WINDOWS\system32\igps.exe
    C:\WINDOWS\system32\prarop.exe
  • Go to File>>Paste from clipboard. Click All Files
  • Press the button with a red circle with an X in it, then Yes when prompted to restart your computer
    WARNING: Your computer will be restarted. Any unsaved work in open applications will be lost.​
  • Run HijackThis and click Do a system scan and save a log file
  • Your HijackThis log will open in Notepad. Post the contents of the log here
 

michelle23

Thread Starter
Joined
Dec 10, 2005
Messages
22
Thank you soo much for the help! The computer is doing a lot better but there are some pop ups that pop time to time. Here is Kaspersky scan and hijack log:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, January 01, 2006 20:38:27
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 2/01/2006
Kaspersky Anti-Virus database records: 158352
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 35047
Number of viruses found: 21
Number of infected objects: 97
Number of suspicious objects: 0
Duration of the scan process: 2566 sec

Infected Object Name - Virus Name
C:\!KillBox\prarop.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\AGEU_SilentSudokuInstaller.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk
C:\AGEU_SilentSudokuInstaller.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk
C:\AGEU_SilentSudokuInstaller.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\cme.exe/data.rar/drsmartload197a.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\cme.exe/data.rar/is468.exe/EXE-file Infected: Trojan-Downloader.Win32.ConHook.r
C:\cme.exe/data.rar/is468.exe Infected: Trojan-Downloader.Win32.ConHook.r
C:\cme.exe/data.rar Infected: Trojan-Downloader.Win32.ConHook.r
C:\cme.exe Infected: Trojan-Downloader.Win32.ConHook.r
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ogzg.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\Documents and Settings\Helen\Local Settings\Temp\temp.fr47C7 Infected: Trojan-Clicker.Win32.VB.is
C:\drsmartload1.exe Infected: Trojan-Downloader.Win32.Adload.l
C:\drsmartloadb.exe Infected: Trojan-Downloader.Win32.Adload.l
C:\installerus.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\inst_0004.exe Infected: Trojan-Downloader.Win32.Small.cam
C:\Program Files\Common Files\VCClient\SS1001.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\Program Files\Yazzle Sudoku\Sudoku.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\smart.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\SS1001.exe/data0010 Infected: Trojan-Dropper.Win32.Small.qn
C:\SS1001.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP333\A0022444.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP333\A0022482.dll Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP333\A0023487.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP333\A0023488.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP333\A0023489.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP333\A0023490.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP334\A0023506.pif Infected: Backdoor.Win32.SdBot.aad
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP334\A0024485.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP334\A0024486.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP334\A0024487.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP334\A0024488.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024513.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024514.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024515.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024516.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024523.exe Infected: Trojan-Downloader.Win32.Small.asf
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024533.exe Infected: Trojan-Downloader.Win32.Agent.ww
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024554.exe Infected: Trojan.Win32.Delf.og
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024555.dll Infected: Trojan-Spy.Win32.Agent.gk
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024569.exe/data.rar/mrjj.exe Infected: Trojan.Win32.LowZones.am
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024569.exe/data.rar Infected: Trojan.Win32.LowZones.am
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024569.exe Infected: Trojan.Win32.LowZones.am
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024575.exe Infected: Trojan-Downloader.Win32.Small.afq
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024783.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024784.exe Infected: Trojan.Win32.LowZones.am
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024799.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024804.cpl Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024815.dll Infected: Trojan-Downloader.Win32.ConHook.r
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024844.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024845.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024846.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024847.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024855.exe Infected: Trojan-Downloader.Win32.Small.afq
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024865.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024869.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024870.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024871.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024889.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024891.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024892.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024893.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024906.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024910.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024911.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024912.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024962.exe Infected: Trojan.Win32.Runner.h
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024963.dll Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024978.exe Infected: Trojan-Clicker.Win32.VB.is
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024980.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024986.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024988.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0024990.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0025006.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0025017.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0025018.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP335\A0025019.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\WINDOWS\drsmartload197a.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\WINDOWS\reSl.exe/data.rar/mrjj.exe Infected: Trojan.Win32.LowZones.am
C:\WINDOWS\reSl.exe/data.rar Infected: Trojan.Win32.LowZones.am
C:\WINDOWS\reSl.exe Infected: Trojan.Win32.LowZones.am
C:\WINDOWS\scvhost.exe Infected: Backdoor.Win32.SdBot.aad
C:\WINDOWS\system32\180sa.exe Infected: Trojan-Downloader.Win32.Small.asf
C:\WINDOWS\system32\DH9013.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
C:\WINDOWS\system32\DH9013.exe Infected: Trojan-Clicker.Win32.Small.jf
C:\WINDOWS\system32\install.exe Infected: Trojan-Downloader.Win32.Agent.ww
C:\WINDOWS\system32\ipppuiq.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\WINDOWS\system32\jdvdbjk.exe Infected: Trojan.Win32.Pakes
C:\WINDOWS\system32\krmrk.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\WINDOWS\system32\prarop.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\WINDOWS\system32\Quicklinks.exe/data0001 Infected: Trojan.Win32.Runner.h
C:\WINDOWS\system32\Quicklinks.exe Infected: Trojan.Win32.Runner.h
C:\WINDOWS\system32\ssqrs.dll Infected: Trojan-Downloader.Win32.ConHook.r
C:\WINDOWS\system32\tor_32.dll Infected: Trojan-Spy.Win32.Agent.gk
C:\WINDOWS\system32\tor_32.exe Infected: Trojan.Win32.Delf.og
C:\WINDOWS\system32\wbuby.dat Infected: Trojan-Downloader.Win32.Qoologic.at
C:\WINDOWS\WinDy.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
C:\WINDOWS\WinDy.exe Infected: Trojan-Clicker.Win32.Small.jf

Scan process completed.

Logfile of HijackThis v1.99.1
Scan saved at 8:39:03 PM, on 1/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\scvhost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\NavNT\vptray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Lacerte Shared\UpdNotif\UpdNotif.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [0go40rm8.dll] RUNDLL32.EXE 0go40rm8.dll,b 70699687
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\prarop.exe reg_run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Updates Notifier] C:\Program Files\Common Files\Lacerte Shared\UpdNotif\UpdNotif.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.norun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcophotocenter.com/CostcoUpload.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
 
Joined
Jul 8, 2002
Messages
14,681
Please save or print these instructions before beginning.
  • Go to Start>>Control Panel>>Add or Remove Program
  • Uninstall any of the following programs that appear in the list:

    Yazzle Sudoku

  • Run HijackThis and click Do a system scan only
  • Put a checkmark next to any of the following entries that appear, and click Fix Checked:

    R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
    O4 - HKLM\..\Run: [0go40rm8.dll] RUNDLL32.EXE 0go40rm8.dll,b 70699687
    O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\prarop.exe reg_run
  • Exit HijackThis
  • Run CleanUp! and go to Options>>Custom CleanUp!
  • Put a checkmark next to each of the following items:

    Empty Recycle Bins
    Delete Cookies
    Delete Prefetch files
    Scan local drives for temporary files
    Cleanup! All Users
  • Click OK>>CleanUp!
  • Exit CleanUp!
  • Run KillBox and select Delete on Reboot
  • Copy this list of file and folder locations:

    C:\AGEU_SilentSudokuInstaller.exe
    C:\cme.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ogzg.exe
    C:\drsmartload1.exe
    C:\drsmartloadb.exe
    C:\installerus.exe
    C:\inst_0004.exe
    C:\Program Files\Common Files\VCClient\
    C:\Program Files\Yazzle Sudoku\
    C:\SS1001.exe
    C:\WINDOWS\drsmartload197a.exe
    C:\WINDOWS\reSl.exe
    C:\WINDOWS\scvhost.exe
    C:\WINDOWS\system32\180sa.exe
    C:\WINDOWS\system32\DH9013.exe
    C:\WINDOWS\system32\install.exe
    C:\WINDOWS\system32\ipppuiq.dll
    C:\WINDOWS\system32\jdvdbjk.exe
    C:\WINDOWS\system32\krmrk.dll
    C:\WINDOWS\system32\prarop.exe
    C:\WINDOWS\system32\Quicklinks.exe
    C:\WINDOWS\system32\ssqrs.dll
    C:\WINDOWS\system32\tor_32.dll
    C:\WINDOWS\system32\tor_32.exe
    C:\WINDOWS\system32\wbuby.dat
    C:\WINDOWS\WinDy.exe
  • Go to File>>Paste from clipboard. Click All Files
  • Press the button with a red circle with an X in it, then Yes when prompted to restart your computer
    WARNING: Your computer will be restarted. Any unsaved work in open applications will be lost.​
  • Run HijackThis and click Do a system scan and save a log file
  • Your HijackThis log will open in Notepad. Post the contents of the log here
 

michelle23

Thread Starter
Joined
Dec 10, 2005
Messages
22
Thanks so much for the help! Here are the scans:

Logfile of HijackThis v1.99.1
Scan saved at 10:01:16 PM, on 1/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Lacerte Shared\UpdNotif\UpdNotif.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Updates Notifier] C:\Program Files\Common Files\Lacerte Shared\UpdNotif\UpdNotif.EXE
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Service Manager.norun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {90051A81-3018-4826-8B38-DD60B6B53F9C} (Snapfish File Upload ActiveX Control) - http://www.costcophotocenter.com/CostcoUpload.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\scvhost.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, January 01, 2006 22:00:24
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 2/01/2006
Kaspersky Anti-Virus database records: 158358
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 32164
Number of viruses found: 18
Number of infected objects: 74
Number of suspicious objects: 0
Duration of the scan process: 2401 sec

Infected Object Name - Virus Name
C:\!KillBox\180sa.exe Infected: Trojan-Downloader.Win32.Small.asf
C:\!KillBox\AGEU_SilentSudokuInstaller.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk
C:\!KillBox\AGEU_SilentSudokuInstaller.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk
C:\!KillBox\AGEU_SilentSudokuInstaller.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\!KillBox\cme.exe/data.rar/drsmartload197a.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\!KillBox\cme.exe/data.rar/is468.exe/EXE-file Infected: Trojan-Downloader.Win32.ConHook.r
C:\!KillBox\cme.exe/data.rar/is468.exe Infected: Trojan-Downloader.Win32.ConHook.r
C:\!KillBox\cme.exe/data.rar Infected: Trojan-Downloader.Win32.ConHook.r
C:\!KillBox\cme.exe Infected: Trojan-Downloader.Win32.ConHook.r
C:\!KillBox\DH9013.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
C:\!KillBox\DH9013.exe Infected: Trojan-Clicker.Win32.Small.jf
C:\!KillBox\drsmartload1.exe Infected: Trojan-Downloader.Win32.Adload.l
C:\!KillBox\drsmartload197a.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\!KillBox\drsmartloadb.exe Infected: Trojan-Downloader.Win32.Adload.l
C:\!KillBox\install.exe Infected: Trojan-Downloader.Win32.Agent.ww
C:\!KillBox\installerus.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\!KillBox\inst_0004.exe Infected: Trojan-Downloader.Win32.Small.cam
C:\!KillBox\ipppuiq.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\!KillBox\jdvdbjk.exe Infected: Trojan.Win32.Pakes
C:\!KillBox\krmrk.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\!KillBox\ogzg.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\!KillBox\prarop.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\!KillBox\Quicklinks.exe/data0001 Infected: Trojan.Win32.Runner.h
C:\!KillBox\Quicklinks.exe Infected: Trojan.Win32.Runner.h
C:\!KillBox\reSl.exe/data.rar/mrjj.exe Infected: Trojan.Win32.LowZones.am
C:\!KillBox\reSl.exe/data.rar Infected: Trojan.Win32.LowZones.am
C:\!KillBox\reSl.exe Infected: Trojan.Win32.LowZones.am
C:\!KillBox\scvhost.exe Infected: Backdoor.Win32.SdBot.aad
C:\!KillBox\SS1001.exe/data0010 Infected: Trojan-Dropper.Win32.Small.qn
C:\!KillBox\SS1001.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\!KillBox\ssqrs.dll Infected: Trojan-Downloader.Win32.ConHook.r
C:\!KillBox\tor_32.dll Infected: Trojan-Spy.Win32.Agent.gk
C:\!KillBox\tor_32.exe Infected: Trojan.Win32.Delf.og
C:\!KillBox\wbuby.dat Infected: Trojan-Downloader.Win32.Qoologic.at
C:\!KillBox\WinDy.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
C:\!KillBox\WinDy.exe Infected: Trojan-Clicker.Win32.Small.jf
C:\Program Files\Common Files\VCClient\SS1001.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\smart.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027029.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027032.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027032.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027032.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027033.exe/data.rar/drsmartload197a.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027033.exe/data.rar/is468.exe/EXE-file Infected: Trojan-Downloader.Win32.ConHook.r
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027033.exe/data.rar/is468.exe Infected: Trojan-Downloader.Win32.ConHook.r
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027033.exe/data.rar Infected: Trojan-Downloader.Win32.ConHook.r
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027033.exe Infected: Trojan-Downloader.Win32.ConHook.r
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027034.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027035.exe Infected: Trojan-Downloader.Win32.Adload.l
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027036.exe Infected: Trojan-Downloader.Win32.Adload.l
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027037.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027038.exe Infected: Trojan-Downloader.Win32.Small.cam
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027039.exe/data0010 Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027039.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027040.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027041.exe/data.rar/mrjj.exe Infected: Trojan.Win32.LowZones.am
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027041.exe/data.rar Infected: Trojan.Win32.LowZones.am
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027041.exe Infected: Trojan.Win32.LowZones.am
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027042.exe Infected: Backdoor.Win32.SdBot.aad
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027043.exe Infected: Trojan-Downloader.Win32.Small.asf
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027044.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027044.exe Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027045.exe Infected: Trojan-Downloader.Win32.Agent.ww
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027046.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027047.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027048.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027049.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027050.exe/data0001 Infected: Trojan.Win32.Runner.h
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027050.exe Infected: Trojan.Win32.Runner.h
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027051.dll Infected: Trojan-Downloader.Win32.ConHook.r
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027052.dll Infected: Trojan-Spy.Win32.Agent.gk
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027053.exe Infected: Trojan.Win32.Delf.og
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027054.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{077D4FC0-3FE3-4A8B-BEF9-BF87F3460466}\RP337\A0027054.exe Infected: Trojan-Clicker.Win32.Small.jf

Scan process completed.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top