NEED HELP Virus has taken over my computer, read my HJT log

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

offair

Thread Starter
Joined
Sep 24, 2005
Messages
46
HJT LOG

Logfile of HijackThis v1.99.1
Scan saved at 8:39:50 PM, on 1/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\IA\command.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\system32\popcorn72.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\windows\adtech2006a.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe
C:\winstall.exe
C:\WINDOWS\system32\paytime.exe
C:\WINDOWS\system32\sywsvcs.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\PROGRA~1\COMMON~1\zqqo\zqqom.exe
C:\Program Files\Common Files\VCClient\VCClient.exe
C:\Program Files\Common Files\VCClient\VCMain.exe
C:\Program Files\sswp\cruu.exe
C:\WINDOWS\system32\r?gsvr32.exe
C:\PROGRA~1\COMMON~1\zqqo\zqqoa.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
c:\windows\banmanpro.exe
C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CONNMN~1.EXE
C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\CapMan.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\ElogErr.exe
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\BROADC~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\SONYER~1\Mobile\CONNEC~1\SCRFS.exe
C:\PROGRA~1\SONYER~1\Mobile\MOBILE~1\EPMWOR~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\WINDOWS\system32\dial32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;<local>
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\system32\ktyxh.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\system32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\yaqwcr.exe reg_run
O4 - HKLM\..\Run: [drsmartloadb] c:\\drsmartloadb.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [driver64] vxdman.exe
O4 - HKLM\..\Run: [RtlFindVal] cnftips.exe
O4 - HKLM\..\Run: [dmshe.exe] C:\WINDOWS\system32\dmshe.exe
O4 - HKLM\..\Run: [enewsletterpro] c:\windows\enewsletterpro.exe
O4 - HKLM\..\Run: [banmanpro] c:\windows\banmanpro.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\system32\paytime.exe
O4 - HKCU\..\Run: [desktop] C:\WINDOWS\system32\idemlog.exe
O4 - HKCU\..\Run: [UnSpyPC] C:\Program Files\UnSpyPC\UnSpyPC.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\system32\sywsvcs.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [zqqo] C:\PROGRA~1\COMMON~1\zqqo\zqqom.exe
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Cpue] "C:\Program Files\sswp\cruu.exe" -vt yazr
O4 - HKCU\..\Run: [Cohh] C:\WINDOWS\system32\r?gsvr32.exe
O4 - HKCU\..\Run: [backorif] TForm1.exe
O4 - HKCU\..\Run: [WinInitDll] sysconf16.exe
O4 - HKCU\..\Run: [Shaitan1678] driver32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Phone Connection Monitor.lnk = C:\Program Files\Sony Ericsson\Mobile\audevicemgr.exe
O4 - Global Startup: pzwx.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (HKCU)
O9 - Extra 'Tools' menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\Program Files\UnSpyPC\UnSpyPC.exe (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{11135AF9-8A4C-4BC8-B663-4AB9834FFCE7}: NameServer = 85.255.116.130,85.255.112.215
O17 - HKLM\System\CCS\Services\Tcpip\..\{5474E751-FE9B-40E1-86F5-06547123264E}: NameServer = 85.255.116.130,85.255.112.215
O17 - HKLM\System\CCS\Services\Tcpip\..\{645E1942-41A5-4414-A25E-433023A9E8A6}: NameServer = 85.255.116.130,85.255.112.215
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A0499A8-13DB-45EA-BB0E-8418DEF7A133}: NameServer = 85.255.116.130,85.255.112.215
O17 - HKLM\System\CCS\Services\Tcpip\..\{8905FC1C-279B-43EC-85EC-12B9556EE11D}: NameServer = 85.255.116.130,85.255.112.215
O17 - HKLM\System\CCS\Services\Tcpip\..\{C51D38F7-B6AA-4E3B-938C-759EFD728F97}: NameServer = 85.255.116.130,85.255.112.215
O17 - HKLM\System\CS1\Services\Tcpip\..\{11135AF9-8A4C-4BC8-B663-4AB9834FFCE7}: NameServer = 85.255.116.130,85.255.112.215
O17 - HKLM\System\CS2\Services\Tcpip\..\{11135AF9-8A4C-4BC8-B663-4AB9834FFCE7}: NameServer = 85.255.116.130,85.255.112.215
O20 - AppInit_DLLs: repairs302972988.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Installer - C:\WINDOWS\system32\e6200gfme62a0.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\IA\command.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
 

offair

Thread Starter
Joined
Sep 24, 2005
Messages
46
and also this is my kapersky online scanner result, alot of trojan! need help plz thankyou

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, January 05, 2006 00:24:08
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 5/01/2006
Kaspersky Anti-Virus database records: 158932
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 64389
Number of viruses found: 37
Number of infected objects: 108
Number of suspicious objects: 0
Duration of the scan process: 3332 sec

Infected Object Name - Virus Name
C:\AGEU_SilentSudokuInstaller.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk
C:\AGEU_SilentSudokuInstaller.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk
C:\AGEU_SilentSudokuInstaller.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\Documents and Settings\Owner\Desktop\1.dat Infected: Trojan-Downloader.Win32.Small.awa
C:\Documents and Settings\Owner\Desktop\2.dat Infected: not-virus:Hoax.Win32.Renos.al
C:\Documents and Settings\Owner\Local Settings\Temp\!update.exe Infected: Trojan-Downloader.Win32.PurityScan.ax
C:\Documents and Settings\Owner\Local Settings\Temp\a.exe Infected: Trojan-Downloader.Win32.PassAlert.i
C:\Documents and Settings\Owner\Local Settings\Temp\AGEU_SudokuInstaller.exe/data0006 Infected: Trojan-Dropper.Win32.VB.kk
C:\Documents and Settings\Owner\Local Settings\Temp\AGEU_SudokuInstaller.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\Documents and Settings\Owner\Local Settings\Temp\D2AB1.tmp/Quicklinks.exe/data0001 Infected: Trojan.Win32.Runner.h
C:\Documents and Settings\Owner\Local Settings\Temp\D2AB1.tmp/Quicklinks.exe Infected: Trojan.Win32.Runner.h
C:\Documents and Settings\Owner\Local Settings\Temp\D2AB1.tmp Infected: Trojan.Win32.Runner.h
C:\Documents and Settings\Owner\Local Settings\Temp\dk.dial Infected: Trojan.Win32.Dialer.ay
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\UZD9FTIS\rcverlib[1].exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WWNRHRTG\banmanpro[1].exe Infected: Trojan-Clicker.Win32.VB.kc
C:\Documents and Settings\Owner\Local Settings\Temp\tm48911.exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\Documents and Settings\Owner\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n
C:\Documents and Settings\Owner\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p
C:\Documents and Settings\Owner\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\Documents and Settings\Owner\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\Documents and Settings\Owner\Local Settings\Temp\tsinstall_4_0_4_0_b4.exe Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\37J8STAP\!update-3020[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.ax
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\37J8STAP\adtech2006a[1].exe Infected: Trojan-Clicker.Win32.VB.kc
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\37J8STAP\drsmartload117a[1].exe Infected: Trojan-Downloader.Win32.Adload.j
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\37J8STAP\drsmartload[1].exe Infected: Trojan-Downloader.Win32.Adload.l
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\37J8STAP\MTE3NDI6ODoxNg[1].exe Infected: Trojan-Downloader.Win32.Small.buy
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\37J8STAP\rcverlib[1].exe Infected: Trojan-Downloader.Win32.Qoologic.ax
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\37J8STAP\tool2[1].txt Infected: not-virus:Hoax.Win32.Renos.aj
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\37J8STAP\xpl1[1].wmf Infected: Trojan-Downloader.Win32.Agent.acd
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7BHFF18W\1002[1].exe Infected: not-virus:Hoax.Win32.Renos.al
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7BHFF18W\AGEU_SilentSudokuInstaller[1].exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7BHFF18W\AGEU_SilentSudokuInstaller[1].exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7BHFF18W\AGEU_SilentSudokuInstaller[1].exe Infected: Trojan-Dropper.Win32.VB.kk
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\7BHFF18W\hosts[1].txt Infected: Trojan.Win32.Qhost.el
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8NV72CTP\052[1].htm Infected: Trojan-Downloader.JS.Phel.d
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8NV72CTP\9400[1].cab/Quicklinks.exe/data0001 Infected: Trojan.Win32.Runner.h
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8NV72CTP\9400[1].cab/Quicklinks.exe Infected: Trojan.Win32.Runner.h
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8NV72CTP\9400[1].cab Infected: Trojan.Win32.Runner.h
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8NV72CTP\kl[1].txt Infected: Trojan-PSW.Win32.Agent.bu
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8NV72CTP\paytime[1].txt Infected: Trojan.Win32.StartPage.agq
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8NV72CTP\stub_113_4_0_4_0[1].exe Infected: Trojan-Downloader.Win32.TSUpdate.o
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8NV72CTP\timessquare[1].exe Infected: Trojan.Win32.StartPage.aw
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8NV72CTP\wmf_dcode[1].wmf Infected: Trojan-Downloader.Win32.Agent.acd
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8NV72CTP\xpladv416[1].wmf Infected: Trojan-Downloader.Win32.Agent.acd
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8NV72CTP\xpl[1].wmf Infected: Trojan-Downloader.Win32.Agent.acd
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\DSGJX9OL\1001[1].exe Infected: Trojan-Downloader.Win32.Small.awa
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\E6A2LYH6\ms1[1].txt Infected: Trojan-Downloader.Win32.Tiny.al
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\E6A2LYH6\paradise[1].raw Infected: Packed.Win32.Klone.b
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\E6A2LYH6\SS1001[1].exe/data0010 Infected: Trojan-Dropper.Win32.Small.qn
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\E6A2LYH6\SS1001[1].exe Infected: Trojan-Dropper.Win32.Small.qn
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\E6A2LYH6\toolbar[1].txt Infected: Trojan-Downloader.Win32.Adload.j
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GLUN8XMR\drsmartloadb[1].exe Infected: Trojan-Downloader.Win32.Adload.l
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GLUN8XMR\tool3[1].txt Infected: Packed.Win32.Klone.b
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\M9JGPCJA\DH9013[1].exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\M9JGPCJA\DH9013[1].exe Infected: Trojan-Clicker.Win32.Small.jf
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\M9JGPCJA\inrh9400[1].exe Infected: Trojan-Downloader.Win32.Small.bke
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\M9JGPCJA\installerus[1].exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\M9JGPCJA\loaderadv416[1].exe Infected: Trojan-Downloader.Win32.PassAlert.i
C:\drsmartload1.exe Infected: Trojan-Downloader.Win32.Adload.l
C:\drsmartloadb.exe Infected: Trojan-Downloader.Win32.Adload.l
C:\inrh9400.exe Infected: Trojan-Downloader.Win32.Small.bke
C:\MTE3NDI6ODoxNg.exe Infected: Trojan-Downloader.Win32.Small.buy
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll Infected: Trojan-PSW.Win32.Agent.bu
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe Infected: Trojan.Win32.Zapchast.ad
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll Infected: Trojan-Spy.Win32.Small.dg
C:\Program Files\Common Files\VCClient\SS1001.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\Program Files\Common Files\zqqo\zqqoa.exe Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\Program Files\Common Files\zqqo\zqqol.exe Infected: Trojan-Downloader.Win32.TSUpdate.p
C:\Program Files\Common Files\zqqo\zqqom.exe Infected: Trojan-Downloader.Win32.TSUpdate.n
C:\Program Files\Common Files\zqqo\zqqop.exe Infected: Trojan-Downloader.Win32.TSUpdate.f
C:\Program Files\sswp\cruu.exe Infected: Trojan-Downloader.Win32.PurityScan.ax
C:\Program Files\Yazzle Sudoku\Sudoku.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\SS1001.exe/data0010 Infected: Trojan-Dropper.Win32.Small.qn
C:\SS1001.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\stub_113_4_0_4_0.exe Infected: Trojan-Downloader.Win32.TSUpdate.o
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP298\A0036070.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP298\A0038103.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP298\A0038680.dll Infected: Trojan-Downloader.Win32.Qoologic.bd
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP298\A0038681.exe Infected: Trojan.Win32.Pakes
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP298\A0038683.exe Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP298\A0038684.dll Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP298\A0038714.cpl Infected: Trojan-Downloader.Win32.Qoologic.at
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP298\A0038890.exe Infected: Trojan-Downloader.Win32.Agent.sy
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP298\A0038899.exe Infected: Trojan-Downloader.Win32.Tiny.al
C:\WINDOWS\adtech2006a.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\WINDOWS\banmanpro.exe Infected: Trojan-Clicker.Win32.VB.kc
C:\WINDOWS\DH.dll Infected: Trojan-Clicker.Win32.Small.jf
C:\WINDOWS\kl.exe Infected: Trojan-PSW.Win32.Agent.bu
C:\WINDOWS\pss\pzwx.exeCommon Startup Infected: Trojan-Downloader.Win32.Qoologic.at
C:\WINDOWS\system32\dgprpsetup.exe Infected: Trojan-Downloader.Win32.Agent.sy
C:\WINDOWS\system32\DH9013.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
C:\WINDOWS\system32\DH9013.exe Infected: Trojan-Clicker.Win32.Small.jf
C:\WINDOWS\system32\dial32.exe Infected: Trojan.Win32.Dialer.ay
C:\WINDOWS\system32\idemlog.exe Infected: Backdoor.Win32.Agent.rw
C:\WINDOWS\system32\paradise.raw Infected: Packed.Win32.Klone.b
C:\WINDOWS\system32\paytime.exe Infected: Trojan.Win32.StartPage.agq
C:\WINDOWS\system32\pgws.exe Infected: Trojan.Win32.Runner.h
C:\WINDOWS\system32\qpsenpu.dll Infected: Trojan-Downloader.Win32.Qoologic.az
C:\WINDOWS\system32\Quicklinks.exe/data0001 Infected: Trojan.Win32.Runner.h
C:\WINDOWS\system32\Quicklinks.exe Infected: Trojan.Win32.Runner.h
C:\WINDOWS\system32\sywsvcs.exe Infected: Packed.Win32.Klone.b
C:\WINDOWS\system32\winctrl32.exe Infected: not-virus:Hoax.Win32.Renos.al
C:\WINDOWS\system32\winctrl64.exe Infected: Trojan-Downloader.Win32.Small.awa
C:\WINDOWS\timessquare.exe Infected: Trojan.Win32.StartPage.aw
C:\WINDOWS\tool2.exe Infected: not-virus:Hoax.Win32.Renos.aj
C:\WINDOWS\tool3.exe Infected: Packed.Win32.Klone.b
C:\WINDOWS\toolbar.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\winstall.exe Infected: not-virus:Hoax.Win32.Renos.al

Scan process completed.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top