1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan found please help with recovery

Discussion in 'Earlier Versions of Windows' started by kinchar, Jul 22, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. kinchar

    kinchar Thread Starter

    Joined:
    Jul 21, 2006
    Messages:
    28
    after using avast anti-virus and ad-aware to detect and remove the trojans and other nasties this is what I am left with. I don't know much about computers but I now this ins't right. I am running win me and I have included my hjt log, after reading some of the posts I am glad I found this site I know you can help me.
    thank you,
    kinchar

    Logfile of HijackThis v1.99.1
    Scan saved at 10:43:59 PM, on 7/21/2006
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
    C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SMSS.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
    C:\WINDOWS\WT\WCMDMGR.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\PROGRAM FILES\YOURWARE SOLUTIONS\FREERAM XP PRO\FREERAM XP PRO.EXE
    C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.my.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.my.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\WINDOWS\smss.exe
    O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
    O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
    O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - Startup: POWERR~1.EXE
    O4 - Startup: PowerReg Scheduler V3.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://darcmarv.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcafee.com/molbin/clinic/virusscan/mcasupd.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
     
  2. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Hi, Welcome to TSG!!


    Go to control panel, add/remove programs and remove WEATHERBUG

    Run HJT again and put a check in the following:

    O4 - Startup: PowerReg Scheduler V3.exe
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch

    Close all applications and browser windows before you click "fix checked".
     
  3. kinchar

    kinchar Thread Starter

    Joined:
    Jul 21, 2006
    Messages:
    28
    ok I have done what you said and this is the new hjt log, since the trojans and worms I am having problems with low system resources and many errors in my registry. And can you please tell me why (winoldap) is running in my background and why does it take over my system, and what is this C:\WINDOWS\SYSTEM\WINOA386.MOD?
    I have also included the log file of the original virus scan that found all my nasties maybe it can be of further help in figuring out what's wrong with my puter. Thank you so much for your time.

    Antivirus log
    8/2006 6:50:51 PM Sam Lane 4294869929 aswServ::AavmStart ERROR...
    7/19/2006 5:10:40 PM Sam Lane 4294435775 Sign of "Win32:Small-AKO [Trj]" has been found in "c:\windows\winlog.exe3072.exe" file.
    7/19/2006 5:16:18 PM Sam Lane 4294343875 Sign of "Win32:Trojano-P [Trj]" has been found in "c:\WINDOWS\TEMP\start.exe" file.
    7/19/2006 5:16:36 PM Sam Lane 4294343875 Sign of "Win32:Small-ACT [Trj]" has been found in "c:\WINDOWS\TEMP\bl4ck.com\[FSG]" file.
    7/19/2006 5:16:39 PM Sam Lane 4294343875 Sign of "Win32:Small-ACT [Trj]" has been found in "c:\WINDOWS\TEMP\a58c8a4a.exe\[FSG]" file.
    7/19/2006 5:16:42 PM Sam Lane 4294343875 Sign of "Win32:purityscan-Q [Trj]" has been found in "c:\WINDOWS\TEMP\!update.exe\[UPX]" file.
    7/19/2006 5:19:14 PM Sam Lane 4294343875 Sign of "Win32:InfDownloader [Trj]" has been found in "c:\WINDOWS\SYSTEM\Project2.INF" file.
    7/19/2006 5:20:01 PM Sam Lane 4294343875 Sign of "Win32:purityscan-Q [Trj]" has been found in "c:\WINDOWS\SYSTEM\uthm\iexplore.exe\[UPX]" file.
    7/19/2006 5:21:33 PM Sam Lane 4294343875 Sign of "Win32:Adware-gen. [Adw]" has been found in "c:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE" file.
    7/19/2006 5:21:54 PM Sam Lane 4294343875 Sign of "Win32:Small-ACT [Trj]" has been found in "c:\WINDOWS\A58C8A4A.EXE\[FSG]" file.
    7/19/2006 5:22:58 PM Sam Lane 4294343875 Sign of "Win32:Small-ACT [Trj]" has been found in "c:\WINDOWS\BL4CK.COM\[FSG]" file.
    7/19/2006 5:23:01 PM Sam Lane 4294343875 Sign of "Win32:Sters-G [Trj]" has been found in "c:\WINDOWS\ieserver.exe" file.
    7/19/2006 5:23:47 PM Sam Lane 4294343875 Sign of "Win32:Adware-gen. [Adw]" has been found in "c:\_RESTORE\TEMP\W6BAR.0" file.
    7/19/2006 5:26:11 PM Sam Lane 4294343875 Sign of "Win32:Kuang2" has been found in "c:\_RESTORE\TEMP\A0007016.CPY" file.
    7/19/2006 5:26:50 PM Sam Lane 4294343875 Sign of "Win32:Small-AKO [Trj]" has been found in "c:\_RESTORE\TEMP\A0007417.CPY" file.
    7/19/2006 5:26:50 PM Sam Lane 4294343875 Sign of "Win32:purityscan-Q [Trj]" has been found in "c:\_RESTORE\TEMP\A0007419.CPY\[UPX]" file.
    7/19/2006 5:26:51 PM Sam Lane 4294343875 Sign of "Win32:Adware-gen. [Adw]" has been found in "c:\_RESTORE\TEMP\A0007420.CPY" file.
    7/19/2006 5:26:51 PM Sam Lane 4294343875 Sign of "Win32:Small-ACT [Trj]" has been found in "c:\_RESTORE\TEMP\A0007421.CPY\[FSG]" file.
    7/19/2006 5:26:51 PM Sam Lane 4294343875 Sign of "Win32:Small-ACT [Trj]" has been found in "c:\_RESTORE\TEMP\A0007422.CPY\[FSG]" file.
    7/19/2006 5:26:51 PM Sam Lane 4294343875 Sign of "Win32:Sters-G [Trj]" has been found in "c:\_RESTORE\TEMP\A0007423.CPY" file.
    7/19/2006 5:44:17 PM Sam Lane 4294343875 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\_RESTORE\TEMP\W6BAR.0" file.
    7/19/2006 5:44:59 PM Sam Lane 4294343875 Sign of "Win32:Kuang2" has been found in "C:\_RESTORE\TEMP\A0007016.CPY" file.
    7/19/2006 5:45:09 PM Sam Lane 4294343875 Sign of "Win32:Small-AKO [Trj]" has been found in "C:\_RESTORE\TEMP\A0007417.CPY" file.
    7/19/2006 5:45:09 PM Sam Lane 4294343875 Sign of "Win32:purityscan-Q [Trj]" has been found in "C:\_RESTORE\TEMP\A0007419.CPY\[UPX]" file.
    7/19/2006 5:45:10 PM Sam Lane 4294343875 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\_RESTORE\TEMP\A0007420.CPY" file.
    7/19/2006 5:45:10 PM Sam Lane 4294343875 Sign of "Win32:Small-ACT [Trj]" has been found in "C:\_RESTORE\TEMP\A0007421.CPY\[FSG]" file.
    7/19/2006 5:45:10 PM Sam Lane 4294343875 Sign of "Win32:Small-ACT [Trj]" has been found in "C:\_RESTORE\TEMP\A0007422.CPY\[FSG]" file.
    7/19/2006 5:45:11 PM Sam Lane 4294343875 Sign of "Win32:Sters-G [Trj]" has been found in "C:\_RESTORE\TEMP\A0007423.CPY" file.
    7/19/2006 6:16:44 PM Sam Lane 4294843799 Sign of "Win32:Sters-G [Trj]" has been found in "C:\WINDOWS\TEMP\_AVAST4_\UNP137250038.TMP\14.EXE" file.
    7/19/2006 6:18:27 PM Sam Lane 4294843799 Sign of "Win32:Sters-G [Trj]" has been found in "C:\WINDOWS\TEMP\_AVAST4_\UNP151907243.TMP\14.EXE" file.
    7/19/2006 6:20:19 PM Sam Lane 4294843799 Sign of "Win32:purityscan-Q [Trj]" has been found in "C:\WINDOWS\TEMP\_AVAST4_\UNP9726738.TMP\10.EXE\[UPX]" file.
    7/19/2006 6:21:01 PM Sam Lane 4294843799 Sign of "Win32:purityscan-Q [Trj]" has been found in "C:\WINDOWS\TEMP\_AVAST4_\UNP261272184.TMP\8.EXE\[UPX]" file.
    7/19/2006 6:24:02 PM Sam Lane 4294843799 Sign of "Win32:purityscan-Q [Trj]" has been found in "C:\WINDOWS\TEMP\_AVAST4_\UNP178405079.TMP\8.EXE\[UPX]" file.
    7/19/2006 6:42:14 PM Sam Lane 4294193691 Sign of "Win32:Adware-gen. [Adw]" has been found in "c:\_RESTORE\TEMP\W6BAR.0" file.
    7/19/2006 6:46:36 PM Sam Lane 4294193691 Sign of "Win32:Kuang2" has been found in "c:\_RESTORE\TEMP\A0007016.CPY" file.
    7/19/2006 6:51:11 PM Sam Lane 4294193691 Sign of "Win32:Small-AKO [Trj]" has been found in "c:\_RESTORE\TEMP\A0007417.CPY" file.
    7/19/2006 6:52:58 PM Sam Lane 4294193691 Sign of "Win32:InfDownloader [Trj]" has been found in "c:\_RESTORE\TEMP\A0007418.CPY" file.
    7/19/2006 6:54:59 PM Sam Lane 4294193691 Sign of "Win32:purityscan-Q [Trj]" has been found in "c:\_RESTORE\TEMP\A0007419.CPY\[UPX]" file.
    7/19/2006 6:55:03 PM Sam Lane 4294193691 Sign of "Win32:Adware-gen. [Adw]" has been found in "c:\_RESTORE\TEMP\A0007420.CPY" file.
    7/19/2006 6:55:06 PM Sam Lane 4294193691 Sign of "Win32:Small-ACT [Trj]" has been found in "c:\_RESTORE\TEMP\A0007421.CPY\[FSG]" file.
    7/19/2006 6:55:09 PM Sam Lane 4294193691 Sign of "Win32:Small-ACT [Trj]" has been found in "c:\_RESTORE\TEMP\A0007422.CPY\[FSG]" file.
    7/19/2006 6:55:12 PM Sam Lane 4294193691 Sign of "Win32:Sters-G [Trj]" has been found in "c:\_RESTORE\TEMP\A0007423.CPY" file.
    7/19/2006 6:55:51 PM Sam Lane 4294193691 Sign of "Win32:InfDownloader [Trj]" has been found in "c:\_RESTORE\ARCHIVE\FS1256.CAB" file.
    7/19/2006 7:11:08 PM Sam Lane 4294193691 Sign of "Win32:Sters-H [Trj]" has been found in "c:\_RESTORE\ARCHIVE\FS1673.CAB" file.
    7/19/2006 7:12:50 PM Sam Lane 4294193691 Sign of "Win32:Agent-RY [Trj]" has been found in "c:\_RESTORE\ARCHIVE\FS1678.CAB" file.
    7/19/2006 7:46:22 PM Sam Lane 4294193691 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\_RESTORE\TEMP\W6BAR.0" file.
    7/19/2006 7:47:35 PM Sam Lane 4294193691 Sign of "Win32:Kuang2" has been found in "C:\_RESTORE\TEMP\A0007016.CPY" file.
    7/19/2006 7:48:12 PM Sam Lane 4294193691 Sign of "Win32:Small-AKO [Trj]" has been found in "C:\_RESTORE\TEMP\A0007417.CPY" file.
    7/19/2006 7:48:22 PM Sam Lane 4294193691 Sign of "Win32:InfDownloader [Trj]" has been found in "C:\_RESTORE\TEMP\A0007418.CPY" file.
    7/19/2006 7:48:32 PM Sam Lane 4294193691 Sign of "Win32:purityscan-Q [Trj]" has been found in "C:\_RESTORE\TEMP\A0007419.CPY\[UPX]" file.
    7/19/2006 7:48:35 PM Sam Lane 4294193691 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\_RESTORE\TEMP\A0007420.CPY" file.
    7/19/2006 7:48:38 PM Sam Lane 4294193691 Sign of "Win32:Small-ACT [Trj]" has been found in "C:\_RESTORE\TEMP\A0007421.CPY\[FSG]" file.
    7/19/2006 7:48:41 PM Sam Lane 4294193691 Sign of "Win32:Small-ACT [Trj]" has been found in "C:\_RESTORE\TEMP\A0007422.CPY\[FSG]" file.
    7/19/2006 7:48:45 PM Sam Lane 4294193691 Sign of "Win32:Sters-G [Trj]" has been found in "C:\_RESTORE\TEMP\A0007423.CPY" file.
    7/19/2006 7:49:24 PM Sam Lane 4294193691 Sign of "Win32:InfDownloader [Trj]" has been found in "C:\_RESTORE\ARCHIVE\FS1256.CAB" file.
    7/19/2006 8:01:16 PM Sam Lane 4294193691 Sign of "Win32:Sters-H [Trj]" has been found in "C:\_RESTORE\ARCHIVE\FS1673.CAB" file.
    7/19/2006 8:01:52 PM Sam Lane 4294193691 Sign of "Win32:Agent-RY [Trj]" has been found in "C:\_RESTORE\ARCHIVE\FS1678.CAB" file.
    7/21/2006 11:28:14 AM Sam Lane 4294843323 Sign of "Win32:Trojano-G [Trj]" has been found in "C:\WINDOWS\INCOMPLETE\T-233472-ERRORKILLER 2.6.EXE" file.
    7/21/2006 11:29:14 AM Sam Lane 4294843323 Sign of "Win32:Trojano-G [Trj]" has been found in "C:\WINDOWS\SHARED\ERRORKILLER 2.6.EXE" file.
    7/21/2006 6:21:32 PM Sam Lane 4294840365 Sign of "Win32:Trojano-G [Trj]" has been found in "C:\WINDOWS\Shared\Memory Washer v4.5.20 Cracked.exe" file.
    7/21/2006 6:24:35 PM Sam Lane 4294557733 Sign of "Win32:Trojano-G [Trj]" has been found in "C:\WINDOWS\Shared\Memory Washer v4.5.20.exe" file.
    7/21/2006 6:25:08 PM Sam Lane 4294353409 Sign of "Win32:Trojano-G [Trj]" has been found in "C:\WINDOWS\Shared\Abexo Memory Defragmenter v1.1.0.0.exe" file.

    Logfile of HijackThis v1.99.1
    Scan saved at 10:20:20 AM, on 7/22/2006
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
    C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SMSS.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
    C:\WINDOWS\WT\WCMDMGR.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
    C:\WINDOWS\RunDLL.exe
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\DDHELP.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.my.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.my.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\WINDOWS\smss.exe
    O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
    O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
    O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - Startup: POWERR~1.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://darcmarv.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcafee.com/molbin/clinic/virusscan/mcasupd.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
     
  4. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Will Avast not clean, delete or quarantine those files?

    Look in your control panel add/remove programs for PuritySCAN By OIN, OuterInfo, Snowballwars by OIN or similar , click on it and click remove.

    REBOOT afterwards!!

    If not listed, download and run this uninstaller:
    http://www.outerinfo.com/OiUninstaller.exe
     
  5. kinchar

    kinchar Thread Starter

    Joined:
    Jul 21, 2006
    Messages:
    28
    yes avast did quarantine most of them and there is no purityscan installed at this time but I went to housecall and did their virus scan it there are still trojans that cannot be cleaned or removed I'm not sure what I need to do to get rid of them and try to recover my system. I know they are still there anyway because when I do ctrl alt del I get tons of that winoldap and then my puter freezes. Here are the trojans and their location:
    TROJ_VB.AML:
    location:
    C:\RESTORE\TEMP\A0013138.CPY
    C:\RESTORE\TEMP\A0013139.CPY
    C:\RESTORE\TEMP\A0013250.CPY
    and
    TROJ_DROPPER.AJE:
    location:
    C:\RESTORE\TEMP\A0013248.CPY

    thank you
     
  6. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Run HJT again and put a check in the following:

    O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe

    Close all applications and browser windows before you click "fix checked".


    Click Here and download Killbox and save it to your desktop.


    Double-click on Killbox.exe to run it.
    Put a tick by Delete on Reboot.
    In the "Full Path of File to Delete" box, copy and paste the following:

    C:\WINDOWS\winlogon.exe

    Click on the button that has the red circle with the X in the middle after you enter the file name.
    It will ask for confimation to delete the file.
    Click Yes.
    It will ask if you want to reboot now,
    Click Yes.

    Note: It is possible that Killbox will tell you that the file does not exist.


    Post a new HiJackThis log after the reboot.

    When we are all finished we will turn off system restore and that will flush out the restore files.
     
  7. kinchar

    kinchar Thread Starter

    Joined:
    Jul 21, 2006
    Messages:
    28
    ok I did what you suggested and this is the new hjt log, looks like the file is still there, now what?

    Logfile of HijackThis v1.99.1
    Scan saved at 6:47:59 PM, on 7/22/2006
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
    C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\WINDOWS\DELAYRUN.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SMSS.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
    C:\PROGRAM FILES\YOURWARE SOLUTIONS\FREERAM XP PRO\FREERAM XP PRO.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\WINOA386.MOD
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.my.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.my.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\WINDOWS\smss.exe
    O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
    O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - Startup: POWERR~1.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://darcmarv.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcafee.com/molbin/clinic/virusscan/mcasupd.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
     
  8. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Open task manager and if it's running stop it.

    Run Kaspersky online virus scan
    http://www.kaspersky.com/virusscanner

    After the updates have downloaded, click on the "Scan Settings" button.
    Choose the "Extended database" for the scan.
    Under "Please select a target to scan", click "My Computer".
    When the scan is finished, Save the results from the scan!
     
  9. kinchar

    kinchar Thread Starter

    Joined:
    Jul 21, 2006
    Messages:
    28
    I don't mean to come accross as dumb but I don't know what the task manger is I never used it before
     
  10. kinchar

    kinchar Thread Starter

    Joined:
    Jul 21, 2006
    Messages:
    28
    ok I ran the scan like you said and here are the results, some of these were quarantined with housecall virus scan...I am soooooooooooo at a loss as to what to do, please help.Also I have had to do two posts for this report

    KASPERSKY ONLINE SCANNER REPORT
    Sunday, July 23, 2006 12:50:35 PM
    Operating System: Microsoft Windows Millennium Edition
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 23/07/2006
    Kaspersky Anti-Virus database records: 209388
    Scan Settings
    Scan using the following antivirus database extended
    Scan Archives true
    Scan Mail Bases true
    Scan Target My Computer
    a:\
    c:\
    d:\
    e:\
    f:\
    g:\
    h:\
    i:\

    Scan Statistics
    Total number of scanned objects 29756
    Number of viruses found 13
    Number of infected objects 599 / 0
    Number of suspicious objects 0
    Duration of the scan process 00:55:06
    Infected Object Name Virus Name Last Action
    c:\WINDOWS\HOSTS.SAM Infected: Trojan.Win32.Qhost.hl skipped
    c:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped
    c:\WINDOWS\TEMP\~DFCE7E.TMP Object is locked skipped
    c:\WINDOWS\Sti_Event.log Object is locked skipped
    c:\WINDOWS\Cookies\index.dat Object is locked skipped
    c:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll Infected: not-a-virus:AdWare.Win32.WindowEnhancer.c skipped
    c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbk Object is locked skipped
    c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbd Object is locked skipped
    c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbk Object is locked skipped
    c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbd Object is locked skipped
    c:\WINDOWS\WIN386.SWP Object is locked skipped
    c:\WINDOWS\SchedLog.Txt Object is locked skipped
    c:\WINDOWS\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
    c:\WINDOWS\Sti_Trace.log Object is locked skipped
    c:\WINDOWS\wiaservc.log Object is locked skipped
    c:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    c:\WINDOWS\History\History.IE5\index.dat Object is locked skipped
    c:\WINDOWS\History\History.IE5\MSHist012006072320060724\index.dat Object is locked skipped
    c:\WINDOWS\Lucent Win Modem.log Object is locked skipped
    c:\WINDOWS\smss.exe Infected: Trojan-Spy.Win32.Sters.ac skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003680.CPY/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003680.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003681.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003682.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003688.CPY Infected: Trojan.Win32.OpenPort.c skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003689.CPY Infected: Trojan-Downloader.Win32.Small.bsq skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003691.CPY Infected: Trojan-Downloader.Win32.Small.bsq skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003701.CPY Infected: Trojan-Downloader.Win32.VB.adg skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003709.CPY Infected: Trojan-Spy.Win32.Sters.x skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003715.CPY/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003715.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003719.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003720.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003721.CPY Infected: Trojan-Downloader.Win32.Small.bsq skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003726.CPY Infected: Trojan-Downloader.Win32.Small.bsq skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003731.CPY Infected: Trojan-Downloader.Win32.VB.adg skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003735.CPY Infected: Trojan-Spy.Win32.Sters.ac skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003766.CPY Infected: Trojan-Spy.Win32.Sters.x skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003769.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003773.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003779.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391 CAB: infected - 21 skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391 CryptFF.b: infected - 21 skipped
    c:\WINDOWS\.housecall\Quarantine\FS1678.CAB.bac_a87391/A0006455.CPY Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
    c:\WINDOWS\.housecall\Quarantine\FS1678.CAB.bac_a87391/A0006459.CPY Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped
    c:\WINDOWS\.housecall\Quarantine\FS1678.CAB.bac_a87391 CAB: infected - 2 skipped
    c:\WINDOWS\.housecall\Quarantine\FS1678.CAB.bac_a87391 CryptFF.b: infected - 2 skipped
    c:\WINDOWS\.housecall\Quarantine\preredir.exe.bac_a87391 Infected: Trojan-Downloader.Win32.VB.ahx skipped
    c:\WINDOWS\.housecall\Quarantine\A0013138.CPY.bac_a87391 Infected: Trojan-Dropper.Win32.VB.lu skipped
    c:\WINDOWS\.housecall\Quarantine\A0013139.CPY.bac_a87391 Infected: Trojan-Dropper.Win32.VB.lu skipped
    c:\WINDOWS\.housecall\Quarantine\A0013250.CPY.bac_a87391 Infected: Trojan-Dropper.Win32.VB.lu skipped
    c:\WINDOWS\.housecall\Quarantine\A0013248.CPY.bac_a87391 Infected: Trojan-Dropper.Win32.VB.lu skipped
    c:\WINDOWS\.housecall\Quarantine\ib14.dll.bac_a87391 Infected: Trojan-Downloader.Win32.Banload.avj skipped
    c:\WINDOWS\.housecall\Quarantine\tskmgr.exe.bac_a87391/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\WINDOWS\.housecall\Quarantine\tskmgr.exe.bac_a87391 NSIS: infected - 1 skipped
    c:\WINDOWS\.housecall\Quarantine\tskmgr.exe.bac_a87391 CryptFF.b: infected - 1 skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003680.CPY/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003680.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003681.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003682.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003688.CPY Infected: Trojan.Win32.OpenPort.c skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003689.CPY Infected: Trojan-Downloader.Win32.Small.bsq skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003691.CPY Infected: Trojan-Downloader.Win32.Small.bsq skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003701.CPY Infected: Trojan-Downloader.Win32.VB.adg skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003709.CPY Infected: Trojan-Spy.Win32.Sters.x skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003715.CPY/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003715.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003719.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003720.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003721.CPY Infected: Trojan-Downloader.Win32.Small.bsq skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003726.CPY Infected: Trojan-Downloader.Win32.Small.bsq skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003731.CPY Infected: Trojan-Downloader.Win32.VB.adg skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003735.CPY Infected: Trojan-Spy.Win32.Sters.ac skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003766.CPY Infected: Trojan-Spy.Win32.Sters.x skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003769.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003773.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003779.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011 CAB: infected - 21 skipped
    c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011 CryptFF.b: infected - 21 skipped
    c:\WINDOWS\.housecall\Quarantine\FS1678.CAB.bac_a89011/A0006455.CPY Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
    c:\WINDOWS\.housecall\Quarantine\FS1678.CAB.bac_a89011/A0006459.CPY Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped
    c:\WINDOWS\.housecall\Quarantine\FS1678.CAB.bac_a89011 CAB: infected - 2 skipped
    c:\WINDOWS\.housecall\Quarantine\FS1678.CAB.bac_a89011 CryptFF.b: infected - 2 skipped
    c:\WINDOWS\.housecall\Quarantine\A0013138.CPY.bac_a89011 Infected: Trojan-Dropper.Win32.VB.lu skipped
    c:\WINDOWS\.housecall\Quarantine\A0013139.CPY.bac_a89011 Infected: Trojan-Dropper.Win32.VB.lu skipped
    c:\WINDOWS\.housecall\Quarantine\A0013250.CPY.bac_a89011 Infected: Trojan-Dropper.Win32.VB.lu skipped
    c:\WINDOWS\.housecall\Quarantine\A0013248.CPY.bac_a89011 Infected: Trojan-Dropper.Win32.VB.lu skipped
    c:\_RESTORE\TEMP\A0012401.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012413.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012414.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012420.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012421.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012422.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012424.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012425.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012438.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012445.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012457.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012458.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012459.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012460.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012461.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012462.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012463.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012464.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012465.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012466.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012472.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012473.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012474.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012475.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0009766.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012096.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012478.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012479.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012480.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012481.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012482.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012483.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012484.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012485.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012486.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012487.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012488.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012489.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012490.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012491.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012492.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012493.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012494.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012495.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012496.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012497.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012498.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012499.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012500.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012501.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012502.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012503.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012504.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012505.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012506.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012507.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012508.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012509.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012510.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012511.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012512.CPY Infected:
    Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012513.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012514.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012515.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012516.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012517.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012518.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012519.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0012522.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013055.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013100.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013127.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013128.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013129.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013131.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013133.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013772.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013139.CPY Infected: Trojan-Dropper.Win32.VB.lu skipped
    c:\_RESTORE\TEMP\A0013140.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013143.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013145.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013148.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013150.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013152.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013156.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013162.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013166.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013167.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013168.CPY Infected:
    Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013169.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013170.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013171.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013172.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013175.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013179.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013183.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013187.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013190.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013207.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013214.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013215.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013241.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013242.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013243.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013244.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013245.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013246.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013247.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013248.CPY Infected: Trojan-Dropper.Win32.VB.lu skipped
    c:\_RESTORE\TEMP\A0013249.CPY Infected: Trojan-Dropper.Win32.VB.lu skipped
    c:\_RESTORE\TEMP\A0013250.CPY Infected: Trojan-Dropper.Win32.VB.lu skipped
    c:\_RESTORE\TEMP\A0013251.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013257.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013258.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013259.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013262.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013263.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013270.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013279.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013286.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013287.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013288.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013289.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013473.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013474.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013475.CPY Infected: Trojan.Win32.Qhost.hl skipped
     
  11. kinchar

    kinchar Thread Starter

    Joined:
    Jul 21, 2006
    Messages:
    28
    here's the rest of the scan
    c:\_RESTORE\TEMP\A0013476.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013477.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013478.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013479.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013486.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013491.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013492.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013493.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013494.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013495.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013496.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013506.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013513.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013514.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013517.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013518.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013523.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013529.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013535.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013562.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013571.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013572.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013573.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013574.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013579.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013587.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013591.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013676.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013686.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013697.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013698.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013699.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013700.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013711.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013719.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013720.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013721.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013722.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013724.CPY Infected: Trojan-Downloader.Win32.VB.ahx skipped
    c:\_RESTORE\TEMP\A0013725.CPY Infected: Trojan-Downloader.Win32.Banload.avj skipped
    c:\_RESTORE\TEMP\A0013726.CPY/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\_RESTORE\TEMP\A0013726.CPY NSIS: infected - 1 skipped
    c:\_RESTORE\TEMP\A0013727.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013728.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013732.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013733.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013739.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013740.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013741.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013742.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013743.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013744.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013745.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013749.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013750.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013751.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013752.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013753.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013765.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013766.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013775.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013783.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013784.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013787.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013792.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013800.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013801.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013806.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013807.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013808.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013809.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013814.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013815.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013816.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013817.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0013818.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0009779.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0009787.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0009788.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0009789.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0009790.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1753.CAB/A0011922.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1753.CAB/A0011923.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1753.CAB/A0011924.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1753.CAB/A0011934.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1753.CAB CAB: infected - 4 skipped
    c:\_RESTORE\ARCHIVE\FS1754.CAB/A0011941.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1754.CAB/A0011949.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1754.CAB/A0011950.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1754.CAB/A0011953.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1754.CAB/A0011955.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1754.CAB/A0011959.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1754.CAB/A0011962.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1754.CAB/A0011969.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1754.CAB/A0011972.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1754.CAB/A0011982.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1754.CAB/A0011985.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1754.CAB/A0011986.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1754.CAB CAB: infected - 12 skipped
    c:\_RESTORE\ARCHIVE\FS1705.CAB/A0006806.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1705.CAB CAB: infected - 1 skipped
    c:\_RESTORE\ARCHIVE\FS1677.CAB/A0004099.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1677.CAB CAB: infected - 1 skipped
    c:\_RESTORE\ARCHIVE\FS1671.CAB/A0003577.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\_RESTORE\ARCHIVE\FS1671.CAB/A0003583.CPY Infected: Trojan.Win32.OpenPort.c skipped
    c:\_RESTORE\ARCHIVE\FS1671.CAB CAB: infected - 2 skipped
    c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003680.CPY/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003680.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003681.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003682.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003688.CPY Infected: Trojan.Win32.OpenPort.c skipped
    c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003689.CPY Infected: Trojan-Downloader.Win32.Small.bsq skipped
    c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003691.CPY Infected: Trojan-Downloader.Win32.Small.bsq skipped
    c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003701.CPY Infected: Trojan-Downloader.Win32.VB.adg skipped
    c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003709.CPY Infected: Trojan-Spy.Win32.Sters.x skipped
    c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003715.CPY/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003715.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003719.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003720.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
    c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003721.CPY Infected: Trojan-Downloader.Win32.Small.bsq skipped
    c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003726.CPY Infected: Trojan-Downloader.Win32.Small.bsq skipped
    c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003731.CPY Infected: Trojan-Downloader.Win32.VB.adg skipped
    c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003735.CPY Infected: Trojan-Spy.Win32.Sters.ac skipped
    c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003766.CPY Infected: Trojan-Spy.Win32.Sters.x skipped
    c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003769.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003773.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003779.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1672.CAB CAB: infected - 21 skipped
    c:\_RESTORE\ARCHIVE\FS1702.CAB/A0006488.CPY Infected Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1702.CAB CAB: infected - 1 skipped
    c:\_RESTORE\ARCHIVE\FS1674.CAB/A0003931.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1674.CAB CAB: infected - 1 skipped
    c:\_RESTORE\ARCHIVE\FS1675.CAB/A0003965.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1675.CAB/A0003984.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1675.CAB/A0003995.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1675.CAB/A0004003.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1675.CAB/A0004010.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1675.CAB/A0004011.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1675.CAB/A0004012.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1675.CAB/A0004013.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1675.CAB/A0004014.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1675.CAB/A0004051.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1675.CAB/A0004080.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1675.CAB/A0004084.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1675.CAB/A0004087.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1675.CAB CAB: infected - 13 skipped
    c:\_RESTORE\ARCHIVE\FS1676.CAB/A0004096.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1676.CAB CAB: infected - 1 skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006876.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006938.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006941.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006942.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006955.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006956.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006957.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006976.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006977.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006978.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006979.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006980.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006986.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006987.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006997.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006998.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006999.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0007000.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0007001.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0007002.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0007003.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0007004.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0007005.CPY Infected: Trojan.Win32.Qhost.hl skipped c:\_RESTORE\ARCHIVE\FS1710.CAB/A0007006.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0007007.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB/A0007011.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1710.CAB CAB: infected - 26 skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007087.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007103.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007105.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007106.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007107.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007109.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007110.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007117.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007118.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007119.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007120.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007121.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007122.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007125.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007128.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007132.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007136.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007140.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007144.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007147.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007151.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007155.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007159.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007163.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007167.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007170.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007174.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007178.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1713.CAB CAB: infected - 28 skipped
    c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006237.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006251.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006266.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006275.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006279.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006282.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006297.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006302.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006307.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006317.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006321.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006337.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006342.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006343.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006344.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006345.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1256.CAB CAB: infected - 16 skipped
    c:\_RESTORE\ARCHIVE\FS1679.CAB/A0004388.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1679.CAB CAB: infected - 1 skipped
    c:\_RESTORE\ARCHIVE\FS1680.CAB/A0004393.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1680.CAB/A0004397.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1680.CAB/A0004400.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1680.CAB/A0004404.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1680.CAB/A0004408.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1680.CAB/A0004412.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1680.CAB/A0004415.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1680.CAB/A0004419.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1680.CAB/A0004423.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1680.CAB/A0004427.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1680.CAB/A0004430.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1680.CAB/A0004434.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1680.CAB CAB: infected - 12 skipped
    c:\_RESTORE\ARCHIVE\FS1683.CAB/A0004718.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1683.CAB CAB: infected - 1 skipped
    c:\_RESTORE\ARCHIVE\FS1690.CAB/A0005225.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1690.CAB CAB: infected - 1 skipped
    c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005273.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005274.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005277.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005281.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005289.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005293.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005296.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005300.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005307.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005324.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005333.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005342.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005345.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005354.CPY Infected: Trojan.Win32.Qhost.hl skipped
     
  12. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Empty the housecall Quarantine.
    c:\_RESTORE we will flush after the machine is clean.


    Repeat post #6 but this time do it in SAFE MODE.
     
  13. kinchar

    kinchar Thread Starter

    Joined:
    Jul 21, 2006
    Messages:
    28
    ok it's done and you were right when you said killbox may tell me the file isn't there, but it only said that in safe mode....anyway here is my new hjt log and the O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
    is still there. I also ran another scan and these are the infected portions only:

    c:\WINDOWS\HOSTS.SAM Infected: Trojan.Win32.Qhost.hl skipped
    c:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll Infected: not-a-virus:AdWare.Win32.WindowEnhancer.c skipped
    c:\WINDOWS\smss.exe Infected: Trojan-Spy.Win32.Sters.ac skipped
    c:\_RESTORE\TEMP\A0000003.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0000019.CPY Infected: Trojan.Win32.Qhost.hl skipped
    c:\_RESTORE\TEMP\A0000020.CPY Infected: Trojan.Win32.Qhost.hl skipped


    Logfile of HijackThis v1.99.1
    Scan saved at 5:56:04 PM, on 7/23/2006
    Platform: Windows ME (Win9x 4.90.3000)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\SSDPSRV.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
    C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
    C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
    C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
    C:\WINDOWS\DELAYRUN.EXE
    C:\WINDOWS\LOADQM.EXE
    C:\WINDOWS\SMSS.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
    C:\WINDOWS\RunDLL.exe
    C:\PROGRAM FILES\YOURWARE SOLUTIONS\FREERAM XP PRO\FREERAM XP PRO.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.my.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.my.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
    O4 - HKLM\..\Run: [LoadQM] loadqm.exe
    O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\WINDOWS\smss.exe
    O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
    O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
    O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
    O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
    O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
    O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
    O4 - Startup: POWERR~1.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://darcmarv.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
    O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcafee.com/molbin/clinic/virusscan/mcasupd.cab
    O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_ansi.cab
     
  14. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
  15. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/485266

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice