Trojan found please help with recovery

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

kinchar

Thread Starter
Joined
Jul 21, 2006
Messages
28
after using avast anti-virus and ad-aware to detect and remove the trojans and other nasties this is what I am left with. I don't know much about computers but I now this ins't right. I am running win me and I have included my hjt log, after reading some of the posts I am glad I found this site I know you can help me.
thank you,
kinchar

Logfile of HijackThis v1.99.1
Scan saved at 10:43:59 PM, on 7/21/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SMSS.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\WT\WCMDMGR.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\YOURWARE SOLUTIONS\FREERAM XP PRO\FREERAM XP PRO.EXE
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\WINDOWS\smss.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [Weather] C:\PROGRAM FILES\AWS\WEATHERBUG\WEATHER.EXE 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Startup: POWERR~1.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://darcmarv.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcafee.com/molbin/clinic/virusscan/mcasupd.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Hi, Welcome to TSG!!


Go to control panel, add/remove programs and remove WEATHERBUG

Run HJT again and put a check in the following:

O4 - Startup: PowerReg Scheduler V3.exe
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch

Close all applications and browser windows before you click "fix checked".
 

kinchar

Thread Starter
Joined
Jul 21, 2006
Messages
28
ok I have done what you said and this is the new hjt log, since the trojans and worms I am having problems with low system resources and many errors in my registry. And can you please tell me why (winoldap) is running in my background and why does it take over my system, and what is this C:\WINDOWS\SYSTEM\WINOA386.MOD?
I have also included the log file of the original virus scan that found all my nasties maybe it can be of further help in figuring out what's wrong with my puter. Thank you so much for your time.

Antivirus log
8/2006 6:50:51 PM Sam Lane 4294869929 aswServ::AavmStart ERROR...
7/19/2006 5:10:40 PM Sam Lane 4294435775 Sign of "Win32:Small-AKO [Trj]" has been found in "c:\windows\winlog.exe3072.exe" file.
7/19/2006 5:16:18 PM Sam Lane 4294343875 Sign of "Win32:Trojano-P [Trj]" has been found in "c:\WINDOWS\TEMP\start.exe" file.
7/19/2006 5:16:36 PM Sam Lane 4294343875 Sign of "Win32:Small-ACT [Trj]" has been found in "c:\WINDOWS\TEMP\bl4ck.com\[FSG]" file.
7/19/2006 5:16:39 PM Sam Lane 4294343875 Sign of "Win32:Small-ACT [Trj]" has been found in "c:\WINDOWS\TEMP\a58c8a4a.exe\[FSG]" file.
7/19/2006 5:16:42 PM Sam Lane 4294343875 Sign of "Win32:purityscan-Q [Trj]" has been found in "c:\WINDOWS\TEMP\!update.exe\[UPX]" file.
7/19/2006 5:19:14 PM Sam Lane 4294343875 Sign of "Win32:InfDownloader [Trj]" has been found in "c:\WINDOWS\SYSTEM\Project2.INF" file.
7/19/2006 5:20:01 PM Sam Lane 4294343875 Sign of "Win32:purityscan-Q [Trj]" has been found in "c:\WINDOWS\SYSTEM\uthm\iexplore.exe\[UPX]" file.
7/19/2006 5:21:33 PM Sam Lane 4294343875 Sign of "Win32:Adware-gen. [Adw]" has been found in "c:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE" file.
7/19/2006 5:21:54 PM Sam Lane 4294343875 Sign of "Win32:Small-ACT [Trj]" has been found in "c:\WINDOWS\A58C8A4A.EXE\[FSG]" file.
7/19/2006 5:22:58 PM Sam Lane 4294343875 Sign of "Win32:Small-ACT [Trj]" has been found in "c:\WINDOWS\BL4CK.COM\[FSG]" file.
7/19/2006 5:23:01 PM Sam Lane 4294343875 Sign of "Win32:Sters-G [Trj]" has been found in "c:\WINDOWS\ieserver.exe" file.
7/19/2006 5:23:47 PM Sam Lane 4294343875 Sign of "Win32:Adware-gen. [Adw]" has been found in "c:\_RESTORE\TEMP\W6BAR.0" file.
7/19/2006 5:26:11 PM Sam Lane 4294343875 Sign of "Win32:Kuang2" has been found in "c:\_RESTORE\TEMP\A0007016.CPY" file.
7/19/2006 5:26:50 PM Sam Lane 4294343875 Sign of "Win32:Small-AKO [Trj]" has been found in "c:\_RESTORE\TEMP\A0007417.CPY" file.
7/19/2006 5:26:50 PM Sam Lane 4294343875 Sign of "Win32:purityscan-Q [Trj]" has been found in "c:\_RESTORE\TEMP\A0007419.CPY\[UPX]" file.
7/19/2006 5:26:51 PM Sam Lane 4294343875 Sign of "Win32:Adware-gen. [Adw]" has been found in "c:\_RESTORE\TEMP\A0007420.CPY" file.
7/19/2006 5:26:51 PM Sam Lane 4294343875 Sign of "Win32:Small-ACT [Trj]" has been found in "c:\_RESTORE\TEMP\A0007421.CPY\[FSG]" file.
7/19/2006 5:26:51 PM Sam Lane 4294343875 Sign of "Win32:Small-ACT [Trj]" has been found in "c:\_RESTORE\TEMP\A0007422.CPY\[FSG]" file.
7/19/2006 5:26:51 PM Sam Lane 4294343875 Sign of "Win32:Sters-G [Trj]" has been found in "c:\_RESTORE\TEMP\A0007423.CPY" file.
7/19/2006 5:44:17 PM Sam Lane 4294343875 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\_RESTORE\TEMP\W6BAR.0" file.
7/19/2006 5:44:59 PM Sam Lane 4294343875 Sign of "Win32:Kuang2" has been found in "C:\_RESTORE\TEMP\A0007016.CPY" file.
7/19/2006 5:45:09 PM Sam Lane 4294343875 Sign of "Win32:Small-AKO [Trj]" has been found in "C:\_RESTORE\TEMP\A0007417.CPY" file.
7/19/2006 5:45:09 PM Sam Lane 4294343875 Sign of "Win32:purityscan-Q [Trj]" has been found in "C:\_RESTORE\TEMP\A0007419.CPY\[UPX]" file.
7/19/2006 5:45:10 PM Sam Lane 4294343875 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\_RESTORE\TEMP\A0007420.CPY" file.
7/19/2006 5:45:10 PM Sam Lane 4294343875 Sign of "Win32:Small-ACT [Trj]" has been found in "C:\_RESTORE\TEMP\A0007421.CPY\[FSG]" file.
7/19/2006 5:45:10 PM Sam Lane 4294343875 Sign of "Win32:Small-ACT [Trj]" has been found in "C:\_RESTORE\TEMP\A0007422.CPY\[FSG]" file.
7/19/2006 5:45:11 PM Sam Lane 4294343875 Sign of "Win32:Sters-G [Trj]" has been found in "C:\_RESTORE\TEMP\A0007423.CPY" file.
7/19/2006 6:16:44 PM Sam Lane 4294843799 Sign of "Win32:Sters-G [Trj]" has been found in "C:\WINDOWS\TEMP\_AVAST4_\UNP137250038.TMP\14.EXE" file.
7/19/2006 6:18:27 PM Sam Lane 4294843799 Sign of "Win32:Sters-G [Trj]" has been found in "C:\WINDOWS\TEMP\_AVAST4_\UNP151907243.TMP\14.EXE" file.
7/19/2006 6:20:19 PM Sam Lane 4294843799 Sign of "Win32:purityscan-Q [Trj]" has been found in "C:\WINDOWS\TEMP\_AVAST4_\UNP9726738.TMP\10.EXE\[UPX]" file.
7/19/2006 6:21:01 PM Sam Lane 4294843799 Sign of "Win32:purityscan-Q [Trj]" has been found in "C:\WINDOWS\TEMP\_AVAST4_\UNP261272184.TMP\8.EXE\[UPX]" file.
7/19/2006 6:24:02 PM Sam Lane 4294843799 Sign of "Win32:purityscan-Q [Trj]" has been found in "C:\WINDOWS\TEMP\_AVAST4_\UNP178405079.TMP\8.EXE\[UPX]" file.
7/19/2006 6:42:14 PM Sam Lane 4294193691 Sign of "Win32:Adware-gen. [Adw]" has been found in "c:\_RESTORE\TEMP\W6BAR.0" file.
7/19/2006 6:46:36 PM Sam Lane 4294193691 Sign of "Win32:Kuang2" has been found in "c:\_RESTORE\TEMP\A0007016.CPY" file.
7/19/2006 6:51:11 PM Sam Lane 4294193691 Sign of "Win32:Small-AKO [Trj]" has been found in "c:\_RESTORE\TEMP\A0007417.CPY" file.
7/19/2006 6:52:58 PM Sam Lane 4294193691 Sign of "Win32:InfDownloader [Trj]" has been found in "c:\_RESTORE\TEMP\A0007418.CPY" file.
7/19/2006 6:54:59 PM Sam Lane 4294193691 Sign of "Win32:purityscan-Q [Trj]" has been found in "c:\_RESTORE\TEMP\A0007419.CPY\[UPX]" file.
7/19/2006 6:55:03 PM Sam Lane 4294193691 Sign of "Win32:Adware-gen. [Adw]" has been found in "c:\_RESTORE\TEMP\A0007420.CPY" file.
7/19/2006 6:55:06 PM Sam Lane 4294193691 Sign of "Win32:Small-ACT [Trj]" has been found in "c:\_RESTORE\TEMP\A0007421.CPY\[FSG]" file.
7/19/2006 6:55:09 PM Sam Lane 4294193691 Sign of "Win32:Small-ACT [Trj]" has been found in "c:\_RESTORE\TEMP\A0007422.CPY\[FSG]" file.
7/19/2006 6:55:12 PM Sam Lane 4294193691 Sign of "Win32:Sters-G [Trj]" has been found in "c:\_RESTORE\TEMP\A0007423.CPY" file.
7/19/2006 6:55:51 PM Sam Lane 4294193691 Sign of "Win32:InfDownloader [Trj]" has been found in "c:\_RESTORE\ARCHIVE\FS1256.CAB" file.
7/19/2006 7:11:08 PM Sam Lane 4294193691 Sign of "Win32:Sters-H [Trj]" has been found in "c:\_RESTORE\ARCHIVE\FS1673.CAB" file.
7/19/2006 7:12:50 PM Sam Lane 4294193691 Sign of "Win32:Agent-RY [Trj]" has been found in "c:\_RESTORE\ARCHIVE\FS1678.CAB" file.
7/19/2006 7:46:22 PM Sam Lane 4294193691 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\_RESTORE\TEMP\W6BAR.0" file.
7/19/2006 7:47:35 PM Sam Lane 4294193691 Sign of "Win32:Kuang2" has been found in "C:\_RESTORE\TEMP\A0007016.CPY" file.
7/19/2006 7:48:12 PM Sam Lane 4294193691 Sign of "Win32:Small-AKO [Trj]" has been found in "C:\_RESTORE\TEMP\A0007417.CPY" file.
7/19/2006 7:48:22 PM Sam Lane 4294193691 Sign of "Win32:InfDownloader [Trj]" has been found in "C:\_RESTORE\TEMP\A0007418.CPY" file.
7/19/2006 7:48:32 PM Sam Lane 4294193691 Sign of "Win32:purityscan-Q [Trj]" has been found in "C:\_RESTORE\TEMP\A0007419.CPY\[UPX]" file.
7/19/2006 7:48:35 PM Sam Lane 4294193691 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\_RESTORE\TEMP\A0007420.CPY" file.
7/19/2006 7:48:38 PM Sam Lane 4294193691 Sign of "Win32:Small-ACT [Trj]" has been found in "C:\_RESTORE\TEMP\A0007421.CPY\[FSG]" file.
7/19/2006 7:48:41 PM Sam Lane 4294193691 Sign of "Win32:Small-ACT [Trj]" has been found in "C:\_RESTORE\TEMP\A0007422.CPY\[FSG]" file.
7/19/2006 7:48:45 PM Sam Lane 4294193691 Sign of "Win32:Sters-G [Trj]" has been found in "C:\_RESTORE\TEMP\A0007423.CPY" file.
7/19/2006 7:49:24 PM Sam Lane 4294193691 Sign of "Win32:InfDownloader [Trj]" has been found in "C:\_RESTORE\ARCHIVE\FS1256.CAB" file.
7/19/2006 8:01:16 PM Sam Lane 4294193691 Sign of "Win32:Sters-H [Trj]" has been found in "C:\_RESTORE\ARCHIVE\FS1673.CAB" file.
7/19/2006 8:01:52 PM Sam Lane 4294193691 Sign of "Win32:Agent-RY [Trj]" has been found in "C:\_RESTORE\ARCHIVE\FS1678.CAB" file.
7/21/2006 11:28:14 AM Sam Lane 4294843323 Sign of "Win32:Trojano-G [Trj]" has been found in "C:\WINDOWS\INCOMPLETE\T-233472-ERRORKILLER 2.6.EXE" file.
7/21/2006 11:29:14 AM Sam Lane 4294843323 Sign of "Win32:Trojano-G [Trj]" has been found in "C:\WINDOWS\SHARED\ERRORKILLER 2.6.EXE" file.
7/21/2006 6:21:32 PM Sam Lane 4294840365 Sign of "Win32:Trojano-G [Trj]" has been found in "C:\WINDOWS\Shared\Memory Washer v4.5.20 Cracked.exe" file.
7/21/2006 6:24:35 PM Sam Lane 4294557733 Sign of "Win32:Trojano-G [Trj]" has been found in "C:\WINDOWS\Shared\Memory Washer v4.5.20.exe" file.
7/21/2006 6:25:08 PM Sam Lane 4294353409 Sign of "Win32:Trojano-G [Trj]" has been found in "C:\WINDOWS\Shared\Abexo Memory Defragmenter v1.1.0.0.exe" file.

Logfile of HijackThis v1.99.1
Scan saved at 10:20:20 AM, on 7/22/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SMSS.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\WINDOWS\WT\WCMDMGR.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\RunDLL.exe
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\PROGRAM FILES\BACKWEB\BACKWEB\PROGRAM\BACKWEB.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\WINDOWS\smss.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Startup: POWERR~1.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://darcmarv.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcafee.com/molbin/clinic/virusscan/mcasupd.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Will Avast not clean, delete or quarantine those files?

Look in your control panel add/remove programs for PuritySCAN By OIN, OuterInfo, Snowballwars by OIN or similar , click on it and click remove.

REBOOT afterwards!!

If not listed, download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe
 

kinchar

Thread Starter
Joined
Jul 21, 2006
Messages
28
yes avast did quarantine most of them and there is no purityscan installed at this time but I went to housecall and did their virus scan it there are still trojans that cannot be cleaned or removed I'm not sure what I need to do to get rid of them and try to recover my system. I know they are still there anyway because when I do ctrl alt del I get tons of that winoldap and then my puter freezes. Here are the trojans and their location:
TROJ_VB.AML:
location:
C:\RESTORE\TEMP\A0013138.CPY
C:\RESTORE\TEMP\A0013139.CPY
C:\RESTORE\TEMP\A0013250.CPY
and
TROJ_DROPPER.AJE:
location:
C:\RESTORE\TEMP\A0013248.CPY

thank you
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Run HJT again and put a check in the following:

O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe

Close all applications and browser windows before you click "fix checked".


Click Here and download Killbox and save it to your desktop.


Double-click on Killbox.exe to run it.
Put a tick by Delete on Reboot.
In the "Full Path of File to Delete" box, copy and paste the following:

C:\WINDOWS\winlogon.exe

Click on the button that has the red circle with the X in the middle after you enter the file name.
It will ask for confimation to delete the file.
Click Yes.
It will ask if you want to reboot now,
Click Yes.

Note: It is possible that Killbox will tell you that the file does not exist.


Post a new HiJackThis log after the reboot.

When we are all finished we will turn off system restore and that will flush out the restore files.
 

kinchar

Thread Starter
Joined
Jul 21, 2006
Messages
28
ok I did what you suggested and this is the new hjt log, looks like the file is still there, now what?

Logfile of HijackThis v1.99.1
Scan saved at 6:47:59 PM, on 7/22/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SMSS.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\YOURWARE SOLUTIONS\FREERAM XP PRO\FREERAM XP PRO.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\WINDOWS\smss.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Startup: POWERR~1.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://darcmarv.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcafee.com/molbin/clinic/virusscan/mcasupd.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Open task manager and if it's running stop it.

Run Kaspersky online virus scan
http://www.kaspersky.com/virusscanner

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!
 

kinchar

Thread Starter
Joined
Jul 21, 2006
Messages
28
I don't mean to come accross as dumb but I don't know what the task manger is I never used it before
 

kinchar

Thread Starter
Joined
Jul 21, 2006
Messages
28
ok I ran the scan like you said and here are the results, some of these were quarantined with housecall virus scan...I am soooooooooooo at a loss as to what to do, please help.Also I have had to do two posts for this report

KASPERSKY ONLINE SCANNER REPORT
Sunday, July 23, 2006 12:50:35 PM
Operating System: Microsoft Windows Millennium Edition
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 23/07/2006
Kaspersky Anti-Virus database records: 209388
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
a:\
c:\
d:\
e:\
f:\
g:\
h:\
i:\

Scan Statistics
Total number of scanned objects 29756
Number of viruses found 13
Number of infected objects 599 / 0
Number of suspicious objects 0
Duration of the scan process 00:55:06
Infected Object Name Virus Name Last Action
c:\WINDOWS\HOSTS.SAM Infected: Trojan.Win32.Qhost.hl skipped
c:\WINDOWS\TEMP\_avast4_\Webshlock.txt Object is locked skipped
c:\WINDOWS\TEMP\~DFCE7E.TMP Object is locked skipped
c:\WINDOWS\Sti_Event.log Object is locked skipped
c:\WINDOWS\Cookies\index.dat Object is locked skipped
c:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll Infected: not-a-virus:AdWare.Win32.WindowEnhancer.c skipped
c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbk Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\SYSMAST.cbd Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbk Object is locked skipped
c:\WINDOWS\SYSTEM\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATMAST.cbd Object is locked skipped
c:\WINDOWS\WIN386.SWP Object is locked skipped
c:\WINDOWS\SchedLog.Txt Object is locked skipped
c:\WINDOWS\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
c:\WINDOWS\Sti_Trace.log Object is locked skipped
c:\WINDOWS\wiaservc.log Object is locked skipped
c:\WINDOWS\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
c:\WINDOWS\History\History.IE5\index.dat Object is locked skipped
c:\WINDOWS\History\History.IE5\MSHist012006072320060724\index.dat Object is locked skipped
c:\WINDOWS\Lucent Win Modem.log Object is locked skipped
c:\WINDOWS\smss.exe Infected: Trojan-Spy.Win32.Sters.ac skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003680.CPY/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003680.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003681.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003682.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003688.CPY Infected: Trojan.Win32.OpenPort.c skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003689.CPY Infected: Trojan-Downloader.Win32.Small.bsq skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003691.CPY Infected: Trojan-Downloader.Win32.Small.bsq skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003701.CPY Infected: Trojan-Downloader.Win32.VB.adg skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003709.CPY Infected: Trojan-Spy.Win32.Sters.x skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003715.CPY/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003715.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003719.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003720.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003721.CPY Infected: Trojan-Downloader.Win32.Small.bsq skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003726.CPY Infected: Trojan-Downloader.Win32.Small.bsq skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003731.CPY Infected: Trojan-Downloader.Win32.VB.adg skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003735.CPY Infected: Trojan-Spy.Win32.Sters.ac skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003766.CPY Infected: Trojan-Spy.Win32.Sters.x skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003769.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003773.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391/A0003779.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391 CAB: infected - 21 skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a87391 CryptFF.b: infected - 21 skipped
c:\WINDOWS\.housecall\Quarantine\FS1678.CAB.bac_a87391/A0006455.CPY Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
c:\WINDOWS\.housecall\Quarantine\FS1678.CAB.bac_a87391/A0006459.CPY Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped
c:\WINDOWS\.housecall\Quarantine\FS1678.CAB.bac_a87391 CAB: infected - 2 skipped
c:\WINDOWS\.housecall\Quarantine\FS1678.CAB.bac_a87391 CryptFF.b: infected - 2 skipped
c:\WINDOWS\.housecall\Quarantine\preredir.exe.bac_a87391 Infected: Trojan-Downloader.Win32.VB.ahx skipped
c:\WINDOWS\.housecall\Quarantine\A0013138.CPY.bac_a87391 Infected: Trojan-Dropper.Win32.VB.lu skipped
c:\WINDOWS\.housecall\Quarantine\A0013139.CPY.bac_a87391 Infected: Trojan-Dropper.Win32.VB.lu skipped
c:\WINDOWS\.housecall\Quarantine\A0013250.CPY.bac_a87391 Infected: Trojan-Dropper.Win32.VB.lu skipped
c:\WINDOWS\.housecall\Quarantine\A0013248.CPY.bac_a87391 Infected: Trojan-Dropper.Win32.VB.lu skipped
c:\WINDOWS\.housecall\Quarantine\ib14.dll.bac_a87391 Infected: Trojan-Downloader.Win32.Banload.avj skipped
c:\WINDOWS\.housecall\Quarantine\tskmgr.exe.bac_a87391/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\WINDOWS\.housecall\Quarantine\tskmgr.exe.bac_a87391 NSIS: infected - 1 skipped
c:\WINDOWS\.housecall\Quarantine\tskmgr.exe.bac_a87391 CryptFF.b: infected - 1 skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003680.CPY/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003680.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003681.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003682.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003688.CPY Infected: Trojan.Win32.OpenPort.c skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003689.CPY Infected: Trojan-Downloader.Win32.Small.bsq skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003691.CPY Infected: Trojan-Downloader.Win32.Small.bsq skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003701.CPY Infected: Trojan-Downloader.Win32.VB.adg skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003709.CPY Infected: Trojan-Spy.Win32.Sters.x skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003715.CPY/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003715.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003719.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003720.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003721.CPY Infected: Trojan-Downloader.Win32.Small.bsq skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003726.CPY Infected: Trojan-Downloader.Win32.Small.bsq skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003731.CPY Infected: Trojan-Downloader.Win32.VB.adg skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003735.CPY Infected: Trojan-Spy.Win32.Sters.ac skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003766.CPY Infected: Trojan-Spy.Win32.Sters.x skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003769.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003773.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011/A0003779.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011 CAB: infected - 21 skipped
c:\WINDOWS\.housecall\Quarantine\FS1672.CAB.bac_a89011 CryptFF.b: infected - 21 skipped
c:\WINDOWS\.housecall\Quarantine\FS1678.CAB.bac_a89011/A0006455.CPY Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
c:\WINDOWS\.housecall\Quarantine\FS1678.CAB.bac_a89011/A0006459.CPY Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped
c:\WINDOWS\.housecall\Quarantine\FS1678.CAB.bac_a89011 CAB: infected - 2 skipped
c:\WINDOWS\.housecall\Quarantine\FS1678.CAB.bac_a89011 CryptFF.b: infected - 2 skipped
c:\WINDOWS\.housecall\Quarantine\A0013138.CPY.bac_a89011 Infected: Trojan-Dropper.Win32.VB.lu skipped
c:\WINDOWS\.housecall\Quarantine\A0013139.CPY.bac_a89011 Infected: Trojan-Dropper.Win32.VB.lu skipped
c:\WINDOWS\.housecall\Quarantine\A0013250.CPY.bac_a89011 Infected: Trojan-Dropper.Win32.VB.lu skipped
c:\WINDOWS\.housecall\Quarantine\A0013248.CPY.bac_a89011 Infected: Trojan-Dropper.Win32.VB.lu skipped
c:\_RESTORE\TEMP\A0012401.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012413.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012414.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012420.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012421.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012422.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012424.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012425.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012438.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012445.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012457.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012458.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012459.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012460.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012461.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012462.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012463.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012464.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012465.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012466.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012472.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012473.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012474.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012475.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0009766.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012096.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012478.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012479.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012480.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012481.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012482.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012483.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012484.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012485.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012486.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012487.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012488.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012489.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012490.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012491.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012492.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012493.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012494.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012495.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012496.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012497.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012498.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012499.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012500.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012501.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012502.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012503.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012504.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012505.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012506.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012507.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012508.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012509.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012510.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012511.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012512.CPY Infected:
Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012513.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012514.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012515.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012516.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012517.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012518.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012519.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0012522.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013055.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013100.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013127.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013128.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013129.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013131.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013133.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013772.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013139.CPY Infected: Trojan-Dropper.Win32.VB.lu skipped
c:\_RESTORE\TEMP\A0013140.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013143.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013145.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013148.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013150.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013152.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013156.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013162.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013166.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013167.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013168.CPY Infected:
Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013169.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013170.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013171.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013172.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013175.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013179.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013183.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013187.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013190.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013207.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013214.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013215.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013241.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013242.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013243.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013244.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013245.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013246.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013247.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013248.CPY Infected: Trojan-Dropper.Win32.VB.lu skipped
c:\_RESTORE\TEMP\A0013249.CPY Infected: Trojan-Dropper.Win32.VB.lu skipped
c:\_RESTORE\TEMP\A0013250.CPY Infected: Trojan-Dropper.Win32.VB.lu skipped
c:\_RESTORE\TEMP\A0013251.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013257.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013258.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013259.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013262.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013263.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013270.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013279.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013286.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013287.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013288.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013289.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013473.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013474.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013475.CPY Infected: Trojan.Win32.Qhost.hl skipped
 

kinchar

Thread Starter
Joined
Jul 21, 2006
Messages
28
here's the rest of the scan
c:\_RESTORE\TEMP\A0013476.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013477.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013478.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013479.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013486.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013491.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013492.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013493.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013494.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013495.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013496.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013506.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013513.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013514.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013517.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013518.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013523.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013529.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013535.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013562.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013571.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013572.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013573.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013574.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013579.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013587.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013591.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013676.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013686.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013697.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013698.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013699.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013700.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013711.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013719.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013720.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013721.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013722.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013724.CPY Infected: Trojan-Downloader.Win32.VB.ahx skipped
c:\_RESTORE\TEMP\A0013725.CPY Infected: Trojan-Downloader.Win32.Banload.avj skipped
c:\_RESTORE\TEMP\A0013726.CPY/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\_RESTORE\TEMP\A0013726.CPY NSIS: infected - 1 skipped
c:\_RESTORE\TEMP\A0013727.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013728.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013732.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013733.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013739.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013740.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013741.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013742.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013743.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013744.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013745.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013749.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013750.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013751.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013752.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013753.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013765.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013766.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013775.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013783.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013784.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013787.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013792.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013800.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013801.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013806.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013807.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013808.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013809.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013814.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013815.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013816.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013817.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0013818.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0009779.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0009787.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0009788.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0009789.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0009790.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1753.CAB/A0011922.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1753.CAB/A0011923.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1753.CAB/A0011924.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1753.CAB/A0011934.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1753.CAB CAB: infected - 4 skipped
c:\_RESTORE\ARCHIVE\FS1754.CAB/A0011941.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1754.CAB/A0011949.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1754.CAB/A0011950.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1754.CAB/A0011953.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1754.CAB/A0011955.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1754.CAB/A0011959.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1754.CAB/A0011962.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1754.CAB/A0011969.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1754.CAB/A0011972.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1754.CAB/A0011982.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1754.CAB/A0011985.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1754.CAB/A0011986.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1754.CAB CAB: infected - 12 skipped
c:\_RESTORE\ARCHIVE\FS1705.CAB/A0006806.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1705.CAB CAB: infected - 1 skipped
c:\_RESTORE\ARCHIVE\FS1677.CAB/A0004099.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1677.CAB CAB: infected - 1 skipped
c:\_RESTORE\ARCHIVE\FS1671.CAB/A0003577.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\_RESTORE\ARCHIVE\FS1671.CAB/A0003583.CPY Infected: Trojan.Win32.OpenPort.c skipped
c:\_RESTORE\ARCHIVE\FS1671.CAB CAB: infected - 2 skipped
c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003680.CPY/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003680.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003681.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003682.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003688.CPY Infected: Trojan.Win32.OpenPort.c skipped
c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003689.CPY Infected: Trojan-Downloader.Win32.Small.bsq skipped
c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003691.CPY Infected: Trojan-Downloader.Win32.Small.bsq skipped
c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003701.CPY Infected: Trojan-Downloader.Win32.VB.adg skipped
c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003709.CPY Infected: Trojan-Spy.Win32.Sters.x skipped
c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003715.CPY/data0006 Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003715.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003719.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003720.CPY Infected: Trojan-Dropper.Win32.VB.nn skipped
c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003721.CPY Infected: Trojan-Downloader.Win32.Small.bsq skipped
c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003726.CPY Infected: Trojan-Downloader.Win32.Small.bsq skipped
c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003731.CPY Infected: Trojan-Downloader.Win32.VB.adg skipped
c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003735.CPY Infected: Trojan-Spy.Win32.Sters.ac skipped
c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003766.CPY Infected: Trojan-Spy.Win32.Sters.x skipped
c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003769.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003773.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1672.CAB/A0003779.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1672.CAB CAB: infected - 21 skipped
c:\_RESTORE\ARCHIVE\FS1702.CAB/A0006488.CPY Infected Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1702.CAB CAB: infected - 1 skipped
c:\_RESTORE\ARCHIVE\FS1674.CAB/A0003931.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1674.CAB CAB: infected - 1 skipped
c:\_RESTORE\ARCHIVE\FS1675.CAB/A0003965.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1675.CAB/A0003984.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1675.CAB/A0003995.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1675.CAB/A0004003.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1675.CAB/A0004010.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1675.CAB/A0004011.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1675.CAB/A0004012.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1675.CAB/A0004013.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1675.CAB/A0004014.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1675.CAB/A0004051.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1675.CAB/A0004080.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1675.CAB/A0004084.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1675.CAB/A0004087.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1675.CAB CAB: infected - 13 skipped
c:\_RESTORE\ARCHIVE\FS1676.CAB/A0004096.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1676.CAB CAB: infected - 1 skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006876.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006938.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006941.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006942.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006955.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006956.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006957.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006976.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006977.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006978.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006979.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006980.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006986.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006987.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006997.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006998.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0006999.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0007000.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0007001.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0007002.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0007003.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0007004.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0007005.CPY Infected: Trojan.Win32.Qhost.hl skipped c:\_RESTORE\ARCHIVE\FS1710.CAB/A0007006.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0007007.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB/A0007011.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1710.CAB CAB: infected - 26 skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007087.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007103.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007105.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007106.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007107.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007109.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007110.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007117.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007118.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007119.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007120.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007121.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007122.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007125.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007128.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007132.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007136.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007140.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007144.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007147.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007151.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007155.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007159.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007163.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007167.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007170.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007174.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB/A0007178.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1713.CAB CAB: infected - 28 skipped
c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006237.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006251.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006266.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006275.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006279.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006282.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006297.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006302.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006307.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006317.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006321.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006337.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006342.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006343.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006344.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1256.CAB/A0006345.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1256.CAB CAB: infected - 16 skipped
c:\_RESTORE\ARCHIVE\FS1679.CAB/A0004388.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1679.CAB CAB: infected - 1 skipped
c:\_RESTORE\ARCHIVE\FS1680.CAB/A0004393.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1680.CAB/A0004397.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1680.CAB/A0004400.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1680.CAB/A0004404.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1680.CAB/A0004408.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1680.CAB/A0004412.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1680.CAB/A0004415.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1680.CAB/A0004419.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1680.CAB/A0004423.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1680.CAB/A0004427.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1680.CAB/A0004430.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1680.CAB/A0004434.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1680.CAB CAB: infected - 12 skipped
c:\_RESTORE\ARCHIVE\FS1683.CAB/A0004718.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1683.CAB CAB: infected - 1 skipped
c:\_RESTORE\ARCHIVE\FS1690.CAB/A0005225.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1690.CAB CAB: infected - 1 skipped
c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005273.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005274.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005277.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005281.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005289.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005293.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005296.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005300.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005307.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005324.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005333.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005342.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005345.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\ARCHIVE\FS1692.CAB/A0005354.CPY Infected: Trojan.Win32.Qhost.hl skipped
 

cybertech

Retired Moderator
Joined
Apr 16, 2002
Messages
72,115
Empty the housecall Quarantine.
c:\_RESTORE we will flush after the machine is clean.


Repeat post #6 but this time do it in SAFE MODE.
 

kinchar

Thread Starter
Joined
Jul 21, 2006
Messages
28
ok it's done and you were right when you said killbox may tell me the file isn't there, but it only said that in safe mode....anyway here is my new hjt log and the O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
is still there. I also ran another scan and these are the infected portions only:

c:\WINDOWS\HOSTS.SAM Infected: Trojan.Win32.Qhost.hl skipped
c:\WINDOWS\SYSTEM\SBUtils\SBWebCtl.dll Infected: not-a-virus:AdWare.Win32.WindowEnhancer.c skipped
c:\WINDOWS\smss.exe Infected: Trojan-Spy.Win32.Sters.ac skipped
c:\_RESTORE\TEMP\A0000003.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0000019.CPY Infected: Trojan.Win32.Qhost.hl skipped
c:\_RESTORE\TEMP\A0000020.CPY Infected: Trojan.Win32.Qhost.hl skipped


Logfile of HijackThis v1.99.1
Scan saved at 5:56:04 PM, on 7/23/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMKEYBD.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\KEYBDMGR.EXE
C:\PROGRAM FILES\NETROPA\ONSCREEN DISPLAY\OSD.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\PROGRAM FILES\NETROPA\ONE-TOUCH MULTIMEDIA KEYBOARD\MMUSBKB2.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\HPSYSDRV.EXE
C:\WINDOWS\DELAYRUN.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SMSS.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
C:\WINDOWS\RunDLL.exe
C:\PROGRAM FILES\YOURWARE SOLUTIONS\FREERAM XP PRO\FREERAM XP PRO.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://hp.my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp.my.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [Delay] C:\WINDOWS\delayrun.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Microsoft Windows Session Manager Subsystem] C:\WINDOWS\smss.exe
O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
O4 - HKLM\..\Run: [Microsoft Windows Logon Process] C:\WINDOWS\winlogon.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [Keyboard Manager] c:\Program Files\Netropa\One-touch Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [Taskbar Display Controls] RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - Startup: POWERR~1.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_07\BIN\SSV.DLL
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http://hp.my.yahoo.com
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://darcmarv.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {869F3BBC-A812-4D13-A93B-7B3FC816DCD5} (McAfee.com Updater) - http://download.mcafee.com/molbin/clinic/virusscan/mcasupd.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_ansi.cab
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top