Windows Securty 2012 virus
Solved/Closed
Related:
- Windows Securty 2012 virus
- Kmspico windows 10 - Download - Other
- Need for speed most wanted 2012 download - Download - Racing
- Goose virus - Download - Other
- Windows 10 iso download 64-bit - Download - Windows
- Gta 5 download apk pc windows 10 - Download - Action and adventure
66 responses
Anonymous User
Jan 27, 2012 at 09:42 PM
Jan 27, 2012 at 09:42 PM
Download exehelper and malwarebytes from a clean PC to infected PC
http://www.raktor.net/exeHelper/exeHelper.com
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Boot the PC into safemode with networking
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Now Install malwarebytes,update and run a FULL SCAN
Download
https://support.kaspersky.com/downloads/utils/tdsskiller.exe
Launch it.Click on change parameters-Select TDLFS file system
Click on "Scan".Please post the LOG report
Please download GMER from here(doesnot work on 64 bit OS)
http://www2.gmer.net/download.php
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
http://www.raktor.net/exeHelper/exeHelper.com
https://ccm.net/downloads/security-and-maintenance/4621-malwarebytes-anti-malware/
Boot the PC into safemode with networking
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Now Install malwarebytes,update and run a FULL SCAN
Download
https://support.kaspersky.com/downloads/utils/tdsskiller.exe
Launch it.Click on change parameters-Select TDLFS file system
Click on "Scan".Please post the LOG report
Please download GMER from here(doesnot work on 64 bit OS)
http://www2.gmer.net/download.php
Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)
If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.
Anonymous User
Jan 28, 2012 at 08:01 PM
Jan 28, 2012 at 08:01 PM
I can get back all your programs before that i need logs
Please follow the instructions.
Run malwarebytes,TDSSkiller and GMER and post the logs
Press Windows+R key and type
%temp% and click ok
If you find a folder called SMTMP ,back it up to a safe location
Please post the logs in your next reply
Please follow the instructions.
Run malwarebytes,TDSSkiller and GMER and post the logs
Press Windows+R key and type
%temp% and click ok
If you find a folder called SMTMP ,back it up to a safe location
Please post the logs in your next reply
I cant run Malware bytes. I am in safe mode. Ran Exehelper - ok , then tried to install malwarebytes and got run time error 5 access denied. I apologize for my ignorance. Thank you so much for taking your time & helping me I really appreciate it. I had malwarebytes running a full scan I walked away while it ran which was like an hour and when it finished it disappeared and now I cant get it to run.
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 912012902
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
1/29/2012 3:21:19 PM
mbam-log-2012-01-29 (15-20-37).txt
Scan type: Full scan (C:\|)
Objects scanned: 312002
Time elapsed: 1 hour(s), 1 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 12
Folders Infected: 0
Files Infected: 37
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LJBJnRHnXfQaR.exe (Trojan.FakeMS) -> Value: LJBJnRHnXfQaR.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger (Security.Hijack) -> Value: Debugger -> No action taken.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Matthew Mitchell\Local Settings\Application Data\utq.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\all users\application data\ljbjnrhnxfqar.exe (Trojan.FakeMS) -> No action taken.
c:\documents and settings\all users\application data\b2c9j9obvnp8fi.exe (Rogue.FakeHDD) -> No action taken.
c:\documents and settings\all users\application data\hnqivklguoudnp.exe (Rogue.FakeHDD) -> No action taken.
c:\documents and settings\all users\application data\mrsahbvtphnii.exe (Trojan.FakeAlert) -> No action taken.
c:\documents and settings\all users\application data\o2damvcrztzqor.exe (Rogue.FakeHDD) -> No action taken.
c:\documents and settings\Guest\local settings\Temp\00017768.exe (Trojan.FakeAV.Gen) -> No action taken.
c:\documents and settings\Guest\local settings\Temp\la8e4i9z.exe.part (Trojan.FakeAV) -> No action taken.
c:\documents and settings\Guest\local settings\Temp\qxsjy8oy.exe.part (Trojan.FakeAV) -> No action taken.
c:\documents and settings\Guest\local settings\Temp\icreinstall\videotomp3setup.exe (Adware.Agent) -> No action taken.
c:\documents and settings\matthew mitchell\local settings\temporary internet files\Content.IE5\6P820VR1\fpishzgukueugzgsyok[1].exe (Trojan.FakeMS) -> No action taken.
c:\documents and settings\matthew mitchell\local settings\temporary internet files\Content.IE5\6P820VR1\scandsk1007c_8051[1].exe (Trojan.FakeAlert) -> No action taken.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(10).exe (Rogue.MSRemovalTool) -> No action taken.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(11).exe (Rogue.MSRemovalTool) -> No action taken.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(2).exe (Rogue.MSRemovalTool) -> No action taken.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(3).exe (Rogue.MSRemovalTool) -> No action taken.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(4).exe (Rogue.MSRemovalTool) -> No action taken.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(6).exe (Rogue.MSRemovalTool) -> No action taken.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(7).exe (Rogue.MSRemovalTool) -> No action taken.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(8).exe (Rogue.MSRemovalTool) -> No action taken.
c:\documents and settings\MOM\application data\auditpol.dll (Trojan.Downloader) -> No action taken.
c:\documents and settings\MOM\local settings\application data\jsc.exe (Trojan.FakeAlert) -> No action taken.
c:\documents and settings\MOM\local settings\application data\nmv.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\MOM\local settings\Temp\msimg32.dll (Trojan.Agent) -> No action taken.
c:\documents and settings\Nick\local settings\application data\syssvc.exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\Nick\local settings\temporary internet files\Content.IE5\CB0PUT8N\video[1].exe (Trojan.FakeAV) -> No action taken.
c:\RECYCLER\s-1-5-21-789336058-1604221776-1801674531-501\Dc15.exe (Adware.Hotbar) -> No action taken.
c:\RECYCLER\s-1-5-21-789336058-1604221776-1801674531-501\Dc2.exe (Trojan.FakeAlert) -> No action taken.
c:\RECYCLER\s-1-5-21-789336058-1604221776-1801674531-501\Dc20.exe (Adware.Agent) -> No action taken.
c:\RECYCLER\s-1-5-21-789336058-1604221776-1801674531-501\Dc21.exe (Adware.Hotbar) -> No action taken.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP589\A0069897.DLL (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP589\A0069898.DLL (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP589\A0069899.DLL (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP589\A0069902.exe (Trojan.Dropper) -> No action taken.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP590\A0069945.exe (Trojan.Dropper) -> No action taken.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP593\A0070743.exe (Trojan.Downloader) -> No action taken.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP610\A0074933.exe (Trojan.FakeMS) -> No action taken.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP629\A0076310.exe (Trojan.FakeMS) -> No action taken.
www.malwarebytes.org
Database version: 912012902
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
1/29/2012 3:21:19 PM
mbam-log-2012-01-29 (15-20-37).txt
Scan type: Full scan (C:\|)
Objects scanned: 312002
Time elapsed: 1 hour(s), 1 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 12
Folders Infected: 0
Files Infected: 37
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LJBJnRHnXfQaR.exe (Trojan.FakeMS) -> Value: LJBJnRHnXfQaR.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger (Security.Hijack) -> Value: Debugger -> No action taken.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Matthew Mitchell\Local Settings\Application Data\utq.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\all users\application data\ljbjnrhnxfqar.exe (Trojan.FakeMS) -> No action taken.
c:\documents and settings\all users\application data\b2c9j9obvnp8fi.exe (Rogue.FakeHDD) -> No action taken.
c:\documents and settings\all users\application data\hnqivklguoudnp.exe (Rogue.FakeHDD) -> No action taken.
c:\documents and settings\all users\application data\mrsahbvtphnii.exe (Trojan.FakeAlert) -> No action taken.
c:\documents and settings\all users\application data\o2damvcrztzqor.exe (Rogue.FakeHDD) -> No action taken.
c:\documents and settings\Guest\local settings\Temp\00017768.exe (Trojan.FakeAV.Gen) -> No action taken.
c:\documents and settings\Guest\local settings\Temp\la8e4i9z.exe.part (Trojan.FakeAV) -> No action taken.
c:\documents and settings\Guest\local settings\Temp\qxsjy8oy.exe.part (Trojan.FakeAV) -> No action taken.
c:\documents and settings\Guest\local settings\Temp\icreinstall\videotomp3setup.exe (Adware.Agent) -> No action taken.
c:\documents and settings\matthew mitchell\local settings\temporary internet files\Content.IE5\6P820VR1\fpishzgukueugzgsyok[1].exe (Trojan.FakeMS) -> No action taken.
c:\documents and settings\matthew mitchell\local settings\temporary internet files\Content.IE5\6P820VR1\scandsk1007c_8051[1].exe (Trojan.FakeAlert) -> No action taken.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(10).exe (Rogue.MSRemovalTool) -> No action taken.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(11).exe (Rogue.MSRemovalTool) -> No action taken.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(2).exe (Rogue.MSRemovalTool) -> No action taken.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(3).exe (Rogue.MSRemovalTool) -> No action taken.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(4).exe (Rogue.MSRemovalTool) -> No action taken.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(6).exe (Rogue.MSRemovalTool) -> No action taken.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(7).exe (Rogue.MSRemovalTool) -> No action taken.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(8).exe (Rogue.MSRemovalTool) -> No action taken.
c:\documents and settings\MOM\application data\auditpol.dll (Trojan.Downloader) -> No action taken.
c:\documents and settings\MOM\local settings\application data\jsc.exe (Trojan.FakeAlert) -> No action taken.
c:\documents and settings\MOM\local settings\application data\nmv.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\MOM\local settings\Temp\msimg32.dll (Trojan.Agent) -> No action taken.
c:\documents and settings\Nick\local settings\application data\syssvc.exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\Nick\local settings\temporary internet files\Content.IE5\CB0PUT8N\video[1].exe (Trojan.FakeAV) -> No action taken.
c:\RECYCLER\s-1-5-21-789336058-1604221776-1801674531-501\Dc15.exe (Adware.Hotbar) -> No action taken.
c:\RECYCLER\s-1-5-21-789336058-1604221776-1801674531-501\Dc2.exe (Trojan.FakeAlert) -> No action taken.
c:\RECYCLER\s-1-5-21-789336058-1604221776-1801674531-501\Dc20.exe (Adware.Agent) -> No action taken.
c:\RECYCLER\s-1-5-21-789336058-1604221776-1801674531-501\Dc21.exe (Adware.Hotbar) -> No action taken.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP589\A0069897.DLL (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP589\A0069898.DLL (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP589\A0069899.DLL (PUP.FunWebProducts) -> No action taken.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP589\A0069902.exe (Trojan.Dropper) -> No action taken.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP590\A0069945.exe (Trojan.Dropper) -> No action taken.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP593\A0070743.exe (Trojan.Downloader) -> No action taken.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP610\A0074933.exe (Trojan.FakeMS) -> No action taken.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP629\A0076310.exe (Trojan.FakeMS) -> No action taken.
Anonymous User
Jan 29, 2012 at 07:50 PM
Jan 29, 2012 at 07:50 PM
Hi
> No action taken.
You have not removed infections.
Run malwarebytes scan again.Right click on infection results-Select all
Now click on REMOVE infections
I want you to run malwarebytes in normal mode(full scan ) and post the clean log
Download
https://www.broadcom.com/support/security-center
Launch it,it should ask for a restart,let me know what it finds
Try to run GMER after removing infections found by FIXTDSS
Download
http://public.avast.com/~gmerek/aswMBR.exe
Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log
Post the log results here
> No action taken.
You have not removed infections.
Run malwarebytes scan again.Right click on infection results-Select all
Now click on REMOVE infections
I want you to run malwarebytes in normal mode(full scan ) and post the clean log
Download
https://www.broadcom.com/support/security-center
Launch it,it should ask for a restart,let me know what it finds
Try to run GMER after removing infections found by FIXTDSS
Download
http://public.avast.com/~gmerek/aswMBR.exe
Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log
Post the log results here
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 912012902
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/30/2012 7:19:27 PM
mbam-log-2012-01-30 (19-19-27).txt
Scan type: Quick scan
Objects scanned: 252435
Time elapsed: 1 hour(s), 8 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 69
Registry Values Infected: 18
Registry Data Items Infected: 15
Folders Infected: 0
Files Infected: 25
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe (Security.Hijack) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LJBJnRHnXfQaR.exe (Trojan.FakeMS) -> Value: LJBJnRHnXfQaR.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\0 (Security.Hijack) -> Value: 0 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> Value: 1 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2 (Security.Hijack) -> Value: 2 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> Value: 3 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> Value: 4 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5 (Security.Hijack) -> Value: 5 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6 (Security.Hijack) -> Value: 6 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7 (Security.Hijack) -> Value: 7 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8 (Security.Hijack) -> Value: 8 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9 (Security.Hijack) -> Value: 9 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\10 (Security.Hijack) -> Value: 10 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\11 (Security.Hijack) -> Value: 11 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\12 (Security.Hijack) -> Value: 12 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\13 (Security.Hijack) -> Value: 13 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\14 (Security.Hijack) -> Value: 14 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\15 (Security.Hijack) -> Value: 15 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=8051&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Matthew Mitchell\Local Settings\Application Data\utq.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\all users\application data\ljbjnrhnxfqar.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\mrsahbvtphnii.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\o2damvcrztzqor.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\b2c9j9obvnp8fi.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\hnqivklguoudnp.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\isecurity.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\MOM\application data\auditpol.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-789336058-1604221776-1801674531-501\Dc15.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-789336058-1604221776-1801674531-501\Dc2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-789336058-1604221776-1801674531-501\Dc20.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-789336058-1604221776-1801674531-501\Dc21.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\rstrui.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\00017768.exe (Trojan.FakeAV.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\la8e4i9z.exe.part (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\qxsjy8oy.exe.part (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\icreinstall\videotomp3setup.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\MOM\local settings\Temp\msimg32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\MOM\local settings\application data\jsc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\MOM\local settings\application data\nmv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Nick\local settings\application data\syssvc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\local settings\temporary internet files\Content.IE5\6P820VR1\scandsk1007c_8051[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\local settings\temporary internet files\Content.IE5\6P820VR1\fpishzgukueugzgsyok[1].exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\Nick\local settings\temporary internet files\Content.IE5\CB0PUT8N\video[1].exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
www.malwarebytes.org
Database version: 912012902
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
1/30/2012 7:19:27 PM
mbam-log-2012-01-30 (19-19-27).txt
Scan type: Quick scan
Objects scanned: 252435
Time elapsed: 1 hour(s), 8 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 69
Registry Values Infected: 18
Registry Data Items Infected: 15
Folders Infected: 0
Files Infected: 25
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AdwarePrj.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\agent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AlphaAV.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Anti-Virus Professional.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntispywarXP2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPlus.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusPro_2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntivirusXP.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\antivirusxppro2009.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiVirus_Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\av360.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVCare.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\brastk.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Cl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\csc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dop.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\frmwrk32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\gbn976rl.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\homeav2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\init32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\MalwareRemoval.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ozn695m5.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsAuxs.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsGui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsSvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pctsTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PC_Antispyware2010.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\pdfndr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PerAvir.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\personalguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\qh.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quick Heal.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QuickHealCleaner.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rwg.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SafetyKeeper.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Save.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveArmor.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveDefense.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveKeep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Secure Veteran.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\secureveteran.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Security Center.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SecurityFighter.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\securitysoldier.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smart.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smartprotector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smrtdefp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftSafeness.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spywarexpguard.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tapinstall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrustWarrior.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\tsc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\W3asbas.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\winav.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windll32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\windows Police Pro.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xpdeluxe.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\xp_antispyware.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~1.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\~2.exe (Security.Hijack) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\LJBJnRHnXfQaR.exe (Trojan.FakeMS) -> Value: LJBJnRHnXfQaR.exe -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\0 (Security.Hijack) -> Value: 0 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\1 (Security.Hijack) -> Value: 1 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\2 (Security.Hijack) -> Value: 2 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\3 (Security.Hijack) -> Value: 3 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\4 (Security.Hijack) -> Value: 4 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\5 (Security.Hijack) -> Value: 5 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\6 (Security.Hijack) -> Value: 6 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\7 (Security.Hijack) -> Value: 7 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\8 (Security.Hijack) -> Value: 8 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\9 (Security.Hijack) -> Value: 9 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\10 (Security.Hijack) -> Value: 10 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\11 (Security.Hijack) -> Value: 11 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\12 (Security.Hijack) -> Value: 12 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\13 (Security.Hijack) -> Value: 13 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\14 (Security.Hijack) -> Value: 14 -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun\15 (Security.Hijack) -> Value: 15 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe\Debugger (Security.Hijack) -> Value: Debugger -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CLASSES_ROOT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\URL (Hijack.SearchPage) -> Bad: (http://findgala.com/?&uid=8051&q={searchTerms}) Good: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Matthew Mitchell\Local Settings\Application Data\utq.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") Good: (iexplore.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\all users\application data\ljbjnrhnxfqar.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\mrsahbvtphnii.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\o2damvcrztzqor.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\b2c9j9obvnp8fi.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\hnqivklguoudnp.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\isecurity.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\MOM\application data\auditpol.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-789336058-1604221776-1801674531-501\Dc15.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-789336058-1604221776-1801674531-501\Dc2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-789336058-1604221776-1801674531-501\Dc20.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-789336058-1604221776-1801674531-501\Dc21.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\4.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\6.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\administrator\local settings\Temp\rstrui.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\00017768.exe (Trojan.FakeAV.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\la8e4i9z.exe.part (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\qxsjy8oy.exe.part (Trojan.FakeAV) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\icreinstall\videotomp3setup.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\MOM\local settings\Temp\msimg32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\MOM\local settings\application data\jsc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\MOM\local settings\application data\nmv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Nick\local settings\application data\syssvc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\local settings\temporary internet files\Content.IE5\6P820VR1\scandsk1007c_8051[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\local settings\temporary internet files\Content.IE5\6P820VR1\fpishzgukueugzgsyok[1].exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\documents and settings\Nick\local settings\temporary internet files\Content.IE5\CB0PUT8N\video[1].exe (Trojan.FakeAV) -> Quarantined and deleted successfully.
Anonymous User
Jan 30, 2012 at 06:43 PM
Jan 30, 2012 at 06:43 PM
Download
https://download.bleepingcomputer.com/grinler/unhide.exe
Boot into safemode with networking,
Launch it,allow it to run ,it should restore all your hidden files
Please follow the instructions.
Run malwarebytes once in normal mode( fullscan),post the clean log alone
Run TDSSkiller and GMER as instructed in my first reply and post the logs
Press Windows+R key and type
%temp% and click ok
If you find a folder called SMTMP ,back it up to a safe location
Let me know how it went.
Please follow my instructions.Do not post the EXEHELPER.COM log everytime
Thanks
https://download.bleepingcomputer.com/grinler/unhide.exe
Boot into safemode with networking,
Launch it,allow it to run ,it should restore all your hidden files
Please follow the instructions.
Run malwarebytes once in normal mode( fullscan),post the clean log alone
Run TDSSkiller and GMER as instructed in my first reply and post the logs
Press Windows+R key and type
%temp% and click ok
If you find a folder called SMTMP ,back it up to a safe location
Let me know how it went.
Please follow my instructions.Do not post the EXEHELPER.COM log everytime
Thanks
im posting this here becuase it will be hidden after restart. 2nd scan Log -
Objects scanned: 315178
Time elapsed: 4 hour(s), 45 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 21
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP593\A0070743.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP610\A0074933.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP629\A0076310.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP630\A0078354.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP630\A0078355.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP630\A0078356.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP630\A0078357.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP589\A0069902.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP589\A0069897.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP589\A0069898.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP589\A0069899.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP590\A0069945.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\application data\Sun\Java\deployment\cache\6.0\41\776bf8a9-4faf98ad (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(10).exe (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(11).exe (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(2).exe (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(3).exe (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(4).exe (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(6).exe (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(7).exe (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(8).exe (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
Objects scanned: 315178
Time elapsed: 4 hour(s), 45 minute(s), 8 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 21
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP593\A0070743.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP610\A0074933.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP629\A0076310.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP630\A0078354.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP630\A0078355.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP630\A0078356.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP630\A0078357.exe (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP589\A0069902.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP589\A0069897.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP589\A0069898.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP589\A0069899.DLL (PUP.FunWebProducts) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3983c03a-f7a8-4e74-8111-8b150eae382e}\RP590\A0069945.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\application data\Sun\Java\deployment\cache\6.0\41\776bf8a9-4faf98ad (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(10).exe (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(11).exe (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(2).exe (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(3).exe (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(4).exe (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(6).exe (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(7).exe (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\my documents\my videos\FlexView\new folder\clean(8).exe (Rogue.MSRemovalTool) -> Quarantined and deleted successfully.
Didn't find the answer you are looking for?
Ask a question
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Feb 1, 2012 at 04:01 PM
Feb 1, 2012 at 04:01 PM
Hello,
Nobody has replied to you since January 31st. How is your system behaving? Do you need further help?
Nobody has replied to you since January 31st. How is your system behaving? Do you need further help?
Yes I still need help... I am still having the same issues. 10 to 15 messages saying system 32 failed to write messages, "system Check" comes up and tells me I have a few errors and then wants me to update and give my CC info... I know this is a virus. I am using Malware Bytes in safe mode because I have no programs or documents shown, I have to download it every time I restart , I use it to Scan and delete infections but I cannot get it to get the Pc completely clean. I ran Tdsskiller and it told me some Virus called Backdoor was found but I dont know what to do after that... I also tried the Gmer app but I have no idea what it is for.... I would like to find out how to delete this System Check virus and get back my files...
Hi
You're not following any instructions as suggested.
I'm still waiting for you to post the malwarebytes clean log
Did you run UNHIDE fix which i gave?
You said TDSSkiller is not working but now you say that tdsskiller found backdoor
You're not interested in running GMER and aswMBR
You're still waiting for instructions when you did not post the logs and you are not following my instructions
I'm sorry but how can i help you ?
You're not following any instructions as suggested.
I'm still waiting for you to post the malwarebytes clean log
Did you run UNHIDE fix which i gave?
You said TDSSkiller is not working but now you say that tdsskiller found backdoor
You're not interested in running GMER and aswMBR
You're still waiting for instructions when you did not post the logs and you are not following my instructions
I'm sorry but how can i help you ?
3rd time I ran this and still getting infections... As far as I know (Backdoor.Bot) is what tdssfix found... Running Malware until I get a clean system...
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 912020206
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
2/2/2012 3:11:41 PM
mbam-log-2012-02-02 (15-11-41).txt
Scan type: Quick scan
Objects scanned: 252408
Time elapsed: 46 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KndCLIWLJesl.exe (Rogue.Agent.SA) -> Value: KndCLIWLJesl.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PAwhgCLyHSr.exe (Rogue.Agent.SA) -> Value: PAwhgCLyHSr.exe -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\matthew mitchell\local settings\Temp\131068.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\local settings\Temp\278524.exhttp://ccm.net/forum/affich-637813-windows-securty-2012-virus#tope -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 912020206
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
2/2/2012 3:11:41 PM
mbam-log-2012-02-02 (15-11-41).txt
Scan type: Quick scan
Objects scanned: 252408
Time elapsed: 46 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KndCLIWLJesl.exe (Rogue.Agent.SA) -> Value: KndCLIWLJesl.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PAwhgCLyHSr.exe (Rogue.Agent.SA) -> Value: PAwhgCLyHSr.exe -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\matthew mitchell\local settings\Temp\131068.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\local settings\Temp\278524.exe -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\local settings\Temp\wpbt0.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\local settings\temporary internet files\Content.IE5\6P820VR1\setup[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\kndcliwljesl.exe (Rogue.Agent.SA) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\pawhgclyhsr.exe (Rogue.Agent.SA) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\local settings\Temp\wpbt0.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\local settings\temporary internet files\Content.IE5\6P820VR1\setup[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\kndcliwljesl.exe (Rogue.Agent.SA) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\pawhgclyhsr.exe (Rogue.Agent.SA) -> Quarantined and deleted successfully.
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 912020206
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
2/2/2012 3:11:41 PM
mbam-log-2012-02-02 (15-11-41).txt
Scan type: Quick scan
Objects scanned: 252408
Time elapsed: 46 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KndCLIWLJesl.exe (Rogue.Agent.SA) -> Value: KndCLIWLJesl.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PAwhgCLyHSr.exe (Rogue.Agent.SA) -> Value: PAwhgCLyHSr.exe -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\matthew mitchell\local settings\Temp\131068.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\local settings\Temp\278524.exhttp://ccm.net/forum/affich-637813-windows-securty-2012-virus#tope -> Quarantined and deleted successfully. Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 912020206
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
2/2/2012 3:11:41 PM
mbam-log-2012-02-02 (15-11-41).txt
Scan type: Quick scan
Objects scanned: 252408
Time elapsed: 46 minute(s), 26 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\KndCLIWLJesl.exe (Rogue.Agent.SA) -> Value: KndCLIWLJesl.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PAwhgCLyHSr.exe (Rogue.Agent.SA) -> Value: PAwhgCLyHSr.exe -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\documents and settings\matthew mitchell\local settings\Temp\131068.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\local settings\Temp\278524.exe -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\local settings\Temp\wpbt0.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\local settings\temporary internet files\Content.IE5\6P820VR1\setup[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\kndcliwljesl.exe (Rogue.Agent.SA) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\pawhgclyhsr.exe (Rogue.Agent.SA) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\local settings\Temp\wpbt0.dll (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\matthew mitchell\local settings\temporary internet files\Content.IE5\6P820VR1\setup[1].exe (Heuristics.Shuriken) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\kndcliwljesl.exe (Rogue.Agent.SA) -> Quarantined and deleted successfully.
c:\documents and settings\all users\application data\pawhgclyhsr.exe (Rogue.Agent.SA) -> Quarantined and deleted successfully.
Anonymous User
Feb 2, 2012 at 04:22 PM
Feb 2, 2012 at 04:22 PM
Press Windows+R key and type
cmd and click ok
Now run these commands
cd\
cd Windows\System32
attrib -h c:\*.* /s /d
Allow it to run,till it makes your files to unhide.
I will wait for MALWAREBYTES AND ASWMBR log
Do not click on ADD COMMENTS,i want you to click on REPLY OPTION at the bottom of the page and post the LOGS
Thanks
cmd and click ok
Now run these commands
cd\
cd Windows\System32
attrib -h c:\*.* /s /d
Allow it to run,till it makes your files to unhide.
I will wait for MALWAREBYTES AND ASWMBR log
Do not click on ADD COMMENTS,i want you to click on REPLY OPTION at the bottom of the page and post the LOGS
Thanks
Anonymous User
Feb 2, 2012 at 08:45 PM
Feb 2, 2012 at 08:45 PM
Download
http://www.geekstogo.com/forum/files/file/441-mbrcheck/
Double click MBRCheck.exe
It will show a Black screen with some information that will contain either the below line if no problem is found:
Press ENTER to exit...
Or
you will see more information like below if a problem is found:
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
just choose to exit the program at this point since we want to see only the scan results to begin with.
MBRCheck will create a log on the desktop,post the log result
http://www.geekstogo.com/forum/files/file/441-mbrcheck/
Double click MBRCheck.exe
It will show a Black screen with some information that will contain either the below line if no problem is found:
Press ENTER to exit...
Or
you will see more information like below if a problem is found:
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
just choose to exit the program at this point since we want to see only the scan results to begin with.
MBRCheck will create a log on the desktop,post the log result
Anonymous User
Feb 2, 2012 at 10:15 PM
Feb 2, 2012 at 10:15 PM
Did you restart your computer?
Did you face any issues?
I want you to run aswmbr and TDSSkiller now
Launch mbrcheck.exe ,press N to exit.Post the latest MBR check log on the desktop
Did you face any issues?
I want you to run aswmbr and TDSSkiller now
Launch mbrcheck.exe ,press N to exit.Post the latest MBR check log on the desktop
Anonymous User
Feb 2, 2012 at 10:46 PM
Feb 2, 2012 at 10:46 PM
You cant run because you still have a infected MBR
37 GB \\.\PhysicalDrive0 MBR Code Faked!
I want you to follow the instructions again
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Press 1 at this stage ,type YES and press ENTER
delete the mbrcheck logs present in desktop
Restart the PC and rerun mbrcheck to generate log,post it here
37 GB \\.\PhysicalDrive0 MBR Code Faked!
I want you to follow the instructions again
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Press 1 at this stage ,type YES and press ENTER
delete the mbrcheck logs present in desktop
Restart the PC and rerun mbrcheck to generate log,post it here
Anonymous User
Feb 2, 2012 at 11:01 PM
Feb 2, 2012 at 11:01 PM
Thats ok ,lets try another way
run mbrcheck again,press 2
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Press 0(NOT 1) at this stage ,type YES and press ENTER
Restart the PC and let me know IF you can run TDSSkiller and aswmbr
run mbrcheck again,press 2
Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows XP)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel
Press 0(NOT 1) at this stage ,type YES and press ENTER
Restart the PC and let me know IF you can run TDSSkiller and aswmbr
Anonymous User
Feb 3, 2012 at 05:57 PM
Feb 3, 2012 at 05:57 PM
I want you to run TDSSkiller using this method
http://ccm.net/faq/18862-rootkit-boot-sst
Follow the procedures given there
You should be able to run TDSSkiller
Delete the unknown modules alone as described in the pictures,let me know how it went
http://ccm.net/faq/18862-rootkit-boot-sst
Follow the procedures given there
You should be able to run TDSSkiller
Delete the unknown modules alone as described in the pictures,let me know how it went
Anonymous User
Feb 4, 2012 at 10:21 AM
Feb 4, 2012 at 10:21 AM
Thats a great improvement,I want you to restart the PC ,run TDSSkiller again,run aswmbr again and post the new logs
TDSSkiller log is present in C drive.Make sure you get the latest one
TDSSkiller log is present in C drive.Make sure you get the latest one
Anonymous User
Feb 4, 2012 at 08:32 PM
Feb 4, 2012 at 08:32 PM
That looks good
Download
https://download.bleepingcomputer.com/sUBs/ComboFix.exe
Close any open browsers or any other programs that are open.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Double click on combofix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so
When finished, it will produce a report for you.
Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
In your next post I need the following
* Log from Combofix
* How is the computer doing now?
Download
https://download.bleepingcomputer.com/sUBs/ComboFix.exe
Close any open browsers or any other programs that are open.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Double click on combofix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so
When finished, it will produce a report for you.
Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer
In your next post I need the following
* Log from Combofix
* How is the computer doing now?
So I only have the trial version of Malware bytes as you gave me, and It wont give me an option to disable protection since I dont have the full version. So i just uninstalled it and rebooted and then ran combofix. It went all the way through and got stuck on "creating a log" step for 35 min.... I am trying again and it still says combofix has detected the following antivirus realtime protection: *** "Malware Protection Center" ***..... I have no idea how to disable this as I dont even know what it is, I was assuming it as Malware Bytes.... SORRY!!!
Anonymous User
Feb 5, 2012 at 12:26 AM
Feb 5, 2012 at 12:26 AM
I want you to run combofix once again(need not post the log)
Restart your PC twice
Press Windows+R key and type
combofix /uninstall
click ok
This should uninstall your combofix
Download
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
Launch it,it will close all running programs
click on START,it should ask for reboot
Download
https://download.bleepingcomputer.com/farbar/MiniToolBox.exe
Checkmark following boxes:
Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
Click Go and post the result.
Make sure to post the logs by clicking on REPLY
Restart your PC twice
Press Windows+R key and type
combofix /uninstall
click ok
This should uninstall your combofix
Download
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
Launch it,it will close all running programs
click on START,it should ask for reboot
Download
https://download.bleepingcomputer.com/farbar/MiniToolBox.exe
Checkmark following boxes:
Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
Click Go and post the result.
Make sure to post the logs by clicking on REPLY
Anonymous User
Feb 6, 2012 at 09:41 PM
Feb 6, 2012 at 09:41 PM
I'm sorry,i didnot see it
Uninstall eset online scanner,norton online scan
You do not have an antivirus.
I would recommend you installing AVG or avira free versions
Your RAM size is low.It is better to upgrade it to 1 GB
What are the issues you face now?
Uninstall eset online scanner,norton online scan
You do not have an antivirus.
I would recommend you installing AVG or avira free versions
Your RAM size is low.It is better to upgrade it to 1 GB
What are the issues you face now?
Anonymous User
Feb 8, 2012 at 10:20 AM
Feb 8, 2012 at 10:20 AM
You're most welcome
I want you to do this
Turn off system restore,restart the PC,turn on system restore and create a new restore point
https://support.microsoft.com/en-us/help/310405
good luck
I want you to do this
Turn off system restore,restart the PC,turn on system restore and create a new restore point
https://support.microsoft.com/en-us/help/310405
good luck
Ambucias
Posts
47310
Registration date
Monday February 1, 2010
Status
Moderator
Last seen
February 15, 2023
11,162
Feb 8, 2012 at 04:06 PM
Feb 8, 2012 at 04:06 PM
@Sundar, That was a lot of hard work! Fantastic noble acheivement! Congratulations! You are a winner!
Ambucias
P.S. Your last advice is also right on!
(I was following as some of the logs got filtered and I restored them)
Ambucias
P.S. Your last advice is also right on!
(I was following as some of the logs got filtered and I restored them)
I dont have any options in my start menu everything is blank. How to I run safe mode through a command line?
exeHelper by Raktor
Build 20100414
Run at 14:20:09 on 01/28/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
Build 20100414
Run at 14:20:09 on 01/28/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
Database version: 912020206
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
2/2/2012 6:14:05 PM
mbam-log-2012-02-02 (18-14-05).txt
Scan type: Quick scan
Objects scanned: 252420
Time elapsed: 16 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
www.malwarebytes.org
Database version: 912020206
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
2/2/2012 6:14:05 PM
mbam-log-2012-02-02 (18-14-05).txt
Scan type: Quick scan
Objects scanned: 252420
Time elapsed: 16 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)