WiredWX Hobby Weather ToolsLog in

 


"Internet Security 2010" problem - Malware

2 posters

description"Internet Security 2010" problem - Malware Empty"Internet Security 2010" problem - Malware

more_horiz
My computer has been infected with IS2010 and it's wreaking havoc. When I boot up, I have to do so by getting past the welcome screen and then opening my task manager and starting "explorer". Even then all of my icons on my desktop have a blue background. I'm running XP home SP3. My system restore is locked up as well. I've downloaded HJT and did a report. Here it is. I want to say thank you in advance for providing this service. You guys are great!

btw, I have Malwarebytes installed, but it won't let me update the latest updates. I did try to run MBAM without the updates but it did nothing. to help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:38:53 PM, on 12/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\FastNetSrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\msc.exe
C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUME~1\JAMESK~1\LOCALS~1\Temp\r.exe
C:\Documents and Settings\James Kaiser\Desktop\winlogon.scr

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080425
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tattoodle.com?tid={136BC09B-C031-470b-80EF-988CB2693E5E}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=20008&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080425
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: EmailBHO - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll
O2 - BHO: BrowserHelper Class - {8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6} - (no file)
O2 - BHO: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: Burn4Free Toolbar Helper - {D187A56B-A33F-4CBE-9D77-459FC0BAE012} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Megaupload Toolbar - {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - C:\PROGRA~1\MEGAUP~2\MEGAUP~1.DLL
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Burn4Free Toolbar - {4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - C:\Program Files\Burn4Free Toolbar\v3.3.0.3\Burn4Free_Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SmartDefrag] "C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe" /StartUp
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Qzeligegopepubi] rundll32.exe "C:\WINDOWS\owicaken.dll",Startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\RunOnce: [Uninstall Adobe Download Manager] "C:\WINDOWS\system32\rundll32.exe" "C:\Program Files\NOS\bin\getPlus_Helper.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [Zeldar] C:\DOCUME~1\JAMESK~1\LOCALS~1\Temp\r.exe
O4 - HKUS\S-1-5-21-4239781055-3274666663-2365450077-1016\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (User 'holdemmanager02')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: absoƖute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\James Kaiser\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra 'Tools' menuitem: absoƖute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\James Kaiser\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (HKCU)
O9 - Extra button: The Poker Community - {23ce1f91-bc56-49f9-be01-bddf4ef76305} - C:\Documents and Settings\James Kaiser\Start Menu\Programs\The Poker Community\The Poker Community.lnk (HKCU)
O9 - Extra button: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\Documents and Settings\All Users\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra 'Tools' menuitem: UltimateBet - {3EB3B7E8-1466-405A-B5BC-44513AF85E34} - C:\Documents and Settings\All Users\Start Menu\Programs\UltimateBet\UltimateBet.lnk (HKCU)
O9 - Extra button: Walker Poker - {533caed3-32dd-436e-9e56-27e70d5190bb} - C:\Documents and Settings\James Kaiser\Start Menu\Programs\Walker Poker\Walker Poker.lnk (HKCU)
O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\James Kaiser\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\iEvony\Skype4COM.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: fastnetsrv Service (fastnetsrv) - Netopsystems A - C:\WINDOWS\system32\FastNetSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11902 bytes

description"Internet Security 2010" problem - Malware EmptyRe: "Internet Security 2010" problem - Malware

more_horiz
Please download ComboFix "Internet Security 2010" problem - Malware Combofix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com

Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start>Run then copy paste the following command into the Run box & click OK "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

"Internet Security 2010" problem - Malware Query_RC
Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
"Internet Security 2010" problem - Malware RC_successful

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

description"Internet Security 2010" problem - Malware EmptyRe: "Internet Security 2010" problem - Malware

more_horiz
Okay, tried to d/l CF and it does the d/l, but once I try to run it it gives me a message saying

"Alert! It is not safe to continue! The contents of CF has been compromised. Please d/l a fresh copy from http//:bleepingcomputer.com/combofix/how-to-use-combofix". You may be infected with a file patching virus 'Virut'.

So I went to bleepingcomputer.com and tried a new copy and it did the same thing twice. I'm not able to go to the Forospyware link, it's being blocked.

description"Internet Security 2010" problem - Malware EmptyRe: "Internet Security 2010" problem - Malware

more_horiz
"Internet Security 2010" problem - Malware Mbamicontw5 Please download Malwarebytes Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

description"Internet Security 2010" problem - Malware EmptyRe: "Internet Security 2010" problem - Malware

more_horiz
I deleted and re-downloaded Malwarebytes and had it look for another update, but got this error message again...

"An error occurred. Please report the following error code to the Malwarebytes Anti-Malware support team.

Error Code: 732(12007,0)"


I went ahead and continued on with the full scan. I'll have the results up as soon as it's finished. Thanks.

description"Internet Security 2010" problem - Malware EmptyRe: "Internet Security 2010" problem - Malware

more_horiz
Okay, here's the MBAM log file.

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

12/21/2009 5:39:10 PM
mbam-log-2009-12-21 (17-39-10).txt

Scan type: Full Scan (C:\|)
Objects scanned: 328183
Time elapsed: 1 hour(s), 25 minute(s), 29 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 3
Registry Keys Infected: 8
Registry Values Infected: 11
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 30

Memory Processes Infected:
C:\WINDOWS\msc.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\FastNetSrv.exe (Backdoor.Bot) -> Unloaded process successfully.

Memory Modules Infected:
c:\WINDOWS\system32\BtwSrv.dll (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\system32\Iasv32.dll (Trojan.Agent) -> Delete on reboot.
c:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\fastnetsrv (Backdoor.Refpron) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\btwsrv (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_BTWSRV (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ias (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_FASTNETSRV (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\buildw (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\ulrn (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\update (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\updatenew (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mbt (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udfa (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mfa (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: streavfg.dll -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\streavfg.dll (Trojan.Vundo.H) -> Delete on reboot.
C:\Documents and Settings\James Kaiser\Local Settings\Temporary Internet Files\Content.IE5\41M7OT63\flash-HQ-plugin[1].45244.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Bodog Casino\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsts.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ndisdrv.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\86.tmp (Malware.Packer) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\VRT7E.tmp (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\wmdtc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BtwSrv.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\lsm32.sys (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6to4v32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Iasv32.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\msa.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\msb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\msc.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\BtwSrv32.dll (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\opeia.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\FastNetSrv.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Documents and Settings\James Kaiser\Local Settings\Temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\James Kaiser\Local Settings\Temp\b.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\James Kaiser\Local Settings\Temp\c.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\James Kaiser\Local Settings\Temp\d.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\James Kaiser\Local Settings\Temp\e.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\James Kaiser\Local Settings\Temp\f.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sshnas.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\Documents and Settings\James Kaiser\Local Settings\Temp\sshnas.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\James Kaiser\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

description"Internet Security 2010" problem - Malware EmptyRe: "Internet Security 2010" problem - Malware

more_horiz
Download SuperAntiSpyware

  • Load SuperAntiSpyware and click the Check for updates button.
  • Once the update is finished click the Scan your computer button.
  • Check Perform Complete Scan and then next.
  • SuperAntiSpyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.

description"Internet Security 2010" problem - Malware EmptyRe: "Internet Security 2010" problem - Malware

more_horiz
Here is the log from the SASW


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/21/2009 at 08:23 PM

Application Version : 4.32.1000

Core Rules Database Version : 4401
Trace Rules Database Version: 2235

Scan type : Complete Scan
Total Scan Time : 00:51:39

Memory items scanned : 495
Memory threats detected : 1
Registry items scanned : 5337
Registry threats detected : 15
File items scanned : 23881
File threats detected : 105

Trojan.Dropper/Gen-C
C:\DOCUME~1\JAMESK~1\LOCALS~1\TEMP\R.EXE
C:\DOCUME~1\JAMESK~1\LOCALS~1\TEMP\R.EXE
[Zeldar] C:\DOCUME~1\JAMESK~1\LOCALS~1\TEMP\R.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\G.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\H.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\I.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\J.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\K.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\L.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\M.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\N.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\O.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\P.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\Q.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\R.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\S.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\T.EXE
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\U.EXE
C:\WINDOWS\Prefetch\R.EXE-3789750E.pf

Adware.HBHelper
HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID

Adware.Tracking Cookie
C:\Documents and Settings\James Kaiser\Cookies\james kaiser@a1.interclick[2].txt
C:\Documents and Settings\James Kaiser\Cookies\james kaiser@ad.yieldmanager[2].txt
C:\Documents and Settings\James Kaiser\Cookies\james kaiser@adserver.adtechus[1].txt
C:\Documents and Settings\James Kaiser\Cookies\james kaiser@enhance[2].txt
C:\Documents and Settings\James Kaiser\Cookies\james kaiser@content.yieldmanager[1].txt
C:\Documents and Settings\James Kaiser\Cookies\james kaiser@dc.tremormedia[1].txt
C:\Documents and Settings\James Kaiser\Cookies\james kaiser@interclick[1].txt
C:\Documents and Settings\James Kaiser\Cookies\james kaiser@ads.mail[2].txt
C:\Documents and Settings\James Kaiser\Cookies\james kaiser@icityfind[1].txt
C:\Documents and Settings\James Kaiser\Cookies\james kaiser@invitemedia[2].txt
C:\Documents and Settings\James Kaiser\Cookies\james kaiser@www.icityfind[1].txt
C:\Documents and Settings\James Kaiser\Cookies\system@overture[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@1904586585.finditquickad[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@statcounter[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@dr.findlinks[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@ticketnetwork.122.2o7[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@www.icityfind[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@monster.gostats[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@interclick[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@ads.undertone[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@viacom.adbureau[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@ybdev.112.2o7[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@www.teennick[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@oneclicklocal[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@a1.interclick[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@as.gostats[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@content.yieldmanager[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@collective-media[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@adcloudmedia[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@ads.thefrisky[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@ads.mail[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@invitemedia[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@server.iad.liveperson[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@vitacost.122.2o7[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@www.roadandtrack[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@click[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@cdn.jemamedia[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@teennick[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@realmedia[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@www.oneclicklocal[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@www.symptomfind[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@dc.tremormedia[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@roadandtrack[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@ads.vidsense[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@snip.www.findstuff[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@accounts[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@finditquick.1904586585.asklots[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@intermundomedia[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@media.samuraimediagroup[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@iacas.adbureau[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@counter.surfcounters[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@2o7[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@adserver.adtechus[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@snip.www.oneclicklocal[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@mmedia.t134[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@stat.dealtime[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@www.burstnet[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@bonniercorp.122.2o7[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@lockedonmedia[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@icityfind[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@www.justclicklocal[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@symptomfind[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@ads.gamersmedia[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@gostats[3].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@gostats[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@snip.www.justclicklocal[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@ad.yieldmanager[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@www.findstuff[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@media6degrees[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@trafficdashboard[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@burstnet[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@top5countdown.mevio[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@e1.cdn.qnsr[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@enhance[1].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@chitika[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@network.realmedia[2].txt
C:\Documents and Settings\James Kaiser\Local Settings\Temp\Cookies\james kaiser@buyersguide.roadandtrack[1].txt

Adware.MyWebSearch/FunWebProducts
HKU\S-1-5-21-4239781055-3274666663-2365450077-1007\SOFTWARE\FunWebProducts

Browser Hijacker.Deskbar
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

Rogue.InternetSecurity2010
HKU\S-1-5-21-4239781055-3274666663-2365450077-1007\Software\IS2010
C:\Program Files\InternetSecurity2010
C:\Documents and Settings\James Kaiser\Application Data\Microsoft\Internet Explorer\Quick Launch\Internet Security 2010.lnk
C:\Documents and Settings\James Kaiser\Desktop\Internet Security 2010.lnk
C:\Documents and Settings\James Kaiser\Start Menu\Internet Security 2010.lnk

Trojan.Agent/Gen-AVP
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\AVP.EXE

Trojan.Agent/Gen-Backdoor[FakeAlert]
C:\DOCUMENTS AND SETTINGS\JAMES KAISER\LOCAL SETTINGS\TEMP\MDM.EXE

Adware.Casino Games (Golden Palace Casino)
C:\PROGRAM FILES\BODOG CASINO\CASINO.EXE

Trojan.Dropper/Sys-NV
C:\WINDOWS\SYSTEM32\IPRIPV32.DLL

Trojan.Agent/Gen
C:\WINDOWS\TEMP\VRT2.TMP

Trojan.Dropper/Win-NV
C:\WINDOWS\TEMP\VRT5.TMP
C:\WINDOWS\TEMP\VRT85.TMP

description"Internet Security 2010" problem - Malware EmptyRe: "Internet Security 2010" problem - Malware

more_horiz
I saw you had applied for GeekPolice Academy. As soon as you get your computer clean, you may join. This will be the easiest way for you to keep going in the academy, instead of worrying about your computer.

Please perform a scan with Kaspersky Online Virus Scanner.
alternate link for scan

  • Before starting your scan, disable antivirus or antispyware software.
  • Read the "Advantages - Requirements and Limitations" then press the ACCEPT... button.
  • You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
  • When the downloads have finished, you should see 'Database is updated. Ready to scan'. Click on the SETTINGS... button.
  • Make sure these boxes are checked. By default, they should be. If not, please check them and click on the SAVE... button afterwards:

    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases:

  • Click on My Computer under the Scan section. OK any warnings from your protection programs.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
  • Click on Save Report As... and change the Files of type to Text file (.txt)
  • Name the file KAVScan_ddmmyy (day, month, year) before clicking on the Save button and save it to your Desktop.
  • Copy and paste the contents of that file in your next reply.

*Note: This scan will not remove any detected file threats but it will show where they are located so they can be cleaned with other tools. Some online scanners will detect existing anti-virus software and they may interfere or stop the scan. If that occurs, disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.

description"Internet Security 2010" problem - Malware EmptyRe: "Internet Security 2010" problem - Malware

more_horiz
C:\WINDOWS\$NtServicePackUninstall$\wabmig.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wbemtest.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wextract.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wiaacmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\winhlp32.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\winver.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wmiadap.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wmiapsrv.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wmiprvse.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wmplayer.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wordpad.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wpabaln.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wpnpinst.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wscntfy.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wscript.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\wuauclt1.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtServicePackUninstall$\xcopy.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB896428$\telnet.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB922582$\fltmc.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB923561$\wordpad.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB923561_0$\wordpad.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB925720$\magnify.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB925720$\narrator.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB925720$\osk.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB925720$\utilman.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB951978$\cscript.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB951978$\wscript.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB952069_WM9$\logagent.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB955839$\tzchange.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB956572$\sc.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB956572$\services.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB956572$\wmiprvse.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB956572_0$\sc.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB956572_0$\services.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB956572_0$\wmiprvse.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB958215_0$\iedw.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB960859$\telnet.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB960859_0$\telnet.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB963027_0$\iedw.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB969897_0$\iedw.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB970653-v3$\tzchange.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB972260_0$\iedw.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallKB976098-v2$\tzchange.exe Suspicious: Type_Win32 1
C:\WINDOWS\$NtUninstallWMFDist11$\logagent.exe Suspicious: Type_Win32 1
C:\WINDOWS\ALCMTR.EXE Suspicious: Type_Win32 1
C:\WINDOWS\amcap533.exe Suspicious: Type_Win32 1
C:\WINDOWS\Help\SBSI\Training\ounins32_s.exe Suspicious: Type_Win32 1
C:\WINDOWS\Help\SBSI\Training\usersid.exe Suspicious: Type_Win32 1
C:\WINDOWS\hh.exe Suspicious: Type_Win32 1
C:\WINDOWS\inf\unregmp2.exe Suspicious: Type_Win32 1
C:\WINDOWS\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe Suspicious: Type_Win32 1
C:\WINDOWS\Installer\{716E0306-8318-4364-8B8F-0CC4E9376BAC}\icon.exe Suspicious: Type_Win32 1
C:\WINDOWS\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe Suspicious: Type_Win32 1
C:\WINDOWS\Installer\{9527A496-5DF9-412A-ADC7-168BA5379CA6}\ARPPRODUCTICON.exe Suspicious: Type_Win32 1
C:\WINDOWS\Installer\{B0DF58A2-40DF-4465-AA56-38623EC9938C}\ARPPRODUCTICON.exe Suspicious: Type_Win32 1

description"Internet Security 2010" problem - Malware EmptyRe: "Internet Security 2010" problem - Malware

more_horiz
C:\WINDOWS\Installer\{B0DF58A2-40DF-4465-AA56-38623EC9938C}\NewShortcut11_759E0B26521F4666BEAF33B31123216E.exe Suspicious: Type_Win32 1
C:\WINDOWS\Installer\{B0DF58A2-40DF-4465-AA56-38623EC9938C}\NewShortcut1_B0DF58A240DF4465AA5638623EC9938C.exe Suspicious: Type_Win32 1
C:\WINDOWS\Installer\{B823632F-3B72-4514-8861-B961CE263224}\psql.exe Suspicious: Type_Win32 1
C:\WINDOWS\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe Suspicious: Type_Win32 1
C:\WINDOWS\IsUninst.exe Suspicious: Type_Win32 1
C:\WINDOWS\iun6002.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe Suspicious: Type_Win32 1
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe Suspicious: Type_Win32 1
C:\WINDOWS\msagent\agentsvr.exe Suspicious: Type_Win32 1
C:\WINDOWS\network diagnostic\xpnetdiag.exe Suspicious: Type_Win32 1
C:\WINDOWS\notepad.exe Suspicious: Type_Win32 1
C:\WINDOWS\pchealth\helpctr\binaries\helpctr.exe Suspicious: Type_Win32 1
C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.exe Suspicious: Type_Win32 1
C:\WINDOWS\pchealth\helpctr\binaries\helpsvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\pchealth\helpctr\binaries\hscupd.exe Suspicious: Type_Win32 1
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe Suspicious: Type_Win32 1
C:\WINDOWS\pchealth\helpctr\binaries\notiflag.exe Suspicious: Type_Win32 1
C:\WINDOWS\pchealth\UploadLB\Binaries\uploadm.exe Suspicious: Type_Win32 1
C:\WINDOWS\regedit.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\accwiz.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\actmovie.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\admin.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\agentsvr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ahui.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\alg.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\at.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\atmadm.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\attrib.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\auditusr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\author.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\blastcln.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\cacls.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\cfgwiz.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\cisvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\cleanmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\cliconfg.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\clipbrd.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\clipsrv.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\cmd.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\cmdl32.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\cmmon32.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\cmstp.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\comrepl.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\comrereg.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\conime.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\cscript.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dcomcnfg.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ddeshare.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\defrag.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dfrgfat.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dfrgntfs.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dialer.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\diantz.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\diskpart.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dllhost.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dmadmin.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dmremote.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dplaysvr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dpnsvr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dpvsetup.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dumprep.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dvdupgrd.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\dwwin.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\eudcedit.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\evntcmd.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\evntwin.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\extrac32.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\faxpatch.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\findstr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\fltmc.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\fontview.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\forcedos.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\fp98sadm.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\fp98swin.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\fpadmcgi.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\fpcount.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\fpremadm.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\fpsrvadm.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\fsquirt.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ftp.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\fxsclnt.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\fxscover.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\fxssvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\grpconv.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\help.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\helpctr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\helpsvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\hh.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\hscupd.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\icwconn1.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\icwconn2.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\icwrmind.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ie4uinit.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\iedw.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\iexpress.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\imapi.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\inetwiz.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ipconfig.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ipv6.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ipxroute.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\irftp.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lang\cintsetp.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lang\cplexe.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lang\imjpdct.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lang\imjpdsvr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lang\imjpinst.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lang\imjpmig.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lang\imjprw.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lang\imjputy.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lang\pintlphr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lang\tintlphr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lang\tintsetp.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lhmstsc.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\locator.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\logman.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\logon.scr Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\logonui.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\lsass.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\magnify.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\makecab.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\migload.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\migregdb.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\migwiz.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\migwiza.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\mmcperf.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\mnmsrvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\mobsync.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\mofcomp.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\mplay32.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\msconfig.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\msdtc.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\mshta.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\msiexec.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\msimn.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\msiregmv.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\msoobe.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\mspaint.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\mstinit.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\mtstocom.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\muisetup.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\napstat.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\narrator.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\nddeapir.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\net.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\net1.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\netdde.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\netsetup.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\netsh.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\netstat.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\notepad.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\nppagent.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\nslookup.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ntvdm.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\odbcad32.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\odbcconf.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\oemig50.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\oobebaln.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\osk.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\packager.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\perfmon.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\pinball.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ping.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\powercfg.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\progman.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\proquota.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\proxycfg.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\qprocess.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\rasphone.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\rcimlby.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\rcp.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\rdpclip.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\rdsaddin.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\rdshost.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\reg.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\regedit.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\regsvr32.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\rexec.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\rsh.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\rstrui.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\rtcshare.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\rundll32.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\runonce.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\savedump.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\scardsvr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\scrcons.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\scrnsave.scr Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\sdbinst.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\services.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\sessmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\sethc.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\setup.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\setup50.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\setupn.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\shmgrate.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\shrpubw.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\shtml.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\shutdown.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\sigverif.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\skeys.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\slrundll.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\slserv.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\smbinst.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\smi2smir.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\smlogsvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\sndrec32.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\snmp.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\snmptrap.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\sort.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\spdwnwxp.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\spider.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\spupdwxp.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ss3dfo.scr Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ssbezier.scr Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ssflwbox.scr Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ssmarque.scr Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ssmypics.scr Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ssmyst.scr Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\sspipes.scr Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ssstars.scr Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\sstext3d.scr Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\stimon.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\stub_fpsrvadm.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\stub_fpsrvwin.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\svchost.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\sysocmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\taskmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\tcptest.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\telnet.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\tourstrt.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\tp4mon.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\tracert.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\tzchange.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\uploadm.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\upnpcont.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\ups.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\userinit.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\utilman.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\verclsid.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\vssvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wab.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wabmig.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wbemtest.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wextract.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wiaacmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\winhlp32.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\winlogon.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\winver.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wmiadap.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wmiapsrv.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wmiprvse.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wordpad.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wpabaln.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wpnpinst.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wscntfy.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wscript.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wuauclt.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\wuauclt1.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\xcopy.exe Suspicious: Type_Win32 1
C:\WINDOWS\ServicePackFiles\i386\xpnetdg.exe Suspicious: Type_Win32 1
C:\WINDOWS\setpwr32.exe Suspicious: Type_Win32 1
C:\WINDOWS\Setup533\OtherDriver\RemoveMSDC.exe Suspicious: Type_Win32 1
C:\WINDOWS\Setup533\OtherDriver\Setup2k.exe Suspicious: Type_Win32 1
C:\WINDOWS\Setup533\Remove.exe Suspicious: Type_Win32 1
C:\WINDOWS\Setup533\XPPlugIn\Setup2k.exe Suspicious: Type_Win32 1
C:\WINDOWS\ShowBmp.exe Suspicious: Type_Win32 1
C:\WINDOWS\slrundll.exe Suspicious: Type_Win32 1
C:\WINDOWS\SOUNDMAN.EXE Suspicious: Type_Win32 1
C:\WINDOWS\system32\accwiz.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\actmovie.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE Suspicious: Type_Win32 1
C:\WINDOWS\system32\ahui.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\alg(3).exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\alg.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\arp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\at.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\atmadm.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\attrib.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\auditusr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\blastcln.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\bootok.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\bootvrfy.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\cacls.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\calc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\charmap.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\chkdsk.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\chkntfs.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\cidaemon.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\cisvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ckcnv.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\cleanmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\cliconfg.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\clipbrd.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\clipsrv.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\cmd.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\cmdl32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\cmmon32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\cmstp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\Com\comrepl.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\Com\comrereg.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\comp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\compact.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\conime.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\convert.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\cscript.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ctfmon.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dcomcnfg.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ddeshare.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\defrag.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dfrgfat.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dfrgntfs.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\diantz.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\diskpart.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\diskperf.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\cscript.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\dlimport.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\logagent.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\mplay32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\printfilterpipelinesvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\sc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\services.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\setup_wm.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\telnet.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\unregmp2.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\wmiprvse.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\wmplayer.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\wordpad.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllcache\wscript.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllhost.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dllhst3g.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dmadmin.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dmremote.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\doskey.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dplaysvr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dpnsvr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dpvsetup.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\drmupgds.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\drwtsn32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dumprep.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dvdplay.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dvdupgrd.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\dwwin.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\esentutl.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\eudcedit.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\eventvwr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\expand.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\extrac32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\faxpatch.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\fc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\find.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\findstr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\finger.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\fltmc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\fontview.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\forcedos.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\freecell.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\fsquirt.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\fsutil.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ftp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\fxsclnt.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\fxscover.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\fxssend.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\fxssvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\grpconv.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\Hdaudpropshortcut.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\help.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\hostname.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ie4uinit.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\iexpress.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\imapi.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ipconfig.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ipsec6.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ipv6.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ipxroute.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\keystone.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\label.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\lights.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\lnkstub.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\locator.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\lodctr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\logagent.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\logman.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\logoff.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\logon.scr Suspicious: Type_Win32 1
C:\WINDOWS\system32\logonui.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\lpq.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\lpr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\lsass(3).exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\magnify.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\makecab.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\migpwd.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\mmcperf.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\mnmsrvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\mobsync.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\mountvol.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\mplay32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\mpnotify.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\mrinfo.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\msdtc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\msg.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\mshearts.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\mshta.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\msiexec.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\mspaint.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\msswchx.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\mstinit.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\mstsc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\napstat.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\narrator.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\nbtstat.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\nddeapir.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\net.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\net1.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\netdde.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\netsetup.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\netsh.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\netstat.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\notepad.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\npp\nppagent.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\nslookup.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ntsd.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ntvdm.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\nvappbar.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\nvcolor.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\nvcplui.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\nvsvc32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\nvudisp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\nvunrm.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\odbcad32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\odbcconf.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\oobe\msoobe.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\oobe\oobebaln.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\osk.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\osuninst.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\packager.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\pathping.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\pentnt.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\perfmon.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ping.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ping6.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\powercfg.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\print.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\progman.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\proquota.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\proxycfg.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\qappsrv.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\qprocess.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\qwinsta.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rasautou.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rasdial.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rasphone.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rcimlby.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rcp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rdpclip.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rdsaddin.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rdshost.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\recover.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\reg.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\regini.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\regsvr32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\regwiz.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\replace.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\reset.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\Restore\rstrui.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\Restore\srdiag.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rexec.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\route.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\routemon.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rsh.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rsm.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rsmsink.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rsmui.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rsvp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rtcshare.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\runas.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rundll32(2).exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rundll32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\runonce.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\rwinsta.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\savedump.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\sc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\scardsvr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\scrnsave.scr Suspicious: Type_Win32 1
C:\WINDOWS\system32\sdbinst.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\sessmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\sethc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\setup.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\setupn.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\sfc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\shadow.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\shmgrate.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\shrpubw.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\shutdown.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\sigverif.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\skeys.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\slrundll.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\slserv.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\smbinst.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\smlogsvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\sndrec32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\sndvol32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\sol.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\sort.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\spdwnwxp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\spider.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\spoolsv(2).exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\spoolsv.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\spupdwxp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ss3dfo.scr Suspicious: Type_Win32 1
C:\WINDOWS\system32\ssbezier.scr Suspicious: Type_Win32 1
C:\WINDOWS\system32\ssflwbox.scr Suspicious: Type_Win32 1
C:\WINDOWS\system32\ssmarque.scr Suspicious: Type_Win32 1
C:\WINDOWS\system32\ssmypics.scr Suspicious: Type_Win32 1
C:\WINDOWS\system32\ssmyst.scr Suspicious: Type_Win32 1
C:\WINDOWS\system32\sspipes.scr Suspicious: Type_Win32 1
C:\WINDOWS\system32\ssstars.scr Suspicious: Type_Win32 1
C:\WINDOWS\system32\sstext3d.scr Suspicious: Type_Win32 1
C:\WINDOWS\system32\stimon.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\subst.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\svchost(3).exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\syncapp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\syskey.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\sysocmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\taskman.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\taskmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\tcmsetup.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\tcpsvcs.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\telnet.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\tftp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\tourstart.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\tracert.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\tracert6.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\tscon.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\tscupgrd.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\tsdiscon.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\tskill.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\tsshutdn.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\tzchange.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\unlodctr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\upnpcont.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\ups.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\URTTemp\regtlib.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\userinit.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\usmt\migload.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\usmt\migwiz.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\usmt\migwiza.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\usmt\migwiz_a.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\usrmlnka.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\usrprbda.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\usrshuta.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\utilman.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\uwdf.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\verclsid.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\verifier.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\vssadmin.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\vssvc.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\w32tm.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wbem\mofcomp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wbem\scrcons.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wbem\unsecapp.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wbem\wbemtest.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wbem\winmgmt.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wbem\wmiadap.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wbem\wmiapsrv.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wbem\wmiprvse.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wdfmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wextract.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wiaacmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\winhlp32.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\winmine.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\winmsd.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\winver.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wpabaln.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wpdshextautoplay.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wpnpinst.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\write.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wscntfy.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wscript.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wuauclt1.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\wupdmgr.exe Suspicious: Type_Win32 1
C:\WINDOWS\system32\xcopy.exe Suspicious: Type_Win32 1
C:\WINDOWS\TASKMAN.EXE Suspicious: Type_Win32 1
C:\WINDOWS\Temp\VRT1.tmp Infected: Trojan.Win32.Koblu.bpd 1
C:\WINDOWS\twunk_32.exe Suspicious: Type_Win32 1
C:\WINDOWS\winhlp32.exe Suspicious: Type_Win32 1

Selected area has been scanned.

description"Internet Security 2010" problem - Malware EmptyRe: "Internet Security 2010" problem - Malware

more_horiz
Wow, I thought I'd never get done with that! Shocking Whoa

I've had two kids and changed addresses three times since I started that scan! LMBO or ROFL

description"Internet Security 2010" problem - Malware EmptyRe: "Internet Security 2010" problem - Malware

more_horiz
Your computer is infected with a dangerous infection:
http://www.helpmyos.com/malware-threat-removal-f6/virut-information-t879.htm

We have hit a dead end. Please tell me when you have completed a reformat and reinstall.

I am sorry for the bad news. I do not understand why these mean people make such harsh viruses, and I wish there was a way to clean your system without everything being damaged. But, the problem is, cleaning the system, most files will be damaged. It is like trying to clean up a city that just had a tornado or hurricane run through it. Takes rebuilding, and time to set back up. All of those files listed as suspicious are fully legitimate system files that are infected. This is nȯne other than Virut.

description"Internet Security 2010" problem - Malware EmptyRe: "Internet Security 2010" problem - Malware

more_horiz
Ouch! Let me think

But okay, I can deal with that. Just one question. I'm going to save my pictures (just ones of family and friends). Is it going to be alright to restore these once I've reformatted and reinstalled? Should I run them through a program first before I do? If so, what program?

By the way, even though it ended up bad news, I really appreciate your help and this website. I've already signed up for the academy and hopefully will be able to give back. Big Grin

description"Internet Security 2010" problem - Malware EmptyRe: "Internet Security 2010" problem - Malware

more_horiz
Scan them with Jotti. If they come back uninfected, then they are fine and can be moved safely.

Jotti File Submission:
  • Please go to Jotti's malware scan

  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:

    • C:\WINDOWS\SYSTEM\AnyFile.jpg


  • Click on the submit button

description"Internet Security 2010" problem - Malware EmptyRe: "Internet Security 2010" problem - Malware

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum