I have a real bad Trojan problem. [F]

[Formerly the latter]

Run a full scan on all the partitions of your computer with a reliable anti-virus program. Post up if it finds anything.

[Formerly the latter]

How is this coming along?

[WasTech]

Hey,

Not so good. I think I still have a virus/worm. It just doesn't work right I get errors to send to MS. I can't install Zalarm it has a diff error. I go to start/programs and then programs dissappear. That one really makes me think I have one but so far comp isn't slow like it was. When I reforamatted windows partition and started to install XP I got an error about corrupt file so I hit retry and it worked but Win just aint acting right.

Hjack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:39:47 PM, on 6/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Dogpile Web Search Home Page
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MicroSys-CheckAjour] D:\Program Files\Micro-Sys Software\Ajour\ChkAjour.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

--
End of file - 2562 bytes

[Formerly the latter]

This is starting to sound like hard drive failure. You said you reformatted the system right, and it still doesn't work right? Who's the manufacturer of your hard drive?

[WasTech]

Brand new WD 640GB SATA 3.0

BTW: My WinXP Pro is a SP1 disc then I upgrade to SP2.

Here is the Combo Fix log:

ComboFix 08-06-19.2 - Ed 2008-06-23 22:56:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1677 [GMT -4:00]
Running from: D:\Good Apps2\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-05-24 to 2008-06-24 )))))))))))))))))))))))))))))))
.

2008-06-23 22:39 . 2008-06-23 22:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-23 22:32 . 2006-08-21 05:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-06-23 22:32 . 2006-08-21 05:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-06-23 22:32 . 2006-08-21 08:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-06-23 16:46 . 2008-06-23 16:46 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-06-23 16:46 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-06-23 16:46 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-06-23 16:46 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-06-23 16:46 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-06-23 16:46 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-06-23 16:46 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-06-23 15:09 . 2007-02-28 05:10 2,180,352 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-06-23 15:09 . 2007-02-28 05:08 2,136,064 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-06-23 15:09 . 2007-02-28 04:38 2,057,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-06-23 15:09 . 2006-03-16 20:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-06-23 15:06 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-23 15:05 . 2007-07-09 09:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-06-23 02:42 . 2008-06-23 22:33 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-23 02:41 . 2008-06-23 02:41 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-23 02:18 . 2008-06-23 02:18 <DIR> d---s---- C:\Documents and Settings\Ed\UserData
2008-06-21 02:21 . 2008-06-21 02:21 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\Share-to-Web Upload Folder
2008-06-21 02:21 . 2004-10-07 21:16 35,840 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-06-21 02:20 . 2008-06-21 02:21 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-06-21 02:20 . 2008-06-21 02:20 34 --a------ C:\WINDOWS\hpfsched.ini
2008-06-21 02:13 . 2008-06-21 02:13 <DIR> d-------- C:\WINDOWS\system32\data
2008-06-21 02:12 . 2008-06-21 02:12 <DIR> d-------- C:\Program Files\scar5
2008-06-21 02:12 . 2008-06-21 02:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\scar5
2008-06-21 01:57 . 2008-06-21 01:57 <DIR> d-------- C:\Program Files\MSConfig CleanUp
2008-06-21 01:49 . 2008-06-21 01:49 <DIR> d-------- C:\Program Files\VIA
2008-06-21 01:48 . 2008-06-21 01:48 <DIR> d-------- C:\Program Files\Analog Devices
2008-06-21 01:46 . 2004-06-24 11:00 6,656 --a------ C:\WINDOWS\system32\drivers\AsProbe.sys
2008-06-21 01:45 . 2008-06-21 01:48 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-06-21 01:45 . 2008-06-21 01:49 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-06-21 01:45 . 2004-02-27 00:00 962,612 --a------ C:\WINDOWS\system32\mfc42d.dll
2008-06-21 01:45 . 2004-02-17 00:00 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2008-06-21 01:45 . 2005-01-28 16:44 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll
2008-06-21 01:45 . 2004-09-07 11:41 5,120 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2008-06-21 01:45 . 2004-10-14 17:52 4,962 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys
2008-06-21 01:45 . 2004-03-10 14:31 3,328 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2008-06-21 01:36 . 2008-06-21 01:36 <DIR> d-------- C:\Program Files\HP Photosmart 11
2008-06-21 01:33 . 2008-06-21 01:33 <DIR> d-------- C:\WINDOWS\system32\Viewers
2008-06-21 01:33 . 2008-06-21 01:33 <DIR> d-------- C:\Program Files\MSWorks
2008-06-21 01:33 . 2008-06-21 01:33 1,409 --a------ C:\WINDOWS\system\arnari.FOT
2008-06-21 01:33 . 2008-06-21 01:33 1,409 --a------ C:\WINDOWS\system\arnar.FOT
2008-06-21 01:31 . 2008-06-21 01:31 <DIR> d-------- C:\Program Files\Microsoft Works 4.5
2008-06-21 01:27 . 2008-06-23 22:53 <DIR> d-------- C:\Program Files\ASUS
2008-06-21 01:27 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe
2008-06-21 01:27 . 1997-04-22 10:16 6,272 --a------ C:\WINDOWS\system32\drivers\ASLM75.SYS
2008-06-21 01:25 . 2004-01-28 04:21 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-06-21 01:25 . 2008-06-21 01:25 2,914 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-06-21 01:24 . 2008-06-21 01:24 376 --a------ C:\WINDOWS\ODBC.INI
2008-06-21 01:18 . 2008-06-21 01:18 <DIR> d-------- C:\WINDOWS\ShellNew
2008-06-21 01:17 . 2008-06-21 01:17 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\Microsoft Web Folders
2008-06-20 23:41 . 2008-06-20 23:41 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-20 23:23 . 2008-06-20 23:23 <DIR> d-------- C:\Program Files\SANDISK
2008-06-20 23:23 . 2008-06-20 23:23 <DIR> d-------- C:\Program Files\Common Files\Shuttle Technology
2008-06-20 23:23 . 2000-03-21 00:46 84,240 --a------ C:\WINDOWS\system32\drivers\SCMENUM.SYS
2008-06-20 23:23 . 2000-05-25 03:32 24,064 --a------ C:\WINDOWS\system32\STLHOOK.DLL
2008-06-20 23:23 . 2000-06-03 02:57 13,806 --a------ C:\WINDOWS\system32\drivers\STLTRK2K.SYS
2008-06-20 23:22 . 2008-06-20 23:22 <DIR> d-------- C:\Documents and Settings\Ed\WINDOWS
2008-06-20 23:22 . 1997-08-01 12:41 254,464 --a------ C:\WINDOWS\UNINST16.EXE
2008-06-20 23:22 . 1995-07-13 18:43 26,768 --a------ C:\WINDOWS\system\CTL3D.DLL
2008-06-20 23:19 . 2008-06-23 14:59 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-20 23:19 . 2008-06-20 23:19 <DIR> d-------- C:\Program Files\AVG
2008-06-20 23:19 . 2008-06-20 23:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-20 23:19 . 2008-06-20 23:19 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-20 23:19 . 2008-06-20 23:19 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-20 23:19 . 2008-06-20 23:19 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-20 23:14 . 2008-06-20 23:14 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-06-20 23:09 . 2008-06-20 23:09 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-20 23:09 . 2004-08-04 00:56 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2008-06-20 23:08 . 2008-06-20 23:08 <DIR> d-------- C:\WINDOWS\EHome
2008-06-20 23:08 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-20 23:08 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002224_.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-21 05:17 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
.

------- Sigcheck -------

2005-03-01 21:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2003-03-31 10:00 2042240 b9080d97dbd631aadf9128f7316958d2 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-03 23:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-01 20:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 05:10 2180352 a97f3359a8b513500c66988cf36b7ec3 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-08-03 23:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2007-02-28 05:10 2180352 a97f3359a8b513500c66988cf36b7ec3 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c 532d077de7c89a212bd8df8\sp2gdr\ntoskrnl.exe
2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c 532d077de7c89a212bd8df8\sp2qfe\ntoskrnl.exe
2005-03-01 20:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb01 1c281dea1cb7a45f880da78\sp2gdr\ntoskrnl.exe
2005-03-01 21:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb01 1c281dea1cb7a45f880da78\sp2qfe\ntoskrnl.exe
2007-02-28 05:10 2180352 a97f3359a8b513500c66988cf36b7ec3 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 05:10 2180352 a97f3359a8b513500c66988cf36b7ec3 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MicroSys-CheckAjour"="D:\Program Files\Micro-Sys Software\Ajour\ChkAjour.exe" [2004-10-30 14:04 482816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-20 23:19 1177368]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 09:11 925696]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 11:50 155648]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-20 23:19]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-20 23:19]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-20 23:19]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-20 23:19]
R3 epcfw2k;SCM Parallel Port CF Driver;C:\WINDOWS\system32\DRIVERS\epcfw2k.sys [2001-08-17 09:50]
S3 SCMENUM;SCM EEPROM Eraser;C:\WINDOWS\system32\Drivers\scmenum.sys [2000-03-21 00:46]

*Newly Created Service* - CATCHME
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-23 22:56:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-06-23 22:57:15
ComboFix-quarantined-files.txt 2008-06-24 02:57:13

Pre-Run: 116,829,777,920 bytes free
Post-Run: 116,874,838,016 bytes free

149 --- E O F --- 2008-06-24 02:34:10

[Formerly the latter]

Step1 | ComboFix Script

1. Please open Notepad

• Click Start, then Run
• Type "notepad.exe" in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
C:\WINDOWS\002224_.tmp

3. Then in the text file go to FILE => SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply

Step2 | Kasperky WebScanner

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then begin downloading the latest definition files:
• Once the files have been downloaded click on NEXT
  
• Now click on Scan Settings
• In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (if available otherwise Standard)
  • Scan Options:
  • Scan Archives
    Scan Mail Bases
• Click OK
• Now under select a target to scan:
  • Select My Computer
• This will program will start and scan your system.
• The scan will take a while so be patient and let it run.
• Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
• Save the file to your desktop.
• Copy and paste that information in your next post.

Step3 | MBAM Scan

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Logs Required In Next Post
--------------------------------

ComboFix (CFScript) Log
Kasperky WebScanner Log
MBAM Malware Scan Log

[WasTech]

Hi,

So this means It's still infected, right?

We're getting a bad storm where I live so I probably won't be able to finish this tonight if I can I will.

[Formerly the latter]

Thanks, and yeah I'm just doing some final checking

[WasTech]

ComboFix log:

ComboFix 08-06-19.2 - Ed 2008-06-24 13:36:44.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1675 [GMT -4:00]
Running from: D:\Good Apps2\ComboFix.exe
Command switches used :: D:\Trojans suck\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\002224_.tmp
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\002224_.tmp

.
((((((((((((((((((((((((( Files Created from 2008-05-24 to 2008-06-24 )))))))))))))))))))))))))))))))
.

2008-06-23 23:04 . 2008-06-24 13:29 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-06-23 22:39 . 2008-06-23 22:39 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-23 22:32 . 2006-08-21 05:14 128,896 -----c--- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-06-23 22:32 . 2006-08-21 05:14 23,040 -----c--- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-06-23 22:32 . 2006-08-21 08:21 16,896 -----c--- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-06-23 16:46 . 2008-06-23 16:46 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-06-23 16:46 . 2004-07-26 17:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-06-23 16:46 . 2004-07-26 17:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-06-23 16:46 . 2004-07-26 17:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-06-23 16:46 . 2004-07-26 17:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-06-23 16:46 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-06-23 16:46 . 2000-06-26 11:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-06-23 15:09 . 2007-02-28 05:10 2,180,352 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-06-23 15:09 . 2007-02-28 05:08 2,136,064 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-06-23 15:09 . 2007-02-28 04:38 2,057,600 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-06-23 15:09 . 2006-03-16 20:38 28,672 --------- C:\WINDOWS\system32\verclsid.exe
2008-06-23 15:06 . 2008-06-13 09:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-23 15:05 . 2007-07-09 09:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-06-23 02:42 . 2008-06-23 22:33 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-23 02:41 . 2008-06-23 02:41 <DIR> d--h----- C:\$AVG8.VAULT$
2008-06-23 02:18 . 2008-06-23 02:18 <DIR> d---s---- C:\Documents and Settings\Ed\UserData
2008-06-21 02:21 . 2008-06-21 02:21 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\Share-to-Web Upload Folder
2008-06-21 02:21 . 2004-10-07 21:16 35,840 --a------ C:\WINDOWS\system32\drivers\AFS2K.SYS
2008-06-21 02:20 . 2008-06-21 02:21 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-06-21 02:20 . 2008-06-21 02:20 34 --a------ C:\WINDOWS\hpfsched.ini
2008-06-21 02:13 . 2008-06-21 02:13 <DIR> d-------- C:\WINDOWS\system32\data
2008-06-21 02:12 . 2008-06-21 02:12 <DIR> d-------- C:\Program Files\scar5
2008-06-21 02:12 . 2008-06-21 02:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\scar5
2008-06-21 01:57 . 2008-06-21 01:57 <DIR> d-------- C:\Program Files\MSConfig CleanUp
2008-06-21 01:49 . 2008-06-21 01:49 <DIR> d-------- C:\Program Files\VIA
2008-06-21 01:48 . 2008-06-21 01:48 <DIR> d-------- C:\Program Files\Analog Devices
2008-06-21 01:46 . 2004-06-24 11:00 6,656 --a------ C:\WINDOWS\system32\drivers\AsProbe.sys
2008-06-21 01:45 . 2008-06-21 01:48 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-06-21 01:45 . 2008-06-21 01:49 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-06-21 01:45 . 2004-02-27 00:00 962,612 --a------ C:\WINDOWS\system32\mfc42d.dll
2008-06-21 01:45 . 2004-02-17 00:00 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2008-06-21 01:45 . 2005-01-28 16:44 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll
2008-06-21 01:45 . 2004-09-07 11:41 5,120 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2008-06-21 01:45 . 2004-10-14 17:52 4,962 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys
2008-06-21 01:45 . 2004-03-10 14:31 3,328 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2008-06-21 01:36 . 2008-06-21 01:36 <DIR> d-------- C:\Program Files\HP Photosmart 11
2008-06-21 01:33 . 2008-06-21 01:33 <DIR> d-------- C:\WINDOWS\system32\Viewers
2008-06-21 01:33 . 2008-06-21 01:33 <DIR> d-------- C:\Program Files\MSWorks
2008-06-21 01:33 . 2008-06-21 01:33 1,409 --a------ C:\WINDOWS\system\arnari.FOT
2008-06-21 01:33 . 2008-06-21 01:33 1,409 --a------ C:\WINDOWS\system\arnar.FOT
2008-06-21 01:31 . 2008-06-21 01:31 <DIR> d-------- C:\Program Files\Microsoft Works 4.5
2008-06-21 01:27 . 2008-06-23 22:53 <DIR> d-------- C:\Program Files\ASUS
2008-06-21 01:27 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe
2008-06-21 01:27 . 1997-04-22 10:16 6,272 --a------ C:\WINDOWS\system32\drivers\ASLM75.SYS
2008-06-21 01:25 . 2004-01-28 04:21 5,824 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-06-21 01:25 . 2008-06-21 01:25 2,914 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-06-21 01:24 . 2008-06-21 01:24 376 --a------ C:\WINDOWS\ODBC.INI
2008-06-21 01:18 . 2008-06-21 01:18 <DIR> d-------- C:\WINDOWS\ShellNew
2008-06-21 01:17 . 2008-06-21 01:17 <DIR> d-------- C:\Documents and Settings\Ed\Application Data\Microsoft Web Folders
2008-06-20 23:41 . 2008-06-20 23:41 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-20 23:23 . 2008-06-20 23:23 <DIR> d-------- C:\Program Files\SANDISK
2008-06-20 23:23 . 2008-06-20 23:23 <DIR> d-------- C:\Program Files\Common Files\Shuttle Technology
2008-06-20 23:23 . 2000-03-21 00:46 84,240 --a------ C:\WINDOWS\system32\drivers\SCMENUM.SYS
2008-06-20 23:23 . 2000-05-25 03:32 24,064 --a------ C:\WINDOWS\system32\STLHOOK.DLL
2008-06-20 23:23 . 2000-06-03 02:57 13,806 --a------ C:\WINDOWS\system32\drivers\STLTRK2K.SYS
2008-06-20 23:22 . 2008-06-20 23:22 <DIR> d-------- C:\Documents and Settings\Ed\WINDOWS
2008-06-20 23:22 . 1997-08-01 12:41 254,464 --a------ C:\WINDOWS\UNINST16.EXE
2008-06-20 23:22 . 1995-07-13 18:43 26,768 --a------ C:\WINDOWS\system\CTL3D.DLL
2008-06-20 23:19 . 2008-06-24 13:30 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-06-20 23:19 . 2008-06-20 23:19 <DIR> d-------- C:\Program Files\AVG
2008-06-20 23:19 . 2008-06-24 12:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-06-20 23:19 . 2008-06-20 23:19 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-06-20 23:19 . 2008-06-20 23:19 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-06-20 23:19 . 2008-06-20 23:19 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-06-20 23:14 . 2008-06-20 23:14 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-06-20 23:09 . 2008-06-20 23:09 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-20 23:09 . 2004-08-04 00:56 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2008-06-20 23:08 . 2008-06-20 23:08 <DIR> d-------- C:\WINDOWS\EHome
2008-06-20 23:08 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-24 17:28 37,476 ----a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2008_06_24_12_47_21_small.dmp.zi p
2008-06-24 17:28 11,700,053 ----a-w C:\WINDOWS\Internet Logs\zlclient_on_demand_2008_06_24_12_47_04_full.d mp.zip
2008-06-21 05:17 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
.

------- Sigcheck -------

2005-03-01 21:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2003-03-31 10:00 2042240 b9080d97dbd631aadf9128f7316958d2 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-03 23:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-01 20:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 05:10 2180352 a97f3359a8b513500c66988cf36b7ec3 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2004-08-03 23:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2007-02-28 05:10 2180352 a97f3359a8b513500c66988cf36b7ec3 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c 532d077de7c89a212bd8df8\sp2gdr\ntoskrnl.exe
2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c 532d077de7c89a212bd8df8\sp2qfe\ntoskrnl.exe
2005-03-01 20:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb01 1c281dea1cb7a45f880da78\sp2gdr\ntoskrnl.exe
2005-03-01 21:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb01 1c281dea1cb7a45f880da78\sp2qfe\ntoskrnl.exe
2007-02-28 05:10 2180352 a97f3359a8b513500c66988cf36b7ec3 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 05:10 2180352 a97f3359a8b513500c66988cf36b7ec3 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-23_22.57.08.42 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-24 02:37:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-24 17:28:31 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2006-08-24 03:37:52 796,584 ----a-w C:\WINDOWS\system32\libeay32_0.9.6l.dll
+ 2006-08-24 03:37:58 83,960 ----a-w C:\WINDOWS\system32\vsdata.dll
+ 2006-08-24 03:38:36 392,824 ----a-w C:\WINDOWS\system32\vsdatant.sys
+ 2006-08-24 03:38:00 157,688 ----a-w C:\WINDOWS\system32\vsinit.dll
+ 2006-08-24 03:38:00 104,440 ----a-w C:\WINDOWS\system32\vsmonapi.dll
+ 2006-08-24 03:38:02 268,280 ----a-w C:\WINDOWS\system32\vspubapi.dll
+ 2006-08-24 03:38:02 71,672 ----a-w C:\WINDOWS\system32\vsregexp.dll
+ 2006-08-24 03:38:04 440,312 ----a-w C:\WINDOWS\system32\vsutil.dll
+ 2006-08-24 03:38:04 59,384 ----a-w C:\WINDOWS\system32\vswmi.dll
+ 2006-08-24 03:38:04 100,344 ----a-w C:\WINDOWS\system32\vsxml.dll
+ 2006-08-24 03:38:06 83,960 ----a-w C:\WINDOWS\system32\zlcomm.dll
+ 2006-08-24 03:38:06 71,672 ----a-w C:\WINDOWS\system32\zlcommdb.dll
+ 2008-06-24 03:06:53 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2006-08-24 03:37:46 112,632 ----a-w C:\WINDOWS\system32\ZoneLabs\camupd.dll
+ 2004-01-30 16:35:08 813,568 ----a-w C:\WINDOWS\system32\ZoneLabs\dbghelp.dll
+ 2006-08-24 03:37:48 129,016 ----a-w C:\WINDOWS\system32\ZoneLabs\fbl.dll
+ 2006-08-24 03:37:50 38,912 ----a-w C:\WINDOWS\system32\ZoneLabs\featuremap.dll
+ 2006-08-24 03:38:40 26,536 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zlsvc.zip.dll
+ 2006-08-24 03:38:40 1,361,832 ----a-w C:\WINDOWS\system32\ZoneLabs\lib\zpy.zip.dll
+ 2006-08-24 03:40:52 30,720 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\rpc_server\rp c_server.dll
+ 2006-08-24 03:40:52 30,744 ----a-w C:\WINDOWS\system32\ZoneLabs\plugins\vsmon_plugin\ vsmon_plugin.dll
+ 2006-08-03 05:53:28 677,872 ----a-w C:\WINDOWS\system32\ZoneLabs\qrbase.dll
+ 2006-08-03 05:53:28 641,008 ----a-w C:\WINDOWS\system32\ZoneLabs\qrsrecl.dll
+ 2006-08-24 03:37:54 169,976 ----a-w C:\WINDOWS\system32\ZoneLabs\scheduler.dll
+ 2006-05-31 19:51:00 1,228,606 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2006-08-03 05:53:30 1,308,656 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.dll
+ 2006-08-03 05:53:32 29,680 ----a-w C:\WINDOWS\system32\ZoneLabs\srescan.sys
+ 2006-08-24 03:37:56 456,696 ----a-w C:\WINDOWS\system32\ZoneLabs\ssleay32.dll
+ 2006-08-24 03:40:54 206,864 ----a-w C:\WINDOWS\system32\ZoneLabs\streamapi\httpblocker \httpblocker.dll
+ 2006-07-13 06:42:56 866,288 ----a-w C:\WINDOWS\system32\ZoneLabs\updating.dll
+ 2006-08-24 03:38:26 124,920 ----a-w C:\WINDOWS\system32\ZoneLabs\updclient.exe
+ 2006-08-24 03:37:58 104,440 ----a-w C:\WINDOWS\system32\ZoneLabs\vsavpro.dll
+ 2006-08-24 03:38:00 79,864 ----a-w C:\WINDOWS\system32\ZoneLabs\vsdb.dll
+ 2006-08-24 03:38:26 75,768 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+ 2006-08-24 03:38:00 2,013,176 ----a-w C:\WINDOWS\system32\ZoneLabs\vsmondll.dll
+ 2006-08-24 03:38:02 1,316,856 ----a-w C:\WINDOWS\system32\ZoneLabs\vsruledb.dll
+ 2006-08-24 03:38:04 243,704 ----a-w C:\WINDOWS\system32\ZoneLabs\vsvault.dll
+ 2006-05-31 19:51:00 1,228,606 ----a-w C:\WINDOWS\system32\ZoneLabs\zlasdbup.dat
+ 2006-08-24 03:38:08 178,168 ----a-w C:\WINDOWS\system32\ZoneLabs\zlparser.dll
+ 2006-08-24 03:38:08 79,872 ----a-w C:\WINDOWS\system32\ZoneLabs\zlquarantine.dll
+ 2006-08-24 03:38:10 251,896 ----a-w C:\WINDOWS\system32\ZoneLabs\zlsre.dll
+ 2006-08-24 03:38:10 124,920 ----a-w C:\WINDOWS\system32\ZoneLabs\zlupdate.dll
+ 2006-08-24 03:38:18 1,087,480 ----a-w C:\WINDOWS\system32\ZoneLabs\zpy.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MicroSys-CheckAjour"="D:\Program Files\Micro-Sys Software\Ajour\ChkAjour.exe" [2004-10-30 14:04 482816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-06-20 23:19 1177368]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 15:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 09:11 925696]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 11:50 155648]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
"Zone Labs Client"="D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 23:38 968696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-06-20 23:19]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-06-20 23:19]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-06-20 23:19]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-06-20 23:19]
R3 epcfw2k;SCM Parallel Port CF Driver;C:\WINDOWS\system32\DRIVERS\epcfw2k.sys [2001-08-17 09:50]
S3 SCMENUM;SCM EEPROM Eraser;C:\WINDOWS\system32\Drivers\scmenum.sys [2000-03-21 00:46]

*Newly Created Service* - HTTPFILTER
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-24 13:37:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-06-24 13:37:42
ComboFix-quarantined-files.txt 2008-06-24 17:37:40
ComboFix2.txt 2008-06-24 02:57:15

Pre-Run: 116,783,616,000 bytes free
Post-Run: 116,781,654,016 bytes free

218 --- E O F --- 2008-06-24 02:34:10

[WasTech]

I had to do this one next. As you can see it found something. Am I clear now? They all scan 2nd partitions don't they? Why not do a full scan? At this time I'm getting errors with IE on Kaspersky site as soon as I can get there I will post. I use IE 6.0 I don't like 7.0

Mbam log:

Malwarebytes' Anti-Malware 1.18
Database version: 886

2:24:15 PM 6/24/2008
mbam-log-6-24-2008 (14-24-15).txt

Scan type: Quick Scan
Objects scanned: 36223
Time elapsed: 1 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\AUTOEXEC.BAT (Trojan.Agent) -> Quarantined and deleted successfully.