TheTechGuide Forum

General Category => Tech Clinic => Topic started by: Guest_tektok3_* on September 05, 2005, 11:43:59 AM

Title: More win32 problems
Post by: Guest_tektok3_* on September 05, 2005, 11:43:59 AM

I am having win32 problems, as well as the smartsecurity desktop. Also, I have cox internet and am using their firewall, antivirus, etc. What do you think of the coxware? The smartsecurity desktop showed up after I started using the package from cox, and I wonder if it downloaded with the cox stuff. Should I get rid of the cox stuff, and use something else?

Here is my log:

 Logfile of HijackThis v1.99.1
Scan saved at 11:37:08 AM, on 9/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\atldi32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\atlxm32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\lexpps.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gjegs.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gjegs.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\gjegs.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\gjegs.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\gjegs.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gjegs.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\gjegs.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com (http://\"http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\AUserInit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {BD9CF1BA-C149-7FD6-0BF4-CE2A97CF0E4F} - C:\WINDOWS\sdklz32.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [InstaFinderK] C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
O4 - HKLM\..\Run: [explorer.exe] C:\WINDOWS\explorer.exe
O4 - HKLM\..\Run: [d3ty32.exe] C:\WINDOWS\system32\d3ty32.exe
O4 - HKLM\..\Run: [ntrd.exe] C:\WINDOWS\ntrd.exe
O4 - HKLM\..\Run: [mfcya32.exe] C:\WINDOWS\mfcya32.exe
O4 - HKLM\..\Run: [netkg32.exe] C:\WINDOWS\system32\netkg32.exe
O4 - HKLM\..\Run: [mfcgo32.exe] C:\WINDOWS\system32\mfcgo32.exe
O4 - HKLM\..\Run: [ieui32.exe] C:\WINDOWS\ieui32.exe
O4 - HKLM\..\Run: [d3hq32.exe] C:\WINDOWS\d3hq32.exe
O4 - HKLM\..\Run: [ipbf32.exe] C:\WINDOWS\system32\ipbf32.exe
O4 - HKLM\..\Run: [appwg32.exe] C:\WINDOWS\appwg32.exe
O4 - HKLM\..\Run: [cruu.exe] C:\WINDOWS\system32\cruu.exe
O4 - HKLM\..\Run: [d3ne.exe] C:\WINDOWS\system32\d3ne.exe
O4 - HKLM\..\Run: [sdkqp.exe] C:\WINDOWS\system32\sdkqp.exe
O4 - HKLM\..\Run: [d3mr32.exe] C:\WINDOWS\system32\d3mr32.exe
O4 - HKLM\..\Run: [atltm32.exe] C:\WINDOWS\atltm32.exe
O4 - HKLM\..\Run: [crfq32.exe] C:\WINDOWS\system32\crfq32.exe
O4 - HKLM\..\Run: [sdkzd32.exe] C:\WINDOWS\sdkzd32.exe
O4 - HKLM\..\Run: [sdksi.exe] C:\WINDOWS\sdksi.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124573388\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [atlxm32.exe] C:\WINDOWS\atlxm32.exe
O4 - HKLM\..\Run: [apida.exe] C:\WINDOWS\apida.exe
O4 - HKLM\..\Run: [javajm32.exe] C:\WINDOWS\system32\javajm32.exe
O4 - HKLM\..\Run: [winpl.exe] C:\WINDOWS\system32\winpl.exe
O4 - HKLM\..\Run: [systf32.exe] C:\WINDOWS\system32\systf32.exe
O4 - HKLM\..\Run: [sdkpm.exe] C:\WINDOWS\system32\sdkpm.exe
O4 - HKLM\..\Run: [appws32.exe] C:\WINDOWS\system32\appws32.exe
O4 - HKLM\..\Run: [Upp] C:\WINDOWS\Qab.exe
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [Systemos Restart] Rundll32.exe pifn.dll, DllRegisterServer
O4 - HKLM\..\Run: [Mbg] C:\WINDOWS\System32\Ohg.exe
O4 - HKLM\..\Run: [Tgv] C:\WINDOWS\System32\Ted.exe
O4 - HKLM\..\Run: [Etc] C:\WINDOWS\Sea.exe
O4 - HKLM\..\Run: [Noh] C:\WINDOWS\Cri.exe
O4 - HKLM\..\Run: [Nlq] C:\WINDOWS\Hft.exe
O4 - HKLM\..\Run: [Dfl] C:\WINDOWS\System32\Uuj.exe
O4 - HKLM\..\Run: [Epm] C:\WINDOWS\Uni.exe
O4 - HKLM\..\Run: [Gai] C:\WINDOWS\System32\Sgf.exe
O4 - HKLM\..\Run: [Nbh] C:\WINDOWS\Hpr.exe
O4 - HKLM\..\Run: [Dig] C:\WINDOWS\Rer.exe
O4 - HKLM\..\Run: [Hrp] C:\WINDOWS\System32\Cci.exe
O4 - HKLM\..\Run: [Vic] C:\WINDOWS\System32\Poo.exe
O4 - HKLM\..\Run: [Mit] C:\WINDOWS\Ljt.exe
O4 - HKLM\..\Run: [Jji] C:\WINDOWS\Ilc.exe
O4 - HKLM\..\Run: [Thd] C:\WINDOWS\Rkm.exe
O4 - HKLM\..\Run: [Cfn] C:\WINDOWS\System32\Ecc.exe
O4 - HKLM\..\Run: [Qpt] C:\WINDOWS\System32\Nqr.exe
O4 - HKLM\..\Run: [Qob] C:\WINDOWS\Eom.exe
O4 - HKLM\..\Run: [Duc] C:\WINDOWS\Elr.exe
O4 - HKLM\..\Run: [Alp] C:\WINDOWS\Dre.exe
O4 - HKLM\..\Run: [Mog] C:\WINDOWS\System32\Alk.exe
O4 - HKLM\..\Run: [Nmp] C:\WINDOWS\Nnl.exe
O4 - HKLM\..\Run: [Dmg] C:\WINDOWS\System32\Srs.exe
O4 - HKLM\..\Run: [Hoi] C:\WINDOWS\System32\Fuh.exe
O4 - HKLM\..\Run: [Ruk] C:\WINDOWS\Hvq.exe
O4 - HKLM\..\Run: [Pad] C:\WINDOWS\System32\Bun.exe
O4 - HKLM\..\Run: [Tti] C:\WINDOWS\Lua.exe
O4 - HKLM\..\Run: [Mvk] C:\WINDOWS\Udn.exe
O4 - HKLM\..\Run: [Hcr] C:\WINDOWS\System32\Uel.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\Sha.exe
O4 - HKLM\..\Run: [Cnr] C:\WINDOWS\System32\Erc.exe
O4 - HKLM\..\Run: [Gcs] C:\WINDOWS\System32\Utn.exe
O4 - HKLM\..\Run: [Mom] C:\WINDOWS\System32\Bah.exe
O4 - HKLM\..\Run: [Vou] C:\WINDOWS\System32\Svn.exe
O4 - HKLM\..\Run: [Ifa] C:\WINDOWS\System32\Jea.exe
O4 - HKLM\..\Run: [Imu] C:\WINDOWS\System32\Ama.exe
O4 - HKLM\..\Run: [Bgm] C:\WINDOWS\System32\Ppu.exe
O4 - HKLM\..\Run: [Lfr] C:\WINDOWS\System32\Tnl.exe
O4 - HKLM\..\Run: [Jcc] C:\WINDOWS\System32\Ega.exe
O4 - HKLM\..\Run: [Ebg] C:\WINDOWS\Dai.exe
O4 - HKLM\..\Run: [Ctj] C:\WINDOWS\System32\Nll.exe
O4 - HKLM\..\Run: [Buu] C:\WINDOWS\Abv.exe
O4 - HKLM\..\Run: [Dgg] C:\WINDOWS\Rmf.exe
O4 - HKLM\..\Run: [Blb] C:\WINDOWS\System32\Lci.exe
O4 - HKLM\..\Run: [Qme] C:\WINDOWS\System32\Dku.exe
O4 - HKLM\..\Run: [Cqk] C:\WINDOWS\System32\Nvb.exe
O4 - HKLM\..\Run: [Kig] C:\WINDOWS\System32\Tom.exe
O4 - HKLM\..\Run: [Lor] C:\WINDOWS\System32\Cuj.exe
O4 - HKLM\..\Run: [Bds] C:\WINDOWS\System32\Eij.exe
O4 - HKLM\..\Run: [Vmk] C:\WINDOWS\Vaf.exe
O4 - HKLM\..\Run: [Bvr] C:\WINDOWS\Cof.exe
O4 - HKLM\..\Run: [Ufb] C:\WINDOWS\System32\Vni.exe
O4 - HKLM\..\Run: [Gtn] C:\WINDOWS\Ibu.exe
O4 - HKLM\..\Run: [Jsv] C:\WINDOWS\System32\Ovf.exe
O4 - HKLM\..\Run: [Rhv] C:\WINDOWS\Qko.exe
O4 - HKLM\..\Run: [Alq] C:\WINDOWS\Maj.exe
O4 - HKLM\..\Run: [Vor] C:\WINDOWS\System32\Bes.exe
O4 - HKLM\..\Run: [Pcd] C:\WINDOWS\Ijs.exe
O4 - HKLM\..\Run: [Cfb] C:\WINDOWS\Pkm.exe
O4 - HKLM\..\Run: [Ugm] C:\WINDOWS\System32\Upp.exe
O4 - HKLM\..\Run: [Fbk] C:\WINDOWS\Use.exe
O4 - HKLM\..\Run: [Gom] C:\WINDOWS\Ncn.exe
O4 - HKLM\..\Run: [Uci] C:\WINDOWS\System32\Tca.exe
O4 - HKLM\..\Run: [Rnq] C:\WINDOWS\System32\Jpe.exe
O4 - HKLM\..\Run: [Api] C:\WINDOWS\Jlr.exe
O4 - HKLM\..\Run: [Qov] C:\WINDOWS\Tqi.exe
O4 - HKLM\..\Run: [Iin] C:\WINDOWS\System32\Ncm.exe
O4 - HKLM\..\Run: [Tjj] C:\WINDOWS\System32\Ppe.exe
O4 - HKLM\..\Run: [Ahe] C:\WINDOWS\System32\Plc.exe
O4 - HKLM\..\Run: [Nhn] C:\WINDOWS\Fdh.exe
O4 - HKLM\..\Run: [Rln] C:\WINDOWS\System32\Irp.exe
O4 - HKLM\..\Run: [Cqr] C:\WINDOWS\Onl.exe
O4 - HKLM\..\Run: [Cni] C:\WINDOWS\Sgc.exe
O4 - HKLM\..\Run: [Rmt] C:\WINDOWS\Bfe.exe
O4 - HKLM\..\Run: [Aua] C:\WINDOWS\System32\Ljg.exe
O4 - HKLM\..\Run: [Gba] C:\WINDOWS\System32\Dql.exe
O4 - HKLM\..\Run: [Qok] C:\WINDOWS\System32\Rrj.exe
O4 - HKLM\..\Run: [Iuu] C:\WINDOWS\Tjm.exe
O4 - HKLM\..\Run: [Lfo] C:\WINDOWS\Qsl.exe
O4 - HKLM\..\Run: [Kdm] C:\WINDOWS\Chf.exe
O4 - HKLM\..\Run: [Qjb] C:\WINDOWS\System32\Eap.exe
O4 - HKLM\..\Run: [Hnp] C:\WINDOWS\Cks.exe
O4 - HKLM\..\Run: [Ucm] C:\WINDOWS\System32\Tug.exe
O4 - HKLM\..\Run: [Vek] C:\WINDOWS\Rpt.exe
O4 - HKLM\..\Run: [Qvn] C:\WINDOWS\System32\Pgf.exe
O4 - HKLM\..\Run: [Shh] C:\WINDOWS\Hnb.exe
O4 - HKLM\..\Run: [Qsh] C:\WINDOWS\Gmv.exe
O4 - HKLM\..\Run: [Hul] C:\WINDOWS\System32\Oma.exe
O4 - HKLM\..\Run: [Pih] C:\WINDOWS\System32\Ace.exe
O4 - HKLM\..\Run: [mfcuc.exe] C:\WINDOWS\mfcuc.exe
O4 - HKLM\..\Run: [Nle] C:\WINDOWS\Ofo.exe
O4 - HKLM\..\Run: [Acj] C:\WINDOWS\System32\Dps.exe
O4 - HKLM\..\Run: [Jlj] C:\WINDOWS\Sft.exe
O4 - HKLM\..\Run: [Sdv] C:\WINDOWS\Ikg.exe
O4 - HKLM\..\RunOnce: [atldi32.exe] C:\WINDOWS\atldi32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Upp] C:\WINDOWS\Qab.exe
O4 - HKCU\..\Run: [xservice] C:\DOCUME~1\Owner\LOCALS~1\Temp\temp25.exe
O4 - HKCU\..\Run: [Mbg] C:\WINDOWS\System32\Ohg.exe
O4 - HKCU\..\Run: [Tgv] C:\WINDOWS\System32\Ted.exe
O4 - HKCU\..\Run: [Etc] C:\WINDOWS\Sea.exe
O4 - HKCU\..\Run: [Noh] C:\WINDOWS\Cri.exe
O4 - HKCU\..\Run: [Nlq] C:\WINDOWS\Hft.exe
O4 - HKCU\..\Run: [Dfl] C:\WINDOWS\System32\Uuj.exe
O4 - HKCU\..\Run: [Epm] C:\WINDOWS\Uni.exe
O4 - HKCU\..\Run: [Gai] C:\WINDOWS\System32\Sgf.exe
O4 - HKCU\..\Run: [Nbh] C:\WINDOWS\Hpr.exe
O4 - HKCU\..\Run: [Dig] C:\WINDOWS\Rer.exe
O4 - HKCU\..\Run: [Hrp] C:\WINDOWS\System32\Cci.exe
O4 - HKCU\..\Run: [Vic] C:\WINDOWS\System32\Poo.exe
O4 - HKCU\..\Run: [Mit] C:\WINDOWS\Ljt.exe
O4 - HKCU\..\Run: [winservice] C:\WINDOWS\services\svchost.exe
O4 - HKCU\..\Run: [Jji] C:\WINDOWS\Ilc.exe
O4 - HKCU\..\Run: [Thd] C:\WINDOWS\Rkm.exe
O4 - HKCU\..\Run: [Cfn] C:\WINDOWS\System32\Ecc.exe
O4 - HKCU\..\Run: [Qpt] C:\WINDOWS\System32\Nqr.exe
O4 - HKCU\..\Run: [Qob] C:\WINDOWS\Eom.exe
O4 - HKCU\..\Run: [Duc] C:\WINDOWS\Elr.exe
O4 - HKCU\..\Run: [Alp] C:\WINDOWS\Dre.exe
O4 - HKCU\..\Run: [Mog] C:\WINDOWS\System32\Alk.exe
O4 - HKCU\..\Run: [Nmp] C:\WINDOWS\Nnl.exe
O4 - HKCU\..\Run: [Dmg] C:\WINDOWS\System32\Srs.exe
O4 - HKCU\..\Run: [Hoi] C:\WINDOWS\System32\Fuh.exe
O4 - HKCU\..\Run: [Ruk] C:\WINDOWS\Hvq.exe
O4 - HKCU\..\Run: [Pad] C:\WINDOWS\System32\Bun.exe
O4 - HKCU\..\Run: [Tti] C:\WINDOWS\Lua.exe
O4 - HKCU\..\Run: [Mvk] C:\WINDOWS\Udn.exe
O4 - HKCU\..\Run: [Hcr] C:\WINDOWS\System32\Uel.exe
O4 - HKCU\..\Run: [Dsi] C:\WINDOWS\Sha.exe
O4 - HKCU\..\Run: [Cnr] C:\WINDOWS\System32\Erc.exe
O4 - HKCU\..\Run: [Gcs] C:\WINDOWS\System32\Utn.exe
O4 - HKCU\..\Run: [Mom] C:\WINDOWS\System32\Bah.exe
O4 - HKCU\..\Run: [Vou] C:\WINDOWS\System32\Svn.exe
O4 - HKCU\..\Run: [Ifa] C:\WINDOWS\System32\Jea.exe
O4 - HKCU\..\Run: [Imu] C:\WINDOWS\System32\Ama.exe
O4 - HKCU\..\Run: [Bgm] C:\WINDOWS\System32\Ppu.exe
O4 - HKCU\..\Run: [Lfr] C:\WINDOWS\System32\Tnl.exe
O4 - HKCU\..\Run: [Jcc] C:\WINDOWS\System32\Ega.exe
O4 - HKCU\..\Run: [Ebg] C:\WINDOWS\Dai.exe
O4 - HKCU\..\Run: [Ctj] C:\WINDOWS\System32\Nll.exe
O4 - HKCU\..\Run: [Buu] C:\WINDOWS\Abv.exe
O4 - HKCU\..\Run: [Dgg] C:\WINDOWS\Rmf.exe
O4 - HKCU\..\Run: [Blb] C:\WINDOWS\System32\Lci.exe
O4 - HKCU\..\Run: [Qme] C:\WINDOWS\System32\Dku.exe
O4 - HKCU\..\Run: [Cqk] C:\WINDOWS\System32\Nvb.exe
O4 - HKCU\..\Run: [Kig] C:\WINDOWS\System32\Tom.exe
O4 - HKCU\..\Run: [Lor] C:\WINDOWS\System32\Cuj.exe
O4 - HKCU\..\Run: [Bds] C:\WINDOWS\System32\Eij.exe
O4 - HKCU\..\Run: [Vmk] C:\WINDOWS\Vaf.exe
O4 - HKCU\..\Run: [Bvr] C:\WINDOWS\Cof.exe
O4 - HKCU\..\Run: [Ufb] C:\WINDOWS\System32\Vni.exe
O4 - HKCU\..\Run: [Gtn] C:\WINDOWS\Ibu.exe
O4 - HKCU\..\Run: [Jsv] C:\WINDOWS\System32\Ovf.exe
O4 - HKCU\..\Run: [Rhv] C:\WINDOWS\Qko.exe
O4 - HKCU\..\Run: [Alq] C:\WINDOWS\Maj.exe
O4 - HKCU\..\Run: [Vor] C:\WINDOWS\System32\Bes.exe
O4 - HKCU\..\Run: [Pcd] C:\WINDOWS\Ijs.exe
O4 - HKCU\..\Run: [Cfb] C:\WINDOWS\Pkm.exe
O4 - HKCU\..\Run: [Ugm] C:\WINDOWS\System32\Upp.exe
O4 - HKCU\..\Run: [Fbk] C:\WINDOWS\Use.exe
O4 - HKCU\..\Run: [Gom] C:\WINDOWS\Ncn.exe
O4 - HKCU\..\Run: [Uci] C:\WINDOWS\System32\Tca.exe
O4 - HKCU\..\Run: [Rnq] C:\WINDOWS\System32\Jpe.exe
O4 - HKCU\..\Run: [Api] C:\WINDOWS\Jlr.exe
O4 - HKCU\..\Run: [Qov] C:\WINDOWS\Tqi.exe
O4 - HKCU\..\Run: [Iin] C:\WINDOWS\System32\Ncm.exe
O4 - HKCU\..\Run: [Tjj] C:\WINDOWS\System32\Ppe.exe
O4 - HKCU\..\Run: [Ahe] C:\WINDOWS\System32\Plc.exe
O4 - HKCU\..\Run: [Nhn] C:\WINDOWS\Fdh.exe
O4 - HKCU\..\Run: [Rln] C:\WINDOWS\System32\Irp.exe
O4 - HKCU\..\Run: [Cqr] C:\WINDOWS\Onl.exe
O4 - HKCU\..\Run: [Cni] C:\WINDOWS\Sgc.exe
O4 - HKCU\..\Run: [Rmt] C:\WINDOWS\Bfe.exe
O4 - HKCU\..\Run: [Aua] C:\WINDOWS\System32\Ljg.exe
O4 - HKCU\..\Run: [Gba] C:\WINDOWS\System32\Dql.exe
O4 - HKCU\..\Run: [Qok] C:\WINDOWS\System32\Rrj.exe
O4 - HKCU\..\Run: [Iuu] C:\WINDOWS\Tjm.exe
O4 - HKCU\..\Run: [Lfo] C:\WINDOWS\Qsl.exe
O4 - HKCU\..\Run: [Kdm] C:\WINDOWS\Chf.exe
O4 - HKCU\..\Run: [Qjb] C:\WINDOWS\System32\Eap.exe
O4 - HKCU\..\Run: [Hnp] C:\WINDOWS\Cks.exe
O4 - HKCU\..\Run: [Ucm] C:\WINDOWS\System32\Tug.exe
O4 - HKCU\..\Run: [Vek] C:\WINDOWS\Rpt.exe
O4 - HKCU\..\Run: [Qvn] C:\WINDOWS\System32\Pgf.exe
O4 - HKCU\..\Run: [Shh] C:\WINDOWS\Hnb.exe
O4 - HKCU\..\Run: [Qsh] C:\WINDOWS\Gmv.exe
O4 - HKCU\..\Run: [Hul] C:\WINDOWS\System32\Oma.exe
O4 - HKCU\..\Run: [Pih] C:\WINDOWS\System32\Ace.exe
O4 - HKCU\..\Run: [Nle] C:\WINDOWS\Ofo.exe
O4 - HKCU\..\Run: [Acj] C:\WINDOWS\System32\Dps.exe
O4 - HKCU\..\Run: [Jlj] C:\WINDOWS\Sft.exe
O4 - HKCU\..\Run: [Sdv] C:\WINDOWS\Ikg.exe
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: WindowsUpdate23452[1].exe
O4 - Startup: winupdate07503810[1].exe
O4 - Startup: winupdate19698025[1].exe
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Microsoft AntiSpyware helper - {D7811076-5F96-4C6C-B50E-1403311C1D3A} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D7811076-5F96-4C6C-B50E-1403311C1D3A} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D7811076-5F96-4C6C-B50E-1403311C1D3A} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D7811076-5F96-4C6C-B50E-1403311C1D3A} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.horse-active.net
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.ysbweb.com
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.horse-active.net (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.ysbweb.com (HKLM)
O15 - Trusted IP range: 64.62.171.156
O15 - Trusted IP range: 64.62.171.156 (HKLM)
O16 - DPF: {42B4A4BC-E46F-2B93-417D-7F1E6F6F1EBA} - http://63.219.178.91/1/rdgUS990.exe (http://\"http://63.219.178.91/1/rdgUS990.exe\")
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/...flowActiveX.CAB (http://\"https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB\")
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sysay32.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common files\WinTools\WToolsS.exe (file missing)

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 11:45:30 AM

Oops. I didn't log in. That was me.

Title: More win32 problems
Post by: guestolo on September 05, 2005, 12:06:27 PM

HI again tektok3

You have a few problems on your computer, we should be able to rid you of all of them

But
Can you do the following for me first  please

Open Hijackthis>>Open Misc Tools Section>>Open Uninstall Manager
Click the SAVE LIST button
Save the list to desktop and then copy and paste back here the contents

Can you also do the following
==Download and save WinPFind.zip (http://\"http://www.bleepingcomputer.com/files/oldtimer/WinPFind.zip\")
UNZIP the contents to your desktop or a folder
Open the WinPFind folder you extracted to desktop
Double click on WinPFind.exe
Then click Start Scan
This could take some time as it will scan your drive
Go to the WinPFind folder
   Locate WinPFind.txt in the WinPfind folder

Post the results of the WindPFind.txt

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 02:10:08 PM

Okie-dokie. Here is my SAVE LIST list from Hijackthis. I will post the WinPFind stuff as soon as it finishes scanning. Thank you!

3D Home Architect Home Design Deluxe 6
3D Home Architect® Deluxe 3.0
Ad-aware 6 Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Reader 6.0.1
Adware Away v2.2
Ahead Nero Burning ROM
AOL Explorer
AOL Instant Messenger
aspi
Avery DesignPro
Blackhawk Striker from Compaq (remove only)
Bounce Symphony from Compaq (remove only)
CCHelp
CCScore
CleanUp!
Compaq Connections
Compaq Instant Support
Compaq Organize
Cox High Speed Internet security software
CR2
Dell Photo Printer 720
DjVu Browser Plug-in 4.1
Documents To Go
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSTUTOR
ESSvpaht
ESSvpot
Excavation from Compaq (remove only)
First Step Guide
Google Earth
green label Print It 3
Handmark 4.0Student for Palm OS
Handmark® PDA Money for palmOne
HijackThis 1.99.1
Home  Search Assistent
HP Deskjet Preloaded Printer Drivers
HP Photo & Imaging 3.1
HP Photo and Imaging 2.0 - Photosmart Cameras
HP PSC & OfficeJet 3.0
HP Software Update
ImageMixer VCD2
Intel® Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterActual Player
Internet Explorer Q831167
InterVideo WinDVD Player
iPod Updater 2004-11-15
iTunes
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 2 Runtime Environment, SE v1.4.2
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
LingvoSoft Talking Dictionary (English<->Persian (Farsi)) for Palm OS
LiveUpdate 2.6 (Symantec Corporation)
Logitech Pocket Digital
Macromedia Flash Player
Memories Disc Creator 2.0
MGI PhotoSuite 4 (Remove Only)
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Standard Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Works 7.0
MSN Music Assistant
MUSICMATCH® Jukebox
Norton WMI Update
Notifier
NVIDIA GART Driver
Offer Optimizer
Orbital from Compaq (remove only)
OTtBP
Otto from Compaq (remove only)
Outlook Express Q837009
Overball from Compaq (remove only)
Pacific Poker
Palm Desktop
PartyPoker.net
PCDLNCH
PC-Doctor for Windows
Photosmart 140,240,7200,7600,7700,7900 Series
Planet Poker
Polar Bowler from Compaq (remove only)
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
Quicken 2004
QuickTime
RealOne Player
RecordNow!
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
Screen2 Screen Saver
Search Assistant
Search Extender  
SFR
SFR2
Shopping  Wizard
Shopping Wizard
Slyder from Compaq (remove only)
Software for your PC!
Sonic Update Manager
Sony USB Driver
SpamSubtract
Spybot - Search & Destroy 1.3
Symantec Network Driver Update
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar (Remove Only)
WeatherBug
Web Search Tools Error Search
WildTangent Web Driver
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Hotfix [See wm828026 for more information]
Windows open32 update
Windows SR 2.0
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833407
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB840374
Windows XP Hotfix (SP2) [See Q329048 for more information]
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See q329256 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) [See Q329834 for more information]
Windows XP Hotfix (SP2) Q327979
Windows XP Hotfix (SP2) Q328310
Windows XP Hotfix (SP2) Q329112
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) Q329441
Windows XP Hotfix (SP2) Q329909
Windows XP Hotfix (SP2) Q331953
Windows XP Hotfix (SP2) Q331958
Windows XP Hotfix (SP2) Q810565
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q811493
Windows XP Hotfix (SP2) Q811789
Windows XP Hotfix (SP2) Q814033
Windows XP Hotfix (SP2) Q814995
Windows XP Hotfix (SP2) Q815021
Windows XP Hotfix (SP2) Q815485
Windows XP Hotfix (SP2) Q817287
Windows XP Hotfix (SP2) Q817606
WinTools for Internet Explorer [v2]
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Yahoo! Photos Easy Upload Tool 1v3
Yahoo! Toolbar

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 02:38:05 PM

Here are the results of the WinPFind.txt


WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP    Current Build: Service Pack 1    Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX!                 4/26/2004 1:45:52 PM        6656       C:\WINDOWS\services.exe

Checking %System% folder...
FSG!                 9/1/2005 10:42:32 PM        8833       C:\WINDOWS\SYSTEM32\1010781.exe
FSG!                 9/4/2005 2:54:38 AM         8833       C:\WINDOWS\SYSTEM32\32101625.exe
UPX!                 4/26/2004 1:28:28 PM        3072       C:\WINDOWS\SYSTEM32\arpa.exe
UPX!                 7/23/2004 1:32:52 PM        9728       C:\WINDOWS\SYSTEM32\authz.exe
PEC2                 8/29/2002 6:00:00 AM        41397      C:\WINDOWS\SYSTEM32\dfrg.msc
PTech                4/29/2004 2:35:00 AM     H  3066522    C:\WINDOWS\SYSTEM32\kyf.dat
UPX!                 8/22/2001 6:00:00 PM        86030      C:\WINDOWS\SYSTEM32\msdjgk.dll
UPX!                 8/22/2001 6:00:00 PM        218624     C:\WINDOWS\SYSTEM32\mseggo.gif
Umonitor             8/29/2002 6:00:00 AM        631808     C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync              8/29/2002 6:00:00 AM        1309184    C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
UPX!                 4/26/2004 2:04:54 AM        6656       C:\WINDOWS\SYSTEM32\drivers\csrss.exe
aspack               12/10/2004 10:30:48 AM  R   707176     C:\WINDOWS\SYSTEM32\drivers\css-dvp.sys

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
                     9/5/2005 12:34:16 PM      S 2048       C:\WINDOWS\bootstat.dat
                     8/4/2005 11:24:20 AM     H  30202      C:\WINDOWS\fiz2
                     7/17/2005 8:25:22 AM     H  15515      C:\WINDOWS\log0.txt
                     8/8/2005 11:38:06 AM     H  10277      C:\WINDOWS\log1.txt
                     8/6/2005 8:22:38 AM      H  10363      C:\WINDOWS\log2.txt
                     8/4/2005 11:24:22 AM     H  65680      C:\WINDOWS\MEMORY.DMP
                     9/1/2005 1:11:56 AM      H  54156      C:\WINDOWS\QTFont.qfn
                     8/25/2005 8:33:52 AM     HS 48680      C:\WINDOWS\winnt.bmp
                     8/5/2005 5:27:00 AM      HS 48680      C:\WINDOWS\winnt256.bmp
                     9/5/2005 12:34:18 PM     H  6          C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation          8/29/2002 6:00:00 AM        66048      C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp.    2/17/2004 5:49:14 AM        14193152   C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation          8/29/2002 6:00:00 AM        578560     C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        129024     C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        150016     C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation              4/7/2003 8:14:30 AM         94208      C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Ahead Software AG              5/26/2003 4:12:14 AM        57344      C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        292352     C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        121856     C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        65536      C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems               10/11/2003 4:52:00 AM       53352      C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        187904     C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        559616     C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        35840      C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        256000     C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation             8/19/2003 3:56:00 AM        143360     C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        36864      C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        109056     C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc.           9/23/2004 6:57:40 PM        323072     C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        268288     C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        28160      C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        90112      C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation          8/3/2004 2:03:24 PM         167704     C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        66048      C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        578560     C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        129024     C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        150016     C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        292352     C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        121856     C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        65536      C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        187904     C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        559616     C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        35840      C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        256000     C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        36864      C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        109056     C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        147456     C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        268288     C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        28160      C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        90112      C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Realtek Semiconductor Corp.    2/17/2004 5:49:14 AM        14193152   C:\WINDOWS\SYSTEM32\DRVSTORE\Alcxwdm_cfb7d3fc0ab7f7a3133a6c25509eaf3479108975\ALSNDMGR.CPL
Intel Corporation              4/7/2003 8:14:30 AM         94208      C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\igfxcpl.cpl
Realtek Semiconductor Corp.    9/12/2003 8:24:20 PM        10435584   C:\WINDOWS\SYSTEM32\ReinstallBackups\0014\DriverFiles\ALSNDMGR.CPL

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
                     9/17/2004 10:28:00 PM       1562       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dataviz Messenger.lnk
                     10/11/2003 4:16:08 AM    HS 84         C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
                     10/10/2003 9:10:12 PM    HS 62         C:\Documents and Settings\All Users\Application Data\desktop.ini
                     10/11/2003 5:35:18 AM       534        C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...
                     10/11/2003 4:16:08 AM    HS 84         C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini
                     9/17/2004 11:14:26 PM       1315       C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HotSync Manager.lnk
                     11/7/2004 1:13:28 PM        0          C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WindowsUpdate23452[1].exe
UPX!                 3/4/2005 3:24:56 AM         9216       C:\Documents and Settings\Owner\Start Menu\Programs\Startup\winupdate07503810[1].exe
UPX!                 2/18/2005 8:59:22 PM        8704       C:\Documents and Settings\Owner\Start Menu\Programs\Startup\winupdate19698025[1].exe
                     6/17/2004 12:21:22 AM       938        C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WKCALREM.LNK

Checking files in %USERPROFILE%\Application Data folder...
                     10/10/2003 9:10:12 PM    HS 62         C:\Documents and Settings\Owner\Application Data\desktop.ini
                     9/21/2004 9:27:20 PM        0          C:\Documents and Settings\Owner\Application Data\dm.ini
                     6/16/2004 9:33:44 PM        37         C:\Documents and Settings\Owner\Application Data\tvmcwrd.dll
                     4/26/2005 11:02:10 PM       284        C:\Documents and Settings\Owner\Application Data\ViewerApp.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
   {5464D816-CF16-4784-B9F3-75C0DB52B499}    = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}    = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
   AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BD9CF1BA-C149-7FD6-0BF4-CE2A97CF0E4F}
   Class = C:\WINDOWS\sdklz32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
   &Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
   {EF99BD32-C1FB-11D2-892F-0090271D4F88}    = &Yahoo! Companion   : C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
   {8E718888-423F-11D2-876E-00A0C9082467}    = &Radio   : C:\WINDOWS\System32\msdxm.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
   MenuText    = Sun Java Console   : C:\WINDOWS\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
   ButtonText    = Messenger   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
   ButtonText    = Research   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
   ButtonText    = AIM   : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D7811076-5F96-4C6C-B50E-1403311C1D3A}
   ButtonText    = Microsoft AntiSpyware helper   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F4430FE8-2638-42e5-B849-800749B94EED}
   ButtonText    = PartyPoker.net   : C:\Program Files\PartyPoker.net\partypokernet.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
   Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
   Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
   &Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
   File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
   Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
   Explorer Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}
   &Research = C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : %SystemRoot%\system32\SHELL32.dll
   {EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion   : C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   TkBellExe   "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
   NeroCheck   C:\WINDOWS\system32\NeroCheck.exe
   SSC_UserPrompt   C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
   WildTangent CDA   RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
   iTunesHelper   C:\Program Files\iTunes\iTunesHelper.exe
   QuickTime Task   "C:\Program Files\QuickTime\qttask.exe" -atboottime
   ViewMgr   C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
   InstaFinderK   C:\Program Files\INSTAFINK\InstaFinderK_inst.exe
   explorer.exe   C:\WINDOWS\explorer.exe
   d3ty32.exe   C:\WINDOWS\system32\d3ty32.exe
   ntrd.exe   C:\WINDOWS\ntrd.exe
   mfcya32.exe   C:\WINDOWS\mfcya32.exe
   netkg32.exe   C:\WINDOWS\system32\netkg32.exe
   mfcgo32.exe   C:\WINDOWS\system32\mfcgo32.exe
   ieui32.exe   C:\WINDOWS\ieui32.exe
   d3hq32.exe   C:\WINDOWS\d3hq32.exe
   ipbf32.exe   C:\WINDOWS\system32\ipbf32.exe
   appwg32.exe   C:\WINDOWS\appwg32.exe
   cruu.exe   C:\WINDOWS\system32\cruu.exe
   d3ne.exe   C:\WINDOWS\system32\d3ne.exe
   sdkqp.exe   C:\WINDOWS\system32\sdkqp.exe
   d3mr32.exe   C:\WINDOWS\system32\d3mr32.exe
   atltm32.exe   C:\WINDOWS\atltm32.exe
   crfq32.exe   C:\WINDOWS\system32\crfq32.exe
   sdkzd32.exe   C:\WINDOWS\sdkzd32.exe
   sdksi.exe   C:\WINDOWS\sdksi.exe
   HostManager   C:\Program Files\Common Files\AOL\1124573388\ee\AOLHostManager.exe
   atlxm32.exe   C:\WINDOWS\atlxm32.exe
   apida.exe   C:\WINDOWS\apida.exe
   javajm32.exe   C:\WINDOWS\system32\javajm32.exe
   winpl.exe   C:\WINDOWS\system32\winpl.exe
   systf32.exe   C:\WINDOWS\system32\systf32.exe
   sdkpm.exe   C:\WINDOWS\system32\sdkpm.exe
   appws32.exe   C:\WINDOWS\system32\appws32.exe
   AuthConsoleStart   
   Upp   C:\WINDOWS\Qab.exe
   Shell   open32.exe
   Systemos Restart   Rundll32.exe pifn.dll, DllRegisterServer
   Mbg   C:\WINDOWS\System32\Ohg.exe
   Tgv   C:\WINDOWS\System32\Ted.exe
   Etc   C:\WINDOWS\Sea.exe
   Noh   C:\WINDOWS\Cri.exe
   Nlq   C:\WINDOWS\Hft.exe
   Dfl   C:\WINDOWS\System32\Uuj.exe
   Epm   C:\WINDOWS\Uni.exe
   Gai   C:\WINDOWS\System32\Sgf.exe
   Nbh   C:\WINDOWS\Hpr.exe
   Dig   C:\WINDOWS\Rer.exe
   Hrp   C:\WINDOWS\System32\Cci.exe
   Vic   C:\WINDOWS\System32\Poo.exe
   Mit   C:\WINDOWS\Ljt.exe
   Jji   C:\WINDOWS\Ilc.exe
   Thd   C:\WINDOWS\Rkm.exe
   Cfn   C:\WINDOWS\System32\Ecc.exe
   Qpt   C:\WINDOWS\System32\Nqr.exe
   Qob   C:\WINDOWS\Eom.exe
   Duc   C:\WINDOWS\Elr.exe
   Alp   C:\WINDOWS\Dre.exe
   Mog   C:\WINDOWS\System32\Alk.exe
   Nmp   C:\WINDOWS\Nnl.exe
   Dmg   C:\WINDOWS\System32\Srs.exe
   Hoi   C:\WINDOWS\System32\Fuh.exe
   Ruk   C:\WINDOWS\Hvq.exe
   Pad   C:\WINDOWS\System32\Bun.exe
   Tti   C:\WINDOWS\Lua.exe
   Mvk   C:\WINDOWS\Udn.exe
   Hcr   C:\WINDOWS\System32\Uel.exe
   Dsi   C:\WINDOWS\Sha.exe
   Cnr   C:\WINDOWS\System32\Erc.exe
   Gcs   C:\WINDOWS\System32\Utn.exe
   Mom   C:\WINDOWS\System32\Bah.exe
   Vou   C:\WINDOWS\System32\Svn.exe
   Ifa   C:\WINDOWS\System32\Jea.exe
   Imu   C:\WINDOWS\System32\Ama.exe
   Bgm   C:\WINDOWS\System32\Ppu.exe
   Lfr   C:\WINDOWS\System32\Tnl.exe
   Jcc   C:\WINDOWS\System32\Ega.exe
   Ebg   C:\WINDOWS\Dai.exe
   Ctj   C:\WINDOWS\System32\Nll.exe
   Buu   C:\WINDOWS\Abv.exe
   Dgg   C:\WINDOWS\Rmf.exe
   Blb   C:\WINDOWS\System32\Lci.exe
   Qme   C:\WINDOWS\System32\Dku.exe
   Cqk   C:\WINDOWS\System32\Nvb.exe
   Kig   C:\WINDOWS\System32\Tom.exe
   Lor   C:\WINDOWS\System32\Cuj.exe
   Bds   C:\WINDOWS\System32\Eij.exe
   Vmk   C:\WINDOWS\Vaf.exe
   Bvr   C:\WINDOWS\Cof.exe
   Ufb   C:\WINDOWS\System32\Vni.exe
   Gtn   C:\WINDOWS\Ibu.exe
   Jsv   C:\WINDOWS\System32\Ovf.exe
   Rhv   C:\WINDOWS\Qko.exe
   Alq   C:\WINDOWS\Maj.exe
   Vor   C:\WINDOWS\System32\Bes.exe
   Pcd   C:\WINDOWS\Ijs.exe
   Cfb   C:\WINDOWS\Pkm.exe
   Ugm   C:\WINDOWS\System32\Upp.exe
   Fbk   C:\WINDOWS\Use.exe
   Gom   C:\WINDOWS\Ncn.exe
   Uci   C:\WINDOWS\System32\Tca.exe
   Rnq   C:\WINDOWS\System32\Jpe.exe
   Api   C:\WINDOWS\Jlr.exe
   Qov   C:\WINDOWS\Tqi.exe
   Iin   C:\WINDOWS\System32\Ncm.exe
   Tjj   C:\WINDOWS\System32\Ppe.exe
   Ahe   C:\WINDOWS\System32\Plc.exe
   Nhn   C:\WINDOWS\Fdh.exe
   Rln   C:\WINDOWS\System32\Irp.exe
   Cqr   C:\WINDOWS\Onl.exe
   Cni   C:\WINDOWS\Sgc.exe
   Rmt   C:\WINDOWS\Bfe.exe
   Aua   C:\WINDOWS\System32\Ljg.exe
   Gba   C:\WINDOWS\System32\Dql.exe
   Qok   C:\WINDOWS\System32\Rrj.exe
   Iuu   C:\WINDOWS\Tjm.exe
   Lfo   C:\WINDOWS\Qsl.exe
   Kdm   C:\WINDOWS\Chf.exe
   Qjb   C:\WINDOWS\System32\Eap.exe
   Hnp   C:\WINDOWS\Cks.exe
   Ucm   C:\WINDOWS\System32\Tug.exe
   Vek   C:\WINDOWS\Rpt.exe
   Qvn   C:\WINDOWS\System32\Pgf.exe
   Shh   C:\WINDOWS\Hnb.exe
   Qsh   C:\WINDOWS\Gmv.exe
   Hul   C:\WINDOWS\System32\Oma.exe
   Pih   C:\WINDOWS\System32\Ace.exe
   mfcuc.exe   C:\WINDOWS\mfcuc.exe
   Nle   C:\WINDOWS\Ofo.exe
   Acj   C:\WINDOWS\System32\Dps.exe
   Jlj   C:\WINDOWS\Sft.exe
   Sdv   C:\WINDOWS\Ikg.exe
   Pbq   C:\WINDOWS\System32\Mev.exe
   Rjr   C:\WINDOWS\System32\Vgn.exe
   Jns   C:\WINDOWS\Dvn.exe
   Meq   C:\WINDOWS\Nsm.exe
   Qiv   C:\WINDOWS\System32\Sdk.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
   IMAIL   Installed = 1
   MAPI   Installed = 1
   MSFS   Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
   atldi32.exe   C:\WINDOWS\atldi32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
      

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   MSMSGS   "C:\Program Files\Messenger\msmsgs.exe" /background
   MoneyAgent   "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
   AIM   C:\Program Files\AIM\aim.exe -cnetwait.odl
   Weather   C:\Program Files\AWS\WeatherBug\Weather.exe 1
   Yahoo! Pager   C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
   Upp   C:\WINDOWS\Qab.exe
   xservice   C:\DOCUME~1\Owner\LOCALS~1\Temp\temp25.exe
   Mbg   C:\WINDOWS\System32\Ohg.exe
   Tgv   C:\WINDOWS\System32\Ted.exe
   Etc   C:\WINDOWS\Sea.exe
   Noh   C:\WINDOWS\Cri.exe
   Nlq   C:\WINDOWS\Hft.exe
   Dfl   C:\WINDOWS\System32\Uuj.exe
   Epm   C:\WINDOWS\Uni.exe
   Gai   C:\WINDOWS\System32\Sgf.exe
   Nbh   C:\WINDOWS\Hpr.exe
   Dig   C:\WINDOWS\Rer.exe
   Hrp   C:\WINDOWS\System32\Cci.exe
   Vic   C:\WINDOWS\System32\Poo.exe
   Mit   C:\WINDOWS\Ljt.exe
   winservice   C:\WINDOWS\services\svchost.exe
   Jji   C:\WINDOWS\Ilc.exe
   Thd   C:\WINDOWS\Rkm.exe
   Cfn   C:\WINDOWS\System32\Ecc.exe
   Qpt   C:\WINDOWS\System32\Nqr.exe
   Qob   C:\WINDOWS\Eom.exe
   Duc   C:\WINDOWS\Elr.exe
   Alp   C:\WINDOWS\Dre.exe
   Mog   C:\WINDOWS\System32\Alk.exe
   Nmp   C:\WINDOWS\Nnl.exe
   Dmg   C:\WINDOWS\System32\Srs.exe
   Hoi   C:\WINDOWS\System32\Fuh.exe
   Ruk   C:\WINDOWS\Hvq.exe
   Pad   C:\WINDOWS\System32\Bun.exe
   Tti   C:\WINDOWS\Lua.exe
   Mvk   C:\WINDOWS\Udn.exe
   Hcr   C:\WINDOWS\System32\Uel.exe
   Dsi   C:\WINDOWS\Sha.exe
   Cnr   C:\WINDOWS\System32\Erc.exe
   Gcs   C:\WINDOWS\System32\Utn.exe
   Mom   C:\WINDOWS\System32\Bah.exe
   Vou   C:\WINDOWS\System32\Svn.exe
   Ifa   C:\WINDOWS\System32\Jea.exe
   Imu   C:\WINDOWS\System32\Ama.exe
   Bgm   C:\WINDOWS\System32\Ppu.exe
   Lfr   C:\WINDOWS\System32\Tnl.exe
   Jcc   C:\WINDOWS\System32\Ega.exe
   Ebg   C:\WINDOWS\Dai.exe
   Ctj   C:\WINDOWS\System32\Nll.exe
   Buu   C:\WINDOWS\Abv.exe
   Dgg   C:\WINDOWS\Rmf.exe
   Blb   C:\WINDOWS\System32\Lci.exe
   Qme   C:\WINDOWS\System32\Dku.exe
   Cqk   C:\WINDOWS\System32\Nvb.exe
   Kig   C:\WINDOWS\System32\Tom.exe
   Lor   C:\WINDOWS\System32\Cuj.exe
   Bds   C:\WINDOWS\System32\Eij.exe
   Vmk   C:\WINDOWS\Vaf.exe
   Bvr   C:\WINDOWS\Cof.exe
   Ufb   C:\WINDOWS\System32\Vni.exe
   Gtn   C:\WINDOWS\Ibu.exe
   Jsv   C:\WINDOWS\System32\Ovf.exe
   Rhv   C:\WINDOWS\Qko.exe
   Alq   C:\WINDOWS\Maj.exe
   Vor   C:\WINDOWS\System32\Bes.exe
   Pcd   C:\WINDOWS\Ijs.exe
   Cfb   C:\WINDOWS\Pkm.exe
   Ugm   C:\WINDOWS\System32\Upp.exe
   Fbk   C:\WINDOWS\Use.exe
   Gom   C:\WINDOWS\Ncn.exe
   Uci   C:\WINDOWS\System32\Tca.exe
   Rnq   C:\WINDOWS\System32\Jpe.exe
   Api   C:\WINDOWS\Jlr.exe
   Qov   C:\WINDOWS\Tqi.exe
   Iin   C:\WINDOWS\System32\Ncm.exe
   Tjj   C:\WINDOWS\System32\Ppe.exe
   Ahe   C:\WINDOWS\System32\Plc.exe
   Nhn   C:\WINDOWS\Fdh.exe
   Rln   C:\WINDOWS\System32\Irp.exe
   Cqr   C:\WINDOWS\Onl.exe
   Cni   C:\WINDOWS\Sgc.exe
   Rmt   C:\WINDOWS\Bfe.exe
   Aua   C:\WINDOWS\System32\Ljg.exe
   Gba   C:\WINDOWS\System32\Dql.exe
   Qok   C:\WINDOWS\System32\Rrj.exe
   Iuu   C:\WINDOWS\Tjm.exe
   Lfo   C:\WINDOWS\Qsl.exe
   Kdm   C:\WINDOWS\Chf.exe
   Qjb   C:\WINDOWS\System32\Eap.exe
   Hnp   C:\WINDOWS\Cks.exe
   Ucm   C:\WINDOWS\System32\Tug.exe
   Vek   C:\WINDOWS\Rpt.exe
   Qvn   C:\WINDOWS\System32\Pgf.exe
   Shh   C:\WINDOWS\Hnb.exe
   Qsh   C:\WINDOWS\Gmv.exe
   Hul   C:\WINDOWS\System32\Oma.exe
   Pih   C:\WINDOWS\System32\Ace.exe
   Nle   C:\WINDOWS\Ofo.exe
   Acj   C:\WINDOWS\System32\Dps.exe
   Jlj   C:\WINDOWS\Sft.exe
   Sdv   C:\WINDOWS\Ikg.exe
   Pbq   C:\WINDOWS\System32\Mev.exe
   Rjr   C:\WINDOWS\System32\Vgn.exe
   Jns   C:\WINDOWS\Dvn.exe
   Meq   C:\WINDOWS\Nsm.exe
   Qiv   C:\WINDOWS\System32\Sdk.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
   NoChangingWallpaper   0
   NoComponents   0
   NoAddingComponents   0
   NoDeletingComponents   0
   NoEditingComponents   0
   NoHTMLWallPaper   0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoViewContextMenu   2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
   {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
   {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
   {0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
   Key   KY/Pkx,Rå·cÎ
   Hint   rats
   FileName0   C:\WINDOWS\System32\RSACi.rat

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
   Allow_Unknowns   0
   PleaseMom   1
   Enabled   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html
   l   0
   n   0
   s   0
   v   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default
   NumSys   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   dontdisplaylastusername   0
   legalnoticecaption   
   legalnoticetext   
   shutdownwithoutlogon   1
   undockwithoutlogon   1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
   NoChangingWallpaper   0
   NoComponents   0
   NoAddingComponents   0
   NoDeletingComponents   0
   NoEditingComponents   0
   NoHTMLWallPaper   0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   255
   _NoDriveTypeAutoRun   0
   NoActiveDesktop   0
   ClassicShell   0
   ForceActiveDesktopOn   1
   NoViewContextMenu   2

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
   Wallpaper   C:\WINDOWS\desktop.html
   disableregistrytools   0
   disabletaskmgr   0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
   PostBootReminder                  {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
   CDBurn                            {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
   WebCheck                          {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
   SysTray                           {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   UserInit   = C:\WINDOWS\System32\AUserInit.exe
   Shell      = Explorer.exe
   System      =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
    = igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
   Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   AppInit_DLLs   


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.5   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/5/2005 2:32:05 PM

Title: More win32 problems
Post by: guestolo on September 05, 2005, 03:56:23 PM

Good work, you have some work to do, but you should be looking a lot better after you try some fixes
I'll leave the manual fixes with Hijackthis later, I need you to run some tools first and I'll supply a couple registry fixes

Please download the following tools
First Access your Add/Remove programs and remove
Ad-aware 6 Personal
After you have done that, let's get you the latest version
Download and InstallAd-Aware SE Personal 1.06 (http://\"ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe\")
Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates
When installing ad-aware may prompt to update, allow it but Don't run a scan yet

==Download and UNZIP to desktop or a folder
HSFIX.zip (http://\"http://www.atribune.org/downloads/HSFix.zip\")
HSFix directory will be created
We'll need this later
If Command's AV interferes with this download, you will have to disable it

==Download and UNZIP to the desktop or a folder
~Link Removed~
So you now have Deldomains.inf extracted
We'll need this later

==Download and Unzip   The Hoster (http://\"http://www.funkytoad.com/download/hoster.zip\")  to a folder
We'll need this later

==Download smitRem.exe (http://\"http://noahdfear.geekstogo.com/click%20counter/click.php?id=1\") and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.
We'll need this later

==Download and then Install
Ewido Security Suite (http://\"http://download.ewido.net/ewido-setup.exe\")

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We'll fix that later
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/ (http://\"http://www.ewido.net/en/download/updates/\")

==Download and UNZIP to desktop or a folder
CWSServiceremove.zip (http://\"http://www.thetechguide.com/forum/index.php?act=Attach&type=post&id=310\")
So you now have Cwsserviceremove.reg on your desktop or a folder
We'll need this later

==Download and UNZIP to desktop or a folder fix.zip
So you now have fix.reg extracted
[attachment=330:attachment] We'll need this later

==Create a New folder on your desktop, call it Aboutbuster
(Right click an empty spot on the desktop and select NEW>>FOLDER)
Download to desktop About:Buster (http://\"http://www.malwarebytes.biz/AboutBuster5.zip\")
by RubbeR Ducky
Unzip it to that new folder
    *Open the AboutBuster folder you unzipped the contents too
    *Double click to run About:Buster.exe
    *Click the UPDATE button, and allow to update
    *Close out AboutBuster for now, we'll need it later
   
Download and save to desktop or folder
CWShredder.exe (http://\"http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe\")
Run this later

You have a bit of work ahead of you,
Please Print this out or save these instructions to a Notepad file and save it to your Desktop

RESTART your Computer in SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=4#_Section4\")
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link
I supplied for a more detailed explanation

Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- Network Security Service (NSS)

Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled

Do the same thing for this one too
WinTools for IE service

Access your Add/Remove programs and remove the following if you can
If you can't remain in safe mode and carry on with instructions
There are other nasties in your add/remove programs, just try removing the following for now
WinTools for Internet Explorer [v2]
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar (Remove Only)
WeatherBug <-remove this if you didn't intentionally install it
Web Search Tools Error Search
WildTangent Web Driver
Windows open32 update
Windows SR 2.0

Stay in safe mode
Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

Find and delete the following folders if found
C:\Program Files\Common files\WinTools <-folder
C:\Program Files\INSTAFINK <-folder
C:\Program Files\AWS <-folder if Weatherbug was removed

==Navigate to the HSFix directory>>Open the folder, ensure you unzipped this
 and double-click on HSFix.bat.
* It will produce a log file, located here: C:\hslog.txt. <--we'll need this later

==Open the Aboutbuster folder and Run About:buster.exe
Click the Begin Removal button
Can you please run this scan twice
When it's done it will produce a log in the Aboutbuster folder called
Ab logfile.txt
I'll need to see the log later

Double click on cwsserviceremove.reg and allow to add or merge to the registry

Open the SmitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab > uncheck everything you find in there.
Exclude "My Current Home Page" if selected
Click OK>> Apply>>OK

==Open Ewido Security Suite
Give it time to load
Click on the Scanner button on the left menu
Click on the Settings button on the right
Select "Scan Every File"
OK it and then click on the "Complete System Scan"
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

Open Ad-Aware
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

Double click on fix.reg and allow to add or merge to the registry

Run CWShredder.exe and click the FIX button, let it finish

RESTART your computer to Normal mode

Back in Windows

==Right Click on DelDomains.inf>>Choose Install from the menu bar
This will delete all your Trusted and Ranges entries

==Open Hoster and
Press "Restore Original Hosts" and press "OK".
Then Exit

==Access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the Security tab | Custom Level
Check ActiveX security settings:
Make sure that the following settings are correct:
o Download signed ActiveX controls (Prompt)
o Download unsigned ActiveX controls (Disable)
o Initialize and script ActiveX controls not marked as safe (Disable)
o Script ActiveX controls marked safe for scripting (Prompt)

From my signature below please run a free online virus scan at Panda's
Choose to scan "MyComputer"
When the scan is done, if anything is found it will give you a choice to Save a Report
Please save the report to desktop or a folder

I need to see some logs, Please try and supply all of them

The Report from Panda's
The Report from Ewidos
The Ab logfile.txt from About:Buster
C:\hslog.txt from HSFix
Also run Hijackthis again and post a fresh log

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 04:53:41 PM

Oooookiedokie. I downloaded everything EXCEPT: The link you gave me said I wasn't authorized to download DelDomains.zip - so I didn't get that one. I downloaded Ewido to my computer, but I couldn't install it. An error popup kept coming up that said the installer I am using is corrupted or incomplete, and it might be because of a virus. I already have About: Buster (3.0.0.0) and CWShredder (1.59.0.1). Should I uninstall them & download new versions, or leave them as is?

Thanks again!

Title: More win32 problems
Post by: guestolo on September 05, 2005, 04:58:56 PM

Remove your versions of CWShredder and About:Buster
and get the ones I posted

I uploaded DelDomains for you, please download it from here
[attachment=331:attachment]

Ewido is legitimate
Please allow to install if your AV is interfering

Or try redownload Ewido from this link
http://www.ewido.net/en/ (http://\"http://www.ewido.net/en/\")

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 05:10:12 PM

Both of the downloads worked this time. I'll follow the rest of the instructions, now, and hopefully come back w/ plenty of logs!

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 09:31:36 PM

Alllllright, here we go! I'm not sure if the Delldomains thing worked. My right-click is still disabled, so I clicked on "install" from the File menu. It didn't seem to do much. Is this what's supposed to happen? Also, I must've just zoned out because I didn't see your "Remove your versions of CWShredder and About:Buster and get the ones I posted" at the top of the page until just now, and used the old ones. Do I need to get the new ones, & run it again?  

Here are my logs:

Activescan:
 
Incident                      Status                        Location                                                                                                                                                                                                                                                        

Adware:adware/tvmedia         No disinfected                C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\tvmcwrd.dll                                                                                                                                                                                                    
Spyware:spyware/whazit        No disinfected                C:\WINDOWS\SYSTEM32\fiz1                                                                                                                                                                                                                                        
Adware:adware/navipromo       No disinfected                C:\WINDOWS\SYSTEM32\sdkdp32.exe                                                                                                                                                                                                                                
Adware:adware/portalscan      No disinfected                C:\WINDOWS\SYSTEM32\DRIVERS\csrss.exe                                                                                                                                                                                                                          
Adware:adware/ipinsight       No disinfected                C:\WINDOWS\INF\alchem.inf                                                                                                                                                                                                                                      
Adware:adware/spywad          No disinfected                C:\WINDOWS\popup.html                                                                                                                                                                                                                                          
Adware:adware/sidesearch      No disinfected                C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\Lycos                                                                                                                                                                                                          
Adware:adware/ncase           No disinfected                C:\WINDOWS\SYSTEM32\FLEOK                                                                                                                                                                                                                                      
Adware:adware/wintools        No disinfected                Windows Registry                                                                                                                                                                                                                                                
Adware:Adware/KeenValue       No disinfected                C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq15D.tmp\remove.exe                                                                                                                                        
Adware:Adware/MyWay           No disinfected                C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq16D.tmp\mysearch.cab                                                                                                                                      
Adware:Adware/MyWay           No disinfected                C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq16D.tmp\mysearch.cab[mySetp.exe]                                                                                                                          
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-7bb6a5c5-1b79ee9b.zip[a.class]                                                                                                                                
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-7bb6a5c5-1b79ee9b.zip[Dummy.class]                                                                                                                            
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-7bb6a5c5-1b79ee9b.zip[VerifierBug.class]                                                                                                                      
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-2a79b1dc-4864bd19.zip[Dummy.class]                                                                                                                      
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4e66bbdf-62b618be.zip[Dummy.class]                                                                                                                      
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6a66635c-7d6532a4.zip[Dummy.class]                                                                                                                      
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7106e536-674b7a91.zip[Dummy.class]                                                                                                                      
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader.jar-771ffd62-53cc9b3e.zip[Dummy.class]                                                                                                                        
Virus:Trj/Dropper.DV          Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0044868.exe                                                                                                                                                                
Virus:Trj/Pidspro.A           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0044869.dll                                                                                                                                                                
Virus:Trj/Dropper.DV          Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0045867.exe                                                                                                                                                                
Virus:Trj/Pidspro.A           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0045868.dll                                                                                                                                                                
Virus:Trj/Dropper.DV          Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0046867.exe                                                                                                                                                                
Virus:Trj/Pidspro.A           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0046868.dll                                                                                                                                                                
Virus:Trj/Dropper.DV          Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0046884.exe                                                                                                                                                                
Virus:Trj/Pidspro.A           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0046885.dll                                                                                                                                                                
Virus:Trj/Horst.D             Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0046916.exe                                                                                                                                                                
Virus:Trj/Pidspro.A           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0047261.dll                                                                                                                                                                
Virus:Trj/Pidspro.A           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0048261.dll                                                                                                                                                                
Virus:Trj/Pidspro.A           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0048312.dll                                                                                                                                                                
Virus:Trj/Pidspro.A           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP313\A0048380.dll                                                                                                                                                                  
Virus:Trj/Pidspro.A           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP313\A0048425.dll                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049060.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049061.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049062.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049063.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049064.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049065.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049066.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049067.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049069.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049070.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049072.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049073.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049074.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049075.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049076.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049077.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049078.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049080.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049081.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049085.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049086.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049087.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049088.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049089.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049090.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049091.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049094.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049095.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049096.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049098.exe                                                                                                                                                                  
Adware:Adware/SearchAid       No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049099.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049100.exe                                                                                                                                                                  
Adware:Adware/SearchAid       No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049101.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049102.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049103.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049104.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049105.exe                                                                                                                                                                  
Adware:Adware/SaveNow         No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049106.dll                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049107.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049111.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049112.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049113.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049114.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049115.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049116.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049118.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049119.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049120.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049121.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049122.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049123.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049124.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049125.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049126.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049127.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049128.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049130.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049131.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049132.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049133.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049134.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049135.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049136.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049138.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049139.exe                                                                                                                                                                  
Adware:Adware/SearchAid       No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049140.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049141.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049143.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049144.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049145.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049146.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049147.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049148.exe                                                                                                                                                                  
Adware:Adware/SearchAid       No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049150.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049151.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049154.exe                                                                                                                                                                  
Adware:Adware/SearchAid       No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049156.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049157.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049158.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049159.exe                                                                                                                                                                  
Adware:Adware/SearchAid       No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049160.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049161.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049162.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049163.exe                                                                                                                                                                  
Adware:Adware/SaveNow         No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049164.dll                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049165.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049166.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049167.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049168.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049169.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049179.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049180.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049181.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049183.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049184.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049185.exe                                                                                                                                                                  
Adware:Adware/SearchAid       No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049186.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049187.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049189.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049190.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049193.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049194.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049195.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049196.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049197.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049198.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049199.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049200.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049201.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049202.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049203.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049204.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049205.exe                                                                                                                                                                  
Adware:Adware/SearchAid       No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049206.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049207.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049209.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049211.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049212.exe                                                                                                                                                                  
Adware:Adware/SearchAid       No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049213.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049214.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049215.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049216.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049217.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049218.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049219.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049220.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049223.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049224.exe                                                                                                                                                                  
Adware:Adware/SearchAid       No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049225.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049226.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049227.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049228.exe                                                                                                                                                                  
Adware:Adware/SearchAid       No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049229.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049230.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049233.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049234.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049235.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049236.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049238.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049239.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049240.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049241.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049243.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049244.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049245.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049246.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049247.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049249.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049250.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049251.exe                                                                                                                                                                  
Adware:Adware/eZula           No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049252.exe                                                                                                                                                                  
Adware:Adware/SearchAid       No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049253.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049254.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049255.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY

Title: More win32 problems
Post by: guestolo on September 05, 2005, 09:34:45 PM

Yup, you need the newer version of CWShredder and AboutBuster

Please reboot back into safe mode and run those 2 updated versions again

Do what you can and post back all required log

P.S. The updated AboutBuster was an important step

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 09:35:01 PM

I'm not sure that worked, so let me post the Panda log again:



Incident                      Status                        Location                                                                                                                                                                                                                                                        

Adware:adware/tvmedia         No disinfected                C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\tvmcwrd.dll                                                                                                                                                                                                    
Spyware:spyware/whazit        No disinfected                C:\WINDOWS\SYSTEM32\fiz1                                                                                                                                                                                                                                        
Adware:adware/navipromo       No disinfected                C:\WINDOWS\SYSTEM32\sdkdp32.exe                                                                                                                                                                                                                                
Adware:adware/portalscan      No disinfected                C:\WINDOWS\SYSTEM32\DRIVERS\csrss.exe                                                                                                                                                                                                                          
Adware:adware/ipinsight       No disinfected                C:\WINDOWS\INF\alchem.inf                                                                                                                                                                                                                                      
Adware:adware/spywad          No disinfected                C:\WINDOWS\popup.html                                                                                                                                                                                                                                          
Adware:adware/sidesearch      No disinfected                C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\Lycos                                                                                                                                                                                                          
Adware:adware/ncase           No disinfected                C:\WINDOWS\SYSTEM32\FLEOK                                                                                                                                                                                                                                      
Adware:adware/wintools        No disinfected                Windows Registry                                                                                                                                                                                                                                                
Adware:Adware/KeenValue       No disinfected                C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq15D.tmp\remove.exe                                                                                                                                        
Adware:Adware/MyWay           No disinfected                C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq16D.tmp\mysearch.cab                                                                                                                                      
Adware:Adware/MyWay           No disinfected                C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq16D.tmp\mysearch.cab[mySetp.exe]                                                                                                                          
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-7bb6a5c5-1b79ee9b.zip[a.class]                                                                                                                                
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-7bb6a5c5-1b79ee9b.zip[Dummy.class]                                                                                                                            
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-7bb6a5c5-1b79ee9b.zip[VerifierBug.class]                                                                                                                      
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-2a79b1dc-4864bd19.zip[Dummy.class]                                                                                                                      
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4e66bbdf-62b618be.zip[Dummy.class]                                                                                                                      
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6a66635c-7d6532a4.zip[Dummy.class]                                                                                                                      
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7106e536-674b7a91.zip[Dummy.class]                                                                                                                      
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader.jar-771ffd62-53cc9b3e.zip[Dummy.class]                                                                                                                        
Virus:Trj/Dropper.DV          Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0044868.exe                                                                                                                                                                
Virus:Trj/Pidspro.A           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0044869.dll                                                                                                                                                                
Virus:Trj/Dropper.DV          Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0045867.exe                                                                                                                                                                
Virus:Trj/Pidspro.A           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0045868.dll                                                                                                                                                                
Virus:Trj/Dropper.DV          Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0046867.exe                                                                                                                                                                
Virus:Trj/Pidspro.A           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0046868.dll                                                                                                                                                                
Virus:Trj/Dropper.DV          Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0046884.exe                                                                                                                                                                
Virus:Trj/Pidspro.A           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0046885.dll                                                                                                                                                                
Virus:Trj/Horst.D             Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0046916.exe                                                                                                                                                                
Virus:Trj/Pidspro.A           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0047261.dll                                                                                                                                                                
Virus:Trj/Pidspro.A           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0048261.dll                                                                                                                                                                
Virus:Trj/Pidspro.A           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0048312.dll                                                                                                                                                                
Virus:Trj/Pidspro.A           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP313\A0048380.dll                                                                                                                                                                  
Virus:Trj/Pidspro.A           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP313\A0048425.dll                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049060.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049061.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049062.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049063.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049064.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049065.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049066.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049067.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049069.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049070.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049072.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049073.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049074.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049075.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049076.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049077.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049078.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049080.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049081.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049085.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049086.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049087.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049088.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049089.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049090.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049091.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049094.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049095.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049096.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049098.exe                                                                                                                                                                  
Adware:Adware/SearchAid       No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049099.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049100.exe                                                                                                                                                                  
Adware:Adware/SearchAid       No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049101.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049102.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049103.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049104.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049105.exe                                                                                                                                                                  
Adware:Adware/SaveNow         No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049106.dll                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049107.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049111.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049112.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049113.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049114.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049115.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049116.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049118.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049119.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049120.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049121.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049122.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049123.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049124.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049125.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049126.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049127.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049128.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049130.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049131.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049132.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049133.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049134.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049135.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049136.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049138.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049139.exe                                                                                                                                                                  
Adware:Adware/SearchAid       No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049140.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049141.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049143.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049144.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049145.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049146.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049147.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049148.exe                                                                                                                                                                  
Adware:Adware/SearchAid       No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049150.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049151.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049154.exe                                                                                                                                                                  
Adware:Adware/SearchAid       No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049156.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049157.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049158.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049159.exe                                                                                                                                                                  
Adware:Adware/SearchAid       No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049160.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049161.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049162.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049163.exe                                                                                                                                                                  
Adware:Adware/SaveNow         No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049164.dll                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049165.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049166.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049167.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049168.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049169.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049179.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049180.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049181.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049183.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049184.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049185.exe                                                                                                                                                                  
Adware:Adware/SearchAid       No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049186.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049187.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049189.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049190.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049193.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049194.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049195.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049196.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049197.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049198.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049199.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049200.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049201.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049202.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049203.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049204.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049205.exe                                                                                                                                                                  
Adware:Adware/SearchAid       No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049206.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049207.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049209.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049211.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049212.exe                                                                                                                                                                  
Adware:Adware/SearchAid       No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049213.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049214.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049215.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049216.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049217.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049218.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049219.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049220.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049223.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049224.exe                                                                                                                                                                  
Adware:Adware/SearchAid       No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049225.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049226.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049227.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049228.exe                                                                                                                                                                  
Adware:Adware/SearchAid       No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049229.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049230.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049233.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049234.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049235.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049236.exe                                                                                                                                                                  
Virus:Trj/Agent.ALD           Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049238.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049239.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049240.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049241.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049243.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049244.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049245.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049246.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049247.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049249.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049250.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049251.exe                                                                                                                                                                  
Adware:Adware/eZula           No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049252.exe                                                                                                                                                                  
Adware:Adware/SearchAid       No disinfected                C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049253.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049254.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049255.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049256.exe                                                                                                                                                                  
Virus:Trj/Downloader.EIY      Disinfected                   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049257.exe

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 09:36:20 PM

Rats. So do I need to do the whole thing again, or just run the 2 programs?

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 09:37:03 PM

Ok. Will do.

Title: More win32 problems
Post by: guestolo on September 05, 2005, 09:38:28 PM

Can you do me a favor please

In the Panda log, can you remove any references of bad files in your System Volume Information folders
They look like this as an example

Virus:Trj/Downloader.EIY Disinfected C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049064.exe

But post back the Panda report with everything else included, or was that the WHOLE report?

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 09:50:27 PM

Here is the Panda log w/o the sys volume info. Now I am going to run Shredder & About Buster in safe mode. I'll be back in a bit.


Status                        Location                                                                                                                                                                                                                                                        

Adware:adware/tvmedia         No disinfected                C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\tvmcwrd.dll                                                                                                                                                                                                    
Spyware:spyware/whazit        No disinfected                C:\WINDOWS\SYSTEM32\fiz1                                                                                                                                                                                                                                        
Adware:adware/navipromo       No disinfected                C:\WINDOWS\SYSTEM32\sdkdp32.exe                                                                                                                                                                                                                                
Adware:adware/portalscan      No disinfected                C:\WINDOWS\SYSTEM32\DRIVERS\csrss.exe                                                                                                                                                                                                                          
Adware:adware/ipinsight       No disinfected                C:\WINDOWS\INF\alchem.inf                                                                                                                                                                                                                                      
Adware:adware/spywad          No disinfected                C:\WINDOWS\popup.html                                                                                                                                                                                                                                          
Adware:adware/sidesearch      No disinfected                C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\Lycos                                                                                                                                                                                                          
Adware:adware/ncase           No disinfected                C:\WINDOWS\SYSTEM32\FLEOK                                                                                                                                                                                                                                      
Adware:adware/wintools        No disinfected                Windows Registry                                                                                                                                                                                                                                                
Adware:Adware/KeenValue       No disinfected                C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq15D.tmp\remove.exe                                                                                                                                        
Adware:Adware/MyWay           No disinfected                C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq16D.tmp\mysearch.cab                                                                                                                                      
Adware:Adware/MyWay           No disinfected                C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq16D.tmp\mysearch.cab[mySetp.exe]                                                                                                                          
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-7bb6a5c5-1b79ee9b.zip[a.class]                                                                                                                                
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-7bb6a5c5-1b79ee9b.zip[Dummy.class]                                                                                                                            
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\a.jar-7bb6a5c5-1b79ee9b.zip[VerifierBug.class]                                                                                                                      
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-2a79b1dc-4864bd19.zip[Dummy.class]                                                                                                                      
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4e66bbdf-62b618be.zip[Dummy.class]                                                                                                                      
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-6a66635c-7d6532a4.zip[Dummy.class]                                                                                                                      
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7106e536-674b7a91.zip[Dummy.class]                                                                                                                      
Virus:Exploit/ByteVerify      Disinfected                   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loader.jar-771ffd62-53cc9b3e.zip[Dummy.class]                                                                                                                        
Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP315\A0049168.exe                                                                                                                                                                  
                                                                                                                                       
Spyware:Spyware/Slimield      No disinfected                C:\WINDOWS\Abi.html                                                                                                                                                                                                                                            
Spyware:Spyware/Slimield      No disinfected                C:\WINDOWS\Amu.html                                                                                                                                                                                                                                            
Spyware:Spyware/Slimield      No disinfected                C:\WINDOWS\Bft.html                                                                                                                                                                                                                                            
Spyware:Spyware/Slimield      No disinfected                C:\WINDOWS\Dsg.html                                                                                                                                                                                                                                            
Spyware:Spyware/Slimield      No disinfected                C:\WINDOWS\Fbc.html                                                                                                                                                                                                                                            
Adware:Adware/IPInsight       No disinfected                C:\WINDOWS\inf\alchem.inf                                                                                                                                                                                                                                      
Spyware:Spyware/Slimield      No disinfected                C:\WINDOWS\Kkt.html                                                                                                                                                                                                                                            
Spyware:Spyware/Slimield      No disinfected                C:\WINDOWS\Laa.html                                                                                                                                                                                                                                            
Spyware:Spyware/Slimield      No disinfected                C:\WINDOWS\Mmm.html                                                                                                                                                                                                                                            
Spyware:Spyware/Slimield      No disinfected                C:\WINDOWS\Nng.html                                                                                                                                                                                                                                            
Spyware:Spyware/Slimield      No disinfected                C:\WINDOWS\popup.html                                                                                                                                                                                                                                          
Spyware:Spyware/Slimield      No disinfected                C:\WINDOWS\Rod.html                                                                                                                                                                                                                                            
Virus:Trj/Horst.D             Disinfected                   C:\WINDOWS\services\aeglbaopdibq.exe                                                                                                                                                                                                                            
Virus:Trj/Horst.D             Disinfected                   C:\WINDOWS\services\bjicnldhdnbn.exe                                                                                                                                                                                                                            
Virus:Trj/Horst.D             Disinfected                   C:\WINDOWS\services\bnfgcldgpcme.exe                                                                                                                                                                                                                            
Virus:Trj/Horst.D             Disinfected                   C:\WINDOWS\services\ciknhlklinjp.exe                                                                                                                                                                                                                            
Virus:Trj/Horst.D             Disinfected                   C:\WINDOWS\services\daiaqdpaojnj.exe                                                                                                                                                                                                                            
Virus:Trj/Horst.D             Disinfected                   C:\WINDOWS\services\eaelgqiigamd.exe                                                                                                                                                                                                                            
Virus:Trj/Horst.D             Disinfected                   C:\WINDOWS\services\ejblejooeifi.exe                                                                                                                                                                                                                            
Virus:Trj/Horst.D             Disinfected                   C:\WINDOWS\services\gfnogidnocgh.exe                                                                                                                                                                                                                            
Virus:Trj/Horst.D             Disinfected                   C:\WINDOWS\services\ifpcqflglkdo.exe                                                                                                                                                                                                                            
Virus:Trj/Horst.D             Disinfected                   C:\WINDOWS\services\ijhggeffnkbe.exe                                                                                                                                                                                                                            
Virus:Trj/Horst.D             Disinfected                   C:\WINDOWS\services\inkffokdphle.exe                                                                                                                                                                                                                            
Virus:Trj/Horst.D             Disinfected                   C:\WINDOWS\services\kacoaifepdcj.exe                                                                                                                                                                                                                            
Virus:Trj/Horst.D             Disinfected                   C:\WINDOWS\services\kanhmcqkknok.exe                                                                                                                                                                                                                            
Virus:Trj/Horst.D             Disinfected                   C:\WINDOWS\services\lfalicfdkmpd.exe                                                                                                                                                                                                                            
Virus:Trj/Horst.D             Disinfected                   C:\WINDOWS\services\lfohbpoiehqq.exe                                                                                                                                                                                                                            
Virus:Trj/Horst.D             Disinfected                   C:\WINDOWS\services\lhcpkfmcgjka.exe                                                                                                                                                                                                                            
Virus:Trj/Horst.D             Disinfected                   C:\WINDOWS\services\mlfpplgqiodp.exe                                                                                                                                                                                                                            
Virus:Trj/Horst.D             Disinfected                   C:\WINDOWS\services\ojjnpofbmkho.exe                                                                                                                                                                                                                            
Virus:Trj/Horst.D             Disinfected                   C:\WINDOWS\services\ondbappdcqmg.exe                                                                                                                                                                                                                            
Virus:Trj/Horst.D             Disinfected                   C:\WINDOWS\services\svchost.exe                                                                                                                                                                                                                                
Possible Virus.               No disinfected                C:\WINDOWS\services.exe                                                                                                                                                                                                                                        
Possible Virus.               No disinfected                C:\WINDOWS\system32\drivers\csrss.exe                                                                                                                                                                                                                          
Possible Virus.               No disinfected                C:\WINDOWS\system32\inetsrv\services.exe                                                                                                                                                                                                                        
Spyware:Spyware/Omi           No disinfected                C:\WINDOWS\system32\msfdje.gif                                                                                                                                                                                                                                  
Virus:Trj/Pidspro.A           Disinfected                   C:\WINDOWS\system32\ntmain.dll                                                                                                                                                                                                                                  
Virus:Trj/Dropper.DV          Disinfected                   C:\WINDOWS\system32\open32_uninstall.exe                                                                                                                                                                                                                        
Possible Virus.               No disinfected                C:\WINDOWS\system32\pifn.dll                                                                                                                                                                                                                                    
Possible Virus.               No disinfected                C:\WINDOWS\system32\wbem\svchost.exe                                                                                                                                                                                                                            
Spyware:Spyware/Slimield      No disinfected                C:\WINDOWS\Tip.html

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 09:54:07 PM

How do I uninstall About:Buster & CWShredder? I can't seem to find an uninstall for them either in the control panel or in the programs.

Title: More win32 problems
Post by: guestolo on September 05, 2005, 09:58:53 PM

Both old versions of CWShredder and About Buster can be manually deleted
If you find it difficult to delete right now, don't worry about it
Just carry on
But use the newer versions of each

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 10:16:44 PM

Okay! Thanks!

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 10:45:46 PM

My Ewidos log is REALLY long. How should I paste it in?

Here is my About:Buster Log:


AboutBuster 5.0 reference file 31
Scan started on [9/5/2005] at [10:21:58 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\A5W.INI:oxglnn
Removed Stream! C:\WINDOWS\A5W.INI:preodj
Removed Stream! C:\WINDOWS\abamo.log:risjjc
Removed Stream! C:\WINDOWS\amkrd.log:rqzkji
Removed Stream! C:\WINDOWS\arwal.dat:wwnyld
Removed Stream! C:\WINDOWS\aurl.dat:gwuaak
Removed Stream! C:\WINDOWS\aurl.dat:liesav
Removed Stream! C:\WINDOWS\bbckl.txt:jibzum
Removed Stream! C:\WINDOWS\bjwrm.log:lgniou
Removed Stream! C:\WINDOWS\bjwrm.log:umnejb
Removed Stream! C:\WINDOWS\Blue Lace 16.bmp:qaqzow
Removed Stream! C:\WINDOWS\bootstat.dat:nshoeq
Removed Stream! C:\WINDOWS\bqvop.log:mnfrdl
Removed Stream! C:\WINDOWS\brpgf.txt:fsauga
Removed Stream! C:\WINDOWS\btojm.txt:ecckrj
Removed Stream! C:\WINDOWS\cgjag.txt:lxlzlb
Removed Stream! C:\WINDOWS\clock.avi:fbbrhd
Removed Stream! C:\WINDOWS\Coffee Bean.bmp:stmgcl
Removed Stream! C:\WINDOWS\comsetup.log:ztuive
Removed Stream! C:\WINDOWS\control.ini:kufteo
Removed Stream! C:\WINDOWS\cswwe.dat:batldo
Removed Stream! C:\WINDOWS\ctybv.txt:dmqyyy
Removed Stream! C:\WINDOWS\dahotfix.log:bfgoyj
Removed Stream! C:\WINDOWS\dellstat.ini:pleklb
Removed Stream! C:\WINDOWS\desktop.ini:tbdyxq
Removed Stream! C:\WINDOWS\DHCPUPG.LOG:szexqi
Removed Stream! C:\WINDOWS\DHCPUPG.LOG:ufztst
Removed Stream! C:\WINDOWS\DirectX.log:uwgytl
Removed Stream! C:\WINDOWS\DjVuDoc.ico:hlxqnl
Removed Stream! C:\WINDOWS\DjVuDoc.ico:mcweza
Removed Stream! C:\WINDOWS\dlmxz.txt:qoxwwt
Removed Stream! C:\WINDOWS\dlzpq.log:kawcks
Removed Stream! C:\WINDOWS\dmwwz.dat:apankh
Removed Stream! C:\WINDOWS\dokml.log:euojtl
Removed Stream! C:\WINDOWS\dphja.log:ewanht
Removed Stream! C:\WINDOWS\dphja.log:flyrvt
Removed Stream! C:\WINDOWS\DPINST.LOG:hwlzft
Removed Stream! C:\WINDOWS\DPINST.LOG:ydiqaz
Removed Stream! C:\WINDOWS\DtcInstall.log:bpahtg
Removed Stream! C:\WINDOWS\ehjjp.log:koexlk
Removed Stream! C:\WINDOWS\ehjjp.log:sqosbg
Removed Stream! C:\WINDOWS\emepi.dat:irwlxq
Removed Stream! C:\WINDOWS\eqdsr.txt:uqiihx
Removed Stream! C:\WINDOWS\eReg.dat:pmgwfg
Removed Stream! C:\WINDOWS\EReg072.dat:khqcck
Removed Stream! C:\WINDOWS\EReg072.dat:rgwuaq
Removed Stream! C:\WINDOWS\explorer.scf:kpzgbd
Removed Stream! C:\WINDOWS\exzpx.dat:knyvqf
Removed Stream! C:\WINDOWS\FeatherTexture.bmp:dnialq
Removed Stream! C:\WINDOWS\friwu.log:vvfruh
Removed Stream! C:\WINDOWS\fsmal.txt:mvznfn
Removed Stream! C:\WINDOWS\fsmal.txt:tpokai
Removed Stream! C:\WINDOWS\fwoxj.dat:nwpxwr
Removed Stream! C:\WINDOWS\fwshu.dat:nwpxwr
Removed Stream! C:\WINDOWS\gaevg.txt:wklxrz
Removed Stream! C:\WINDOWS\ggeju.txt:gxikqc
Removed Stream! C:\WINDOWS\gkefn.dat:svoomm
Removed Stream! C:\WINDOWS\gqkoo.log:fvrthp
Removed Stream! C:\WINDOWS\Greenstone.bmp:kvybow
Removed Stream! C:\WINDOWS\hamfj.log:mapryz
Removed Stream! C:\WINDOWS\hdaqz.log:bkzvxn
Removed Stream! C:\WINDOWS\HPHins01.dat:tljjry
Removed Stream! C:\WINDOWS\hphmdl01.dat:qgxmec
Removed Stream! C:\WINDOWS\hphmdl01.dat:yxgpxi
Removed Stream! C:\WINDOWS\hqtqa.txt:jzqsym
Removed Stream! C:\WINDOWS\idcub.dat:iyzcrt
Removed Stream! C:\WINDOWS\iis6.log:baafso
Removed Stream! C:\WINDOWS\iis6.log:bzritd
Removed Stream! C:\WINDOWS\ilhsd.log:qpyiub
Removed Stream! C:\WINDOWS\imsins.log:mgvxtq
Removed Stream! C:\WINDOWS\iobon.txt:iqjnod
Removed Stream! C:\WINDOWS\ixlgm.txt:uubwjr
Removed Stream! C:\WINDOWS\jbgws.dat:mvlbdt
Removed Stream! C:\WINDOWS\jdibe.log:xwdvxp
Removed Stream! C:\WINDOWS\jdnmb.log:adqifa
Removed Stream! C:\WINDOWS\jdnmb.log:qkzrkm
Removed Stream! C:\WINDOWS\jdwjm.txt:cfjitq
Removed Stream! C:\WINDOWS\jjots.txt:avfqah
Removed Stream! C:\WINDOWS\jptwv.log:vfrxeq
Removed Stream! C:\WINDOWS\KB821557.log:fhocvt
Removed Stream! C:\WINDOWS\KB821557.log:ilswfx
Removed Stream! C:\WINDOWS\KB823182.log:qofdzi
Removed Stream! C:\WINDOWS\KB823559.log:hjbbud
Removed Stream! C:\WINDOWS\KB824105.log:lwqbxu
Removed Stream! C:\WINDOWS\KB824141.log:lkmfqq
Removed Stream! C:\WINDOWS\KB824146.log:lwtacn
Removed Stream! C:\WINDOWS\KB828035.log:edjmnk
Removed Stream! C:\WINDOWS\KB828741.log:qstsyx
Removed Stream! C:\WINDOWS\KB835732.log:dmtvto
Removed Stream! C:\WINDOWS\KB839643-DirectX9Uninst.log:gmivpn
Removed Stream! C:\WINDOWS\KB840374.log:aiikdq
Removed Stream! C:\WINDOWS\KB840374.log:auylpp
Removed Stream! C:\WINDOWS\kkrsw.dat:pprnzh
Removed Stream! C:\WINDOWS\kxqym.txt:pqaafr
Removed Stream! C:\WINDOWS\kxvxe.txt:idlbmm
Removed Stream! C:\WINDOWS\kxvxe.txt:lkldzd
Removed Stream! C:\WINDOWS\kxvxe.txt:twsfov
Removed Stream! C:\WINDOWS\log.bak.txt:xhokjz
Removed Stream! C:\WINDOWS\log.bak.txt:zjnhtl
Removed Stream! C:\WINDOWS\log0.txt:teouiz
Removed Stream! C:\WINDOWS\log0.txt:uulfmz
Removed Stream! C:\WINDOWS\log0.txt:viyico
Removed Stream! C:\WINDOWS\log1.txt:cmzvfg
Removed Stream! C:\WINDOWS\log2.txt:cehkjt
Removed Stream! C:\WINDOWS\log3.txt:jylibv
Removed Stream! C:\WINDOWS\log4.txt:oxqojm
Removed Stream! C:\WINDOWS\LUINSTALL.LOG:angedk
Removed Stream! C:\WINDOWS\marker_2.bin:iarvfm
Removed Stream! C:\WINDOWS\marker_2.bin:jlrzpy
Removed Stream! C:\WINDOWS\mcrtu.txt:gxjtdo
Removed Stream! C:\WINDOWS\mhrxy.log:hqbfdq
Removed Stream! C:\WINDOWS\msdfmap.ini:gwfmyd
Removed Stream! C:\WINDOWS\msgsocm.log:ziivwv
Removed Stream! C:\WINDOWS\msoffice.ini:kjkifs
Removed Stream! C:\WINDOWS\mtgzn.dat:awlxsb
Removed Stream! C:\WINDOWS\mtgzn.dat:cvabfz
Removed Stream! C:\WINDOWS\mwhyc.txt:hwtsqy
Removed Stream! C:\WINDOWS\mWinXp.txt:bqdqeb
Removed Stream! C:\WINDOWS\mWinXp.txt:pegkya
Removed Stream! C:\WINDOWS\mWinXpD.txt:ntdoqz
Removed Stream! C:\WINDOWS\mWinXpD2.txt:ovaieg
Removed Stream! C:\WINDOWS\mwokv.txt:nodmbu
Removed Stream! C:\WINDOWS\mxcog.dat:vgjwzr
Removed Stream! C:\WINDOWS\nero.INI:cwhhct
Removed Stream! C:\WINDOWS\netdet.ini:oarcem
Removed Stream! C:\WINDOWS\netdet.ini:xfdiok
Removed Stream! C:\WINDOWS\nfgiq.log:mkhbao
Removed Stream! C:\WINDOWS\nfgiq.log:swmmtq
Removed Stream! C:\WINDOWS\nfkqs.dat:jclinm
Removed Stream! C:\WINDOWS\nggtu.log:pymnno
Removed Stream! C:\WINDOWS\nikid.log:zcuubh
Removed Stream! C:\WINDOWS\Nng.html:iolbil
Removed Stream! C:\WINDOWS\nsreg.dat:hzfaqz
Removed Stream! C:\WINDOWS\nszxj.txt:idpeyv
Removed Stream! C:\WINDOWS\ntbtlog.txt:cvenpx
Removed Stream! C:\WINDOWS\ntdtcsetup.log:zkjpsw
Removed Stream! C:\WINDOWS\ntemq.txt:sqeklb
Removed Stream! C:\WINDOWS\nzrvf.dat:krafnh
Removed Stream! C:\WINDOWS\ocgen.log:lirlgk
Removed Stream! C:\WINDOWS\ocmsn.log:bwdntp
Removed Stream! C:\WINDOWS\ODBC.INI:gsqjsm
Removed Stream! C:\WINDOWS\ODBC.INI:oiurur
Removed Stream! C:\WINDOWS\ODBCINST.INI:djkqau
Removed Stream! C:\WINDOWS\odmiq.dat:moyhhx
Removed Stream! C:\WINDOWS\OEWABLog.txt:cayflz
Removed Stream! C:\WINDOWS\OEWABLog.txt:culmdp
Removed Stream! C:\WINDOWS\OEWABLog.txt:zxynag
Removed Stream! C:\WINDOWS\oewbn.txt:vjhyaq
Removed Stream! C:\WINDOWS\oewbn.txt:ytipvx
Removed Stream! C:\WINDOWS\opsvu.txt:ubqknk
Removed Stream! C:\WINDOWS\orun32.ini:gkadct
Removed Stream! C:\WINDOWS\orun32.ini:sqjsuq
Removed Stream! C:\WINDOWS\orun32.ini:zjxjqe
Removed Stream! C:\WINDOWS\orun32.isu:fmpywa
Removed Stream! C:\WINDOWS\oskns.log:ihcgoh
Removed Stream! C:\WINDOWS\ouiua.dat:cxzorf
Removed Stream! C:\WINDOWS\ovqlb.txt:lszwfs
Removed Stream! C:\WINDOWS\patch.log:gkzqss
Removed Stream! C:\WINDOWS\pdcjd.txt:wtcobf
Removed Stream! C:\WINDOWS\pfbur.log:ardbfm
Removed Stream! C:\WINDOWS\pfbur.log:ydrvuc
Removed Stream! C:\WINDOWS\pjtgf.txt:gxfyhl
Removed Stream! C:\WINDOWS\PlusDMESetup.log:gqmoem
Removed Stream! C:\WINDOWS\PlusDMESetup.log:ssnozw
Removed Stream! C:\WINDOWS\PlusDMESetup.log:zzspbt
Removed Stream! C:\WINDOWS\pnwvc.log:ehazre
Removed Stream! C:\WINDOWS\poqpf.dat:baulik
Removed Stream! C:\WINDOWS\poqpf.dat:zypdjw
Removed Stream! C:\WINDOWS\PowerReg.dat:zblngr
Removed Stream! C:\WINDOWS\Prairie Wind.bmp:btrgwm
Removed Stream! C:\WINDOWS\pvcwd.dat:fvohhd
Removed Stream! C:\WINDOWS\pvcwd.dat:rzijdg
Removed Stream! C:\WINDOWS\pwzpd.log:nzdbos
Removed Stream! C:\WINDOWS\Q323255.log:qxrolq
Removed Stream! C:\WINDOWS\Q323255.log:tafydu
Removed Stream! C:\WINDOWS\Q323255.log:tuklyx
Removed Stream! C:\WINDOWS\Q327979.log:effugc
Removed Stream! C:\WINDOWS\Q328310.log:gaogju
Removed Stream! C:\WINDOWS\Q329048.log:bxvlmn
Removed Stream! C:\WINDOWS\Q329048.log:dbicuw
Removed Stream! C:\WINDOWS\Q329048.log:jyktna
Removed Stream! C:\WINDOWS\Q329048.log:znacvu
Removed Stream! C:\WINDOWS\Q329112.log:kaviqo
Removed Stream! C:\WINDOWS\Q329115.log:yagllf
Removed Stream! C:\WINDOWS\Q329170.log:uyoqoy
Removed Stream! C:\WINDOWS\q329256.log:hgcadp
Removed Stream! C:\WINDOWS\Q329390.log:evmaew
Removed Stream! C:\WINDOWS\Q329834.log:mygwia
Removed Stream! C:\WINDOWS\Q329909.log:aoebki
Removed Stream! C:\WINDOWS\Q329909.log:jrwkde
Removed Stream! C:\WINDOWS\Q331958.log:uvgvje
Removed Stream! C:\WINDOWS\Q331958.log:zxnoqh
Removed Stream! C:\WINDOWS\Q810565.log:dfodwy
Removed Stream! C:\WINDOWS\Q810577.log:kppges
Removed Stream! C:\WINDOWS\Q811493.log:jbpprk
Removed Stream! C:\WINDOWS\Q811630.log:sprljf
Removed Stream! C:\WINDOWS\Q811630.log:zftojb
Removed Stream! C:\WINDOWS\Q811789.log:xuvtqr
Removed Stream! C:\WINDOWS\Q814033.log:bbzulm
Removed Stream! C:\WINDOWS\Q814995.log:kqkqdq
Removed Stream! C:\WINDOWS\Q814995.log:oyzwsk
Removed Stream! C:\WINDOWS\Q814995.log:qfodyo
Removed Stream! C:\WINDOWS\Q815021.log:cnvzaz
Removed Stream! C:\WINDOWS\Q815021Uninst.log:gybsjp
Removed Stream! C:\WINDOWS\Q815021Uninst.log:punylc
Removed Stream! C:\WINDOWS\Q815485.log:druvgs
Removed Stream! C:\WINDOWS\Q815485.log:wjfwyl
Removed Stream! C:\WINDOWS\Q817287.log:hcwkum
Removed Stream! C:\WINDOWS\Q817606.log:ivglne
Removed Stream! C:\WINDOWS\Q828026.log:qafvpl
Removed Stream! C:\WINDOWS\qdvmn.log:aorqho
Removed Stream! C:\WINDOWS\qeuei.dat:ramdgc
Removed Stream! C:\WINDOWS\qtxlh.dat:pycrnz
Removed Stream! C:\WINDOWS\QUICKEN.INI:cynehf
Removed Stream! C:\WINDOWS\QuickInstall.INI:fkaimw
Removed Stream! C:\WINDOWS\QuickInstall.INI:xrxydm
Removed Stream! C:\WINDOWS\qujju.dat:izvxpc
Removed Stream! C:\WINDOWS\qyuwr.log:dvbmfk
Removed Stream! C:\WINDOWS\rbqwa.txt:xlkogy
Removed Stream! C:\WINDOWS\REGLOCS.OLD:mbdqbk
Removed Stream! C:\WINDOWS\regopt.log:qgjkcp
Removed Stream! C:\WINDOWS\rfvzi.log:wdcfhg
Removed Stream! C:\WINDOWS\Rhododendron.bmp:bgcpwa
Removed Stream! C:\WINDOWS\Rhododendron.bmp:nrypez
Removed Stream! C:\WINDOWS\rjglm.log:bmchnk
Removed Stream! C:\WINDOWS\rjglm.log:qqfsnx
Removed Stream! C:\WINDOWS\rjygy.txt:ivamsx
Removed Stream! C:\WINDOWS\roait.dat:bwsrna
Removed Stream! C:\WINDOWS\rsrdk.dat:ajnjxv
Removed Stream! C:\WINDOWS\rsrdk.dat:peulbq
Removed Stream! C:\WINDOWS\ruagb.dat:gojeko
Removed Stream! C:\WINDOWS\Run32A50.mch:pfprwe
Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:fugyxb
Removed Stream! C:\WINDOWS\sb_affiliate.ini:bxkmgt
Removed Stream! C:\WINDOWS\SchedLgU.Txt:hefyeb
Removed Stream! C:\WINDOWS\Screen2.scr:lkycti
Removed Stream! C:\WINDOWS\Screen2.scr:xvydrl
Removed Stream! C:\WINDOWS\setupact.log:etpdic
Removed Stream! C:\WINDOWS\setupapi.log:peurxx
Removed Stream! C:\WINDOWS\setuperr.log:txbcoi
Removed Stream! C:\WINDOWS\setuplog.txt:rtznke
Removed Stream! C:\WINDOWS\slmll.log:wmjklh
Removed Stream! C:\WINDOWS\smscfg.ini:axnwaa
Removed Stream! C:\WINDOWS\Soap Bubbles.bmp:kbyjjj
Removed Stream! C:\WINDOWS\Spyware Begone Setup Log.txt:ofbqnj
Removed Stream! C:\WINDOWS\sqmfe.log:nkdary
Removed Stream! C:\WINDOWS\sxcvb.txt:pifniy
Removed Stream! C:\WINDOWS\sys32_app.dat:bcpxhz
Removed Stream! C:\WINDOWS\sys32_app.dat:oydgrv
Removed Stream! C:\WINDOWS\system.ini:bmlpxa
Removed Stream! C:\WINDOWS\system.ini:gnwsha
Removed Stream! C:\WINDOWS\tcfkh.log:cqyxwb
Removed Stream! C:\WINDOWS\teewo.txt:ajqyfl
Removed Stream! C:\WINDOWS\teony.dat:gzvttg
Removed Stream! C:\WINDOWS\tmdmi.txt:mrjqso
Removed Stream! C:\WINDOWS\tmsok.dat:idelul
Removed Stream! C:\WINDOWS\tsoc.log:sexrwv
Removed Stream! C:\WINDOWS\uencv.dat:twpthq
Removed Stream! C:\WINDOWS\ukksy.dat:zqecil
Removed Stream! C:\WINDOWS\ulhkp.log:qkembf
Removed Stream! C:\WINDOWS\unnns.dat:ewpoua
Removed Stream! C:\WINDOWS\UPGRADE.TXT:dvvmbf
Removed Stream! C:\WINDOWS\uypll.txt:aamlkk
Removed Stream! C:\WINDOWS\uypll.txt:owhtwk
Removed Stream! C:\WINDOWS\uysao.txt:vsaazi
Removed Stream! C:\WINDOWS\uzxrl.log:ovijcz
Removed Stream! C:\WINDOWS\vb.ini:sbwreu
Removed Stream! C:\WINDOWS\vbaddin.ini:khfvfe
Removed Stream! C:\WINDOWS\vcgsm.log:mifrbq
Removed Stream! C:\WINDOWS\vdjcf.txt:fhygjq
Removed Stream! C:\WINDOWS\viassary-hp.reg:thqnbs
Removed Stream! C:\WINDOWS\vmuninst.log:tcguwo
Removed Stream! C:\WINDOWS\vmuninst.log:zptuqu
Removed Stream! C:\WINDOWS\wbgxy.txt:sqdzse
Removed Stream! C:\WINDOWS\wiaservc.log:jyesty
Removed Stream! C:\WINDOWS\Windows Update.log:viaybd
Removed Stream! C:\WINDOWS\WindowsUpdate.log:hvrfqo
Removed Stream! C:\WINDOWS\WindowsUpdate.log:xvxhsd
Removed Stream! C:\WINDOWS\wininit.ini:sakdsk
Removed Stream! C:\WINDOWS\winnt.bmp:aglnlx
Removed Stream! C:\WINDOWS\winnt256.bmp:eqthyn
Removed Stream! C:\WINDOWS\WINNT32.LOG:jzcdop
Removed Stream! C:\WINDOWS\WINNT32.LOG:yazmtr
Removed Stream! C:\WINDOWS\wjfwy.log:betouu
Removed Stream! C:\WINDOWS\wjfwy.log:npqvkc
Removed Stream! C:\WINDOWS\wmsetup.log:ylufcm
Removed Stream! C:\WINDOWS\wmsetup10.log:ixirpy
Removed Stream! C:\WINDOWS\wmsetup10.log:otmirp
Removed Stream! C:\WINDOWS\WMSysPrx.prx:qcidxh
Removed Stream! C:\WINDOWS\WMSysPrx.prx:qmfsew
Removed Stream! C:\WINDOWS\wnpod.dat:jckwqe
Removed Stream! C:\WINDOWS\wntlq.txt:dxppzw
Removed Stream! C:\WINDOWS\wntlq.txt:gufnts
Removed Stream! C:\WINDOWS\wsdu.log:aimuzn
Removed Stream! C:\WINDOWS\wsdu.log:wyautg
Removed Stream! C:\WINDOWS\wzklj.txt:oyszvj
Removed Stream! C:\WINDOWS\xkhgh.dat:zbjeft
Removed Stream! C:\WINDOWS\xpsp1hfm.log:oxdtyf
Removed Stream! C:\WINDOWS\yacs.log:obgnzj
Removed Stream! C:\WINDOWS\ybfii.log:jzpenm
Removed Stream! C:\WINDOWS\ybfii.log:lkpfva
Removed Stream! C:\WINDOWS\ybipy.dat:yypmva
Removed Stream! C:\WINDOWS\yebzn.txt:yylmrz
Removed Stream! C:\WINDOWS\ygxds.dat:gbzstt
Removed Stream! C:\WINDOWS\ygxds.dat:rzzrpc
Removed Stream! C:\WINDOWS\ynrdp.txt:vmlwmx
Removed Stream! C:\WINDOWS\zfqbr.log:nmekoh
Removed Stream! C:\WINDOWS\zigai.txt:hpuvxq
Removed Stream! C:\WINDOWS\zlipv.log:izydjs
Removed Stream! C:\WINDOWS\zurxv.dat:zifart
Removed Stream! C:\WINDOWS\_default.pif:atizhu
Removed Stream! C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:aetiuq
Removed Stream! C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:alqjgu
------------------------------------------------
Removed File! : C:\Windows\arskm.dat
Removed File! : C:\Windows\arwal.dat
Removed File! : C:\Windows\cldoh.dat
Removed File! : C:\Windows\cswwe.dat
Removed File! : C:\Windows\fdgrf.dat
Removed File! : C:\Windows\fwshu.dat
Removed File! : C:\Windows\fyjpq.dat
Removed File! : C:\Windows\gxikq.dat
Removed File! : C:\Windows\hezqs.dat
Removed File! : C:\Windows\igkqu.dat
Removed File! : C:\Windows\ksmfj.dat
Removed File! : C:\Windows\lkojo.dat
Removed File! : C:\Windows\mbdqb.dat
Removed File! : C:\Windows\mxcog.dat
Removed File! : C:\Windows\nnlaq.dat
Removed File! : C:\Windows\qovwl.dat
Removed File! : C:\Windows\qujju.dat
Removed File! : C:\Windows\rmymz.dat
Removed File! : C:\Windows\roait.dat
Removed File! : C:\Windows\ruagb.dat
Removed File! : C:\Windows\tmsok.dat
Removed File! : C:\Windows\ttsko.dat
Removed File! : C:\Windows\unnns.dat
Removed File! : C:\Windows\vazfb.dat
Removed File! : C:\Windows\vqomg.dat
Removed File! : C:\Windows\wbdbh.dat
Removed File! : C:\Windows\wnpod.dat
Removed File! : C:\Windows\xkhgh.dat
Removed File! : C:\Windows\ybipy.dat
Removed File! : C:\Windows\System32\asjbl.dat
Removed File! : C:\Windows\System32\bikbd.dat
Removed File! : C:\Windows\System32\bmkkh.dat
Removed File! : C:\Windows\System32\byrjo.dat
Removed File! : C:\Windows\System32\ceqme.dat
Removed File! : C:\Windows\System32\dbons.dat
Removed File! : C:\Windows\System32\ddjlz.dat
Removed File! : C:\Windows\System32\dimkl.dat
Removed File! : C:\Windows\System32\dkvgf.dat
Removed File! : C:\Windows\System32\dooqp.dat
Removed File! : C:\Windows\System32\eakwn.dat
Removed File! : C:\Windows\System32\eqast.dat
Removed File! : C:\Windows\System32\flmau.dat
Removed File! : C:\Windows\System32\hnjgb.dat
Removed File! : C:\Windows\System32\ilrmj.dat
Removed File! : C:\Windows\System32\iwyex.dat
Removed File! : C:\Windows\System32\jhhav.dat
Removed File! : C:\Windows\System32\jracz.dat
Removed File! : C:\Windows\System32\kkkjn.dat
Removed File! : C:\Windows\System32\kobfz.dat
Removed File! : C:\Windows\System32\ludkg.dat
Removed File! : C:\Windows\System32\lzdeb.dat
Removed File! : C:\Windows\System32\mabyc.dat
Removed File! : C:\Windows\System32\mrxia.dat
Removed File! : C:\Windows\System32\ovnxo.dat
Removed File! : C:\Windows\System32\pbtxi.dat
Removed File! : C:\Windows\System32\pwigz.dat
Removed File! : C:\Windows\System32\qumpy.dat
Removed File! : C:\Windows\System32\rnisx.dat
Removed File! : C:\Windows\System32\snclv.dat
Removed File! : C:\Windows\System32\tlhkf.dat
Removed File! : C:\Windows\System32\twpth.dat
Removed File! : C:\Windows\System32\txtnj.dat
Removed File! : C:\Windows\System32\vjitv.dat
Removed File! : C:\Windows\System32\vksxk.dat
Removed File! : C:\Windows\System32\wdkeb.dat
Removed File! : C:\Windows\System32\wlgng.dat
Removed File! : C:\Windows\System32\wyyss.dat
Removed File! : C:\Windows\System32\xdgut.dat
Removed File! : C:\Windows\System32\xovtf.dat
Removed File! : C:\Windows\System32\xswhd.dat
Removed File! : C:\Windows\System32\xuxbt.dat
Removed File! : C:\Windows\System32\ygtmu.dat
Removed File! : C:\Windows\System32\yzdzh.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 10:23:04 PM


AboutBuster 5.0 reference file 31
Scan started on [9/5/2005] at [10:23:33 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\aurl.dat:ovcvgi
Removed Stream! C:\WINDOWS\bbckl.txt:ohnfqf
Removed Stream! C:\WINDOWS\bjwrm.log:urxjkn
Removed Stream! C:\WINDOWS\bqvop.log:urbjbw
Removed Stream! C:\WINDOWS\bqvop.log:zwngcu
Removed Stream! C:\WINDOWS\clock.avi:xrmdsr
Removed Stream! C:\WINDOWS\dahotfix.log:cvvszb
Removed Stream! C:\WINDOWS\dmwwz.dat:ioibzv
Removed Stream! C:\WINDOWS\eReg.dat:ymiwxv
Removed Stream! C:\WINDOWS\ggeju.txt:pwrkin
Removed Stream! C:\WINDOWS\iis6.log:yogusq
Removed Stream! C:\WINDOWS\jdwjm.txt:woeofd
Removed Stream! C:\WINDOWS\KB821557.log:tvywcr
Removed Stream! C:\WINDOWS\KB824105.log:mkzhkz
Removed Stream! C:\WINDOWS\KB824141.log:qdxtsq
Removed Stream! C:\WINDOWS\KB824141.log:voxurc
Removed Stream! C:\WINDOWS\KB828035.log:iepznb
Removed Stream! C:\WINDOWS\KB828035.log:kljqrl
Removed Stream! C:\WINDOWS\KB835732.log:ennudu
Removed Stream! C:\WINDOWS\KB835732.log:huggvn
Removed Stream! C:\WINDOWS\KB835732.log:olpqnd
Removed Stream! C:\WINDOWS\KB839643-DirectX9Uninst.log:vmminy
Removed Stream! C:\WINDOWS\log2.txt:jqcwsw
Removed Stream! C:\WINDOWS\log3.txt:mvesgb
Removed Stream! C:\WINDOWS\log3.txt:njrner
Removed Stream! C:\WINDOWS\log4.txt:unsazi
Removed Stream! C:\WINDOWS\marker_2.bin:xbbhxo
Removed Stream! C:\WINDOWS\mhrxy.log:izbzjw
Removed Stream! C:\WINDOWS\mtgzn.dat:zwyrao
Removed Stream! C:\WINDOWS\mWinXp.txt:qbkwgb
Removed Stream! C:\WINDOWS\mWinXpD.txt:sxwknl
Removed Stream! C:\WINDOWS\nero.INI:heqpak
Removed Stream! C:\WINDOWS\netdet.ini:xtmmkd
Removed Stream! C:\WINDOWS\nsreg.dat:lxerna
Removed Stream! C:\WINDOWS\nsreg.dat:vdvtbf
Removed Stream! C:\WINDOWS\nszxj.txt:msjbth
Removed Stream! C:\WINDOWS\ntemq.txt:sriztf
Removed Stream! C:\WINDOWS\nzrvf.dat:osjkhx
Removed Stream! C:\WINDOWS\nzrvf.dat:ygxbhj
Removed Stream! C:\WINDOWS\ocgen.log:tngbfm
Removed Stream! C:\WINDOWS\ocmsn.log:dixtgg
Removed Stream! C:\WINDOWS\ocmsn.log:jzfarx
Removed Stream! C:\WINDOWS\ocmsn.log:olkzmr
Removed Stream! C:\WINDOWS\ODBC.INI:ovcrse
Removed Stream! C:\WINDOWS\orun32.isu:vqtjcc
Removed Stream! C:\WINDOWS\orun32.isu:wkuwdf
Removed Stream! C:\WINDOWS\patch.log:iqkvdk
Removed Stream! C:\WINDOWS\patch.log:krbxws
Removed Stream! C:\WINDOWS\patch.log:wcanre
Removed Stream! C:\WINDOWS\Prairie Wind.bmp:mvwuns
Removed Stream! C:\WINDOWS\Q327979.log:rcwsac
Removed Stream! C:\WINDOWS\Q328310.log:iyaasu
Removed Stream! C:\WINDOWS\Q329112.log:mvtvcu
Removed Stream! C:\WINDOWS\q329256.log:rydfbc
Removed Stream! C:\WINDOWS\Q329390.log:hnmnhx
Removed Stream! C:\WINDOWS\Q329390.log:qbzzfp
Removed Stream! C:\WINDOWS\Q811493.log:nwzadg
Removed Stream! C:\WINDOWS\Q811493.log:rygutr
Removed Stream! C:\WINDOWS\Q814033.log:fxrffq
Removed Stream! C:\WINDOWS\Q814995.log:rgetdl
Removed Stream! C:\WINDOWS\Q815021.log:qtauuf
Removed Stream! C:\WINDOWS\Q815485.log:xaninj
Removed Stream! C:\WINDOWS\Q817287.log:uooncj
Removed Stream! C:\WINDOWS\Q817606.log:jhwyfw
Removed Stream! C:\WINDOWS\Q817606.log:yztyea
Removed Stream! C:\WINDOWS\QUICKEN.INI:lcyvlt
Removed Stream! C:\WINDOWS\REGLOCS.OLD:qkzwrx
Removed Stream! C:\WINDOWS\REGLOCS.OLD:uygjkp
Removed Stream! C:\WINDOWS\Rhododendron.bmp:tkcoye
Removed Stream! C:\WINDOWS\rsrdk.dat:xnwmut
Removed Stream! C:\WINDOWS\Run32A50.mch:tsekuh
Removed Stream! C:\WINDOWS\Santa Fe Stucco.bmp:wzeplh
Removed Stream! C:\WINDOWS\sb_affiliate.ini:fsjcgc
Removed Stream! C:\WINDOWS\SchedLgU.Txt:lswyos
Removed Stream! C:\WINDOWS\setupapi.log:qwrjlv
Removed Stream! C:\WINDOWS\smscfg.ini:myuhit
Removed Stream! C:\WINDOWS\Soap Bubbles.bmp:rsaxbf
Removed Stream! C:\WINDOWS\Soap Bubbles.bmp:vjsupv
Removed Stream! C:\WINDOWS\sqmfe.log:syfbuk
Removed Stream! C:\WINDOWS\sys32_app.dat:zobcir
Removed Stream! C:\WINDOWS\system.ini:iixski
Removed Stream! C:\WINDOWS\system.ini:ndzlnp
Removed Stream! C:\WINDOWS\ulhkp.log:xfyvsm
Removed Stream! C:\WINDOWS\UPGRADE.TXT:hpscll
Removed Stream! C:\WINDOWS\uzxrl.log:uhmmzf
Removed Stream! C:\WINDOWS\vdjcf.txt:hoaowk
Removed Stream! C:\WINDOWS\wiaservc.log:mhbsvd
Removed Stream! C:\WINDOWS\Windows Update.log:wcsapk
Removed Stream! C:\WINDOWS\Windows Update.log:zaryyz
Removed Stream! C:\WINDOWS\winnt.bmp:csaway
Removed Stream! C:\WINDOWS\winnt256.bmp:fkczib
Removed Stream! C:\WINDOWS\wmsetup10.log:xrdmsx
Removed Stream! C:\WINDOWS\xpsp1hfm.log:rywzlb
Removed Stream! C:\WINDOWS\xpsp1hfm.log:sccjzv
Removed Stream! C:\WINDOWS\xpsp1hfm.log:tjfaty
Removed Stream! C:\WINDOWS\xpsp1hfm.log:uafnkj
Removed Stream! C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:cahuww
Removed Stream! C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:cskqlk
Removed Stream! C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:ggpqnp
Removed Stream! C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:gsebqf
Removed Stream! C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:iojwba
Removed Stream! C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:jcidyy
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 10:23:59 PM

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 10:50:05 PM

And here is my HSlog:

Horseserver Removal Tool v1.05
      by Atri
-
-
1. Registry Fix Started
-
   Registry fix complete
-
2. Deleted Services
-
-
3. Finding files Located on system
-
tmp*.tmp
w32tm.exe
-
4. Deleting files that were found.
-
-
5. Checking for and Removing Winupdate
-
winupdate file found
-
WindowsUpdate

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 10:53:26 PM

Here's my Hijack This log. It looks like windows 32 is still around (grrrr!). But my desktop and browser seem to be MUCH better (except for my disabled right-click). Thank you soooo much, and please tell me what to do next!

Logfile of HijackThis v1.99.1
Scan saved at 10:50:08 PM, on 9/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cox\Applications\app\Prism.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1124573388\ee\AOLHostManager.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Common Files\AOL\1124573388\ee\AOLServiceHost.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AOL\1124573388\ee\AOLServiceHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Desktop\ARIEL\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ (http://\"http://google.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\AUserInit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - (no file)
O2 - BHO: Class - {BD9CF1BA-C149-7FD6-0BF4-CE2A97CF0E4F} - C:\WINDOWS\sdklz32.dll (file missing)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {64634180-B0EA-48B6-82B7-9620D33362C1} - (no file)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124573388\ee\AOLHostManager.exe
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Microsoft AntiSpyware helper - {D7811076-5F96-4C6C-B50E-1403311C1D3A} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D7811076-5F96-4C6C-B50E-1403311C1D3A} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D7811076-5F96-4C6C-B50E-1403311C1D3A} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D7811076-5F96-4C6C-B50E-1403311C1D3A} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/...flowActiveX.CAB (http://\"https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB\")
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Title: More win32 problems
Post by: guestolo on September 05, 2005, 10:55:47 PM

Can you add the Ewido report as an attachment
In your reply use the Browse button near the bottom
Navigate to the saved report and then right click on it and Select it
Then Add this Attachment button

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 11:23:12 PM

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         7:15:44 PM, 9/5/2005
 + Report-Checksum:      9F8940A6

 + Scan result:

   HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
   HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{04CB6006-AB79-1366-4EF1-BFF815B874EE} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{09312E20-8C50-C241-742B-35F21EDA9875} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{0ADD4D53-B7DD-20F8-2AC9-AB9CB538A46F} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{0B538AE6-8676-E13B-4CEC-E6A75F19F1EF} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{15E6172A-5F7D-3085-1E94-14DA8D1A4479} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{1F5650BA-2C95-0E8C-5C3F-D482646BF979} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{1FE935FF-DB66-AC76-99D8-18EC1F0F013C} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{29B25401-5964-022D-3AC2-C7207FEFF994} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{29CDA41A-A8EB-6A68-BBF5-2877418D55C7} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{2A6A2EFF-2FC6-683C-5911-BB1AC07E5964} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{3A1550DD-FD7B-8D6E-989A-49A66DF1433F} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{3EA8A165-1EE8-2BEF-A8D1-9CDBD760FC43} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{3F15B481-32E2-FE85-96FA-A8976289B4FD} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{434236E6-77E0-412c-B45B-7E78E7F41E59} -> Spyware.PurityScan : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{43F226F3-3EDD-1F6E-B1F9-426F80DAB07E} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{4E11A0FD-72A3-AEF3-D4E4-E168F75A238E} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{52343DBF-CF46-B3EA-81BB-8A3DCB6B9A64} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{5345A51F-E5D0-5A0D-1418-A1C95C417E3C} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{551764CC-ABCF-335C-76F6-62283B478A0F} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{5DA6CA48-7D98-BC0B-40EF-22AC6558668A} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{62B52B4D-547B-BFC7-9850-79709FDECF27} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{6327D790-4626-130D-8171-E0E6AB10B53B} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{6D793FE9-8675-897B-589B-5BCAB9D3CFEF} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{714C2287-DB2D-3514-4785-8EC21BA5C5F1} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{735DDAC7-F8F1-47DD-D87A-6AF0100B6A48} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{765369C1-D4E0-D6A4-69B4-6261D4E1319A} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{7658C68E-7ED4-8476-AC96-729091012307} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{78CA5367-0660-D7DE-5424-C4AD26542538} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{7A66D0FF-9707-2E41-A80D-7DE113BDAC8B} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{7A8EC00B-7964-C396-E2F8-621F6C9029FA} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{7DA446BF-5485-78F9-CC9A-2A02C93519E4} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{8324D4AA-9FD0-5334-D040-C3B82F9A8957} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{8669ABB2-7410-3460-F449-E119DCA24CC4} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{86B29A5F-CB91-3C3D-28A2-EDA38C1F28A8} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{877DBFE0-6233-B1C4-8252-A4475BCF6DD2} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{92854EC1-0623-4E3A-3993-F60435FEDF74} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{952AA538-C1D7-30E5-8DC6-1A12E2F736A2} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{9913F006-5621-D9B4-E3CB-064477E8D278} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{99B1E639-DCA2-2C21-013F-DEF4B5729CA9} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{9C060FC3-F4CE-894D-8EB7-FA3935CE5AA1} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{9D7705A4-9543-9869-8249-F62AC961BDA5} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{A678B034-1492-1AC1-FF9B-636BC85F5643} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{AEF3E64A-B4FC-FC2A-5EF9-4FC735F322D9} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{AF197E67-53B8-6C01-4733-3E7C25BA3A3B} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{B1169ABC-E367-2937-9F96-3B9CB54E0F31} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{B36D5282-D413-F545-CF79-A6CE970CFEBB} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{B4F697AE-7E58-DC0D-D012-24F83EAB9F25} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{B59A1E0B-4C94-AA3A-C37F-94C8BFC643E7} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{B7ABD257-6E0C-E7F0-26F5-0315127E44C2} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{C092CEA0-FB34-5E12-83ED-47942941DECC} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{C9368290-DE0B-80FF-0E2D-8933F6CA1A46} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{D1F6B196-AB9F-2B48-C708-0B7CEC5DA4F9} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{D6063F46-66EC-A24F-FC65-2CF52E8C6A80} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{DBC8BCC3-8C2E-707C-3D8D-72B88F17460E} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{DBE13E5D-7E11-2943-722B-C75B9A94EFED} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{DE2D7676-D3B6-1EDB-60CA-DA72D6F9B006} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{E5181BB3-B821-0D7B-D568-3766286D5460} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{E8A06DEA-6626-407D-5720-FE211C989AC1} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{EF24BEB1-9592-9F8F-4B29-99399FD2C231} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{EF4CB83E-BEF0-2DE3-F01E-55D0127FF3EA} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{F1B10CDC-1975-EC0C-C522-2571525E92CF} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{F3B884B1-3181-A180-8EA9-B6E06DF7844E} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{F802FEC2-BF51-3198-4339-747CCF253651} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{F99D5FC9-1F47-B6F5-F1D5-55AFEAD2853A} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{FC955BB2-DAA2-E394-1DD3-E8A207B823A6} -> Spyware.BetterInternet : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{FDEDD1BB-EE5D-1AF2-C50B-11681C5E2A93} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{18E6C36A-C45F-4B60-A1A4-5C0BB16D4CC2} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\TypeLib\{00A322E2-7D50-4DBA-BEA4-5C8078D47269} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} -> Spyware.TotalVelocity : Cleaned with backup
   HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc -> Spyware.WebSearch : Cleaned with backup
   HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc\Security -> Spyware.WebSearch : Cleaned with backup
   HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc\Enum -> Spyware.WebSearch : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-112DE11F7392717E1 -> TrojanDownloader.Agent.kf : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-112E236CDC526AB -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-11EB858FA40116F1A -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1481859F425257EB -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1481947A5E2A6328 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-148194AB1191461B4 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1481A15D750E25E8D -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1481A51081F235C44 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1481B668A5A963DDD -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1482B6DD887A10E3 -> Spyware.SearchPage : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1482C66E82EFC3041 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1482D780A35CC551E -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1482E257B16C7E9E -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1482E6BE02D57255D -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-14833343F004CA6 -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-148341D7335D9644E -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1483529E03E53499B -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1484B261FB95BEC -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1484B50C1289F45D7 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1484B65CBF1171C7 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1484C36F913895C78 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1484C37C15D4272FD -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1484C5DC55D6CBD0 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1484D1AC9134D13A8 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1484D50ADA165DD1 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1484D6CDEA48EDB -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1484E19051ECD3681 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1484E252812714374 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1484E2C376C913F01 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1484E62E0597155B8 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1484F10B269FC1E40 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1484F3DC73E9D24B4 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1485057BF43826587 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1485078F25A6C5928 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-148507967440B4B5E -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-14850B8820CB33FC -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1485177D825BD273D -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1485178D6146CD8 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-14851795E16FE3A06 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-148522C2A534A1F24 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-148523565DD03D02 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-148523E1A66AC6156 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1485325ECBF83364 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-14853686A1F5270A7 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-148536FE278C8248D -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-14854328B32326C0 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1485473C47CF74877 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-148548C257AD538D -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-148555B3C3C7D403E -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-148555DE41CFE3D61 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-148563682672352EE -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-14856478D7C9A28B4 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-148566E6E774E627C -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-148575AA05A4972EB -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1485E5A26290C66B5 -> Spyware.Spywad : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-148766B113D53D53 -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-1488160C3446878 -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-3E1414A5691A5FFA -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-3E15567139CF3380 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-3E167318663A4EF6 -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-3E17466D63163BF0 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-3E177CE24F892F0C -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-3E18423D4B845F14 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-3E192E315B765BDC -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-3E1A39F419E24391 -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-3E1B421A4BA43795 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-3E1C121E7F81384C -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-3E2022EA5C451C8B -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-3E21EAC379676E4 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-3E2262AC1A241B78 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-40104A136EC55CF8 -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-4058586E36A054B4 -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-466E68801AF2122A -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-4790790376D41E1C -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-47921E31345846AC -> TrojanDownloader.Agent.kf : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-479349416CBE7886 -> Spyware.SearchPage : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-4839A616D555305 -> Spyware.SearchPage : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-483E6E1D506246EE -> Trojan.Agent.em : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-484A634963F4D57 -> Spyware.SearchPage : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-485520396FB2CA0 -> Spyware.SearchPage : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-485F45F613083896 -> Trojan.Agent.em : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-486319AE191A6AC7 -> TrojanDownloader.Small.azk : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-487D5DCE446469B3 -> Spyware.SearchPage : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-4882269941707467 -> Spyware.SearchPage : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-488368E81B212D62 -> Spyware.SearchPage : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-488573FD3FF134B4 -> Spyware.SearchPage : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-B7EA25A57A166103 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-B7EF37586B1D238E -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-BFB416F71EB43999 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-C9F19DA2CB8B88 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-C9F240798A02870 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-C9F250D233C66A50 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-C9F3583F32F91C48 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-C9F433606FB36BB5 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-C9F44BFB71FE787A -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-C9F564246B1C404D -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-C9F57C9D73196C07 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-C9F65A7D36AF39CF -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-C9F721666FBE6D4F -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-C9F852AA40747595 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-C9F952B25DCED32 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-C9F964EE24162B77 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-C9FA3DF676894B67 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-C9FA7EE31FD46354 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-C9FB48FC73C940B3 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-C9FB49FB56275190 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-C9FC378D54F769F -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-C9FC6BFC4EE36E7 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-C9FD22BA71ED443 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-C9FD25723182565D -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-C9FE449C3B62A9B -> TrojanDownloader.Agent.pe : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-C9FF1A662AB512A5 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA0052FA645A735C -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA007E395953283E -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA00840373B32D9 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA0114E67CAB384A -> TrojanDownloader.Agent.pe : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA0124821ACB3F25 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA021471457837A8 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA035359B45EAC -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA039337452BAE -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA044F327860553E -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA047B1469D7396C -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA0537C8287337B1 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA056D5D70D97ACA -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA064AD855292FC3 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA065E395CE758E -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA066B502E9F7ABD -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA076C464DE55E6B -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA084C1221B511C -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA096D115877209 -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA0A611A22E5250E -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA0A7A685F672E18 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA0B33A05FC5120 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA0B401722651937 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA0C63B1402C160B -> Spyware.SearchPage : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA0D525C186B10A1 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA0D6A9D225232DD -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA0F20FE7CE55A0F -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA1127D066F0286C -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA116444620315C1 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA117F4D60B1624A -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA1215D2722EEEC -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA124BB12E7F102A -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA1250630EE5B7 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA131B2A6736689A -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA14BB224C06ABB -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA171D3950684EF8 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA1722D9708E365 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA183BF17AD01BF3 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA184EF7781D10E2 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA1861FF14822354 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA193748213B786 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA19604B4AF963C8 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA1B66D46D354383 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA1D2E5E1A262A47 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA1D3C5636BC10F4 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA1D3E1E3B2FE3D -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA1E577C2EFD2310 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA1E5A764D1639B -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA1EF3049CE14F3 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA1F2CFE621966D4 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA22446360815D5 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA2260DA46DA2786 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA236592433A3AC8 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA241AA63F7F3BA3 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA245F14252459C9 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA255F663BCE56E1 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA25CD4D7F7C16 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA2756656D0A706E -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA28207A7FB255E0 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA28684172CD151B -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA29FAF656132FB -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA2A275320C331F8 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA2A3DBB682133F8 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA2A55FB61A118A9 -> TrojanDownloader.Agent.pe : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA2B1DC534183BF8 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA2B3BBCE425948 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA2C86C425156C6 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CA2CADE723B293B -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAD554D2185F52C0 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAE1C9C3C004EFF -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAE2A60732C9 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAE33B9A3A9A2061 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAE35EBBC9C2025 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAE362EA261414 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAE4CC65732724B -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAE62F7D2CD4680A -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAE669B116638BD -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAE814AAC08665F -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAEA6DE7B782E64 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAEAAF37D4264C -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAEB632D1CB35789 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAEC68E17296D74 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAED4F4063A71122 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAEDB722156597 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAEE3C15D7C72C9 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAEF2E595121207A -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAEF6352291184 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAF05E034EB771E2 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAF1408B640D2320 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAF25BD23E41EA9 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAF261164DB94C2B -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAF44D891B431B03 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAFA790B7EF864EE -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAFB43DBCCC38F6 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAFC77886A6E1DD2 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CAFE178B46DD5B62 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB004E3D1C6715D2 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB01306C7E0785C -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB0175F385170DB -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB0247E645DAE26 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB036DC600D6267 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB04296226B258C -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB049836D8329C1 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB0774276FA464F3 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB1965B8795D548B -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB1A78AC3563640 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB1A7CF325C7D9E -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB1B217B4CD07E2C -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB1C5D17776B55E3 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB1C67E0695D12A -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB1D4A9A50A1ACB -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB1DA2276932DC0 -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB1E227168B05644 -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB1F44736D3550FE -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB1F63656AF42FF5 -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB205F76D117453 -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB213C5C7CCD443 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB21409D6D9C91B -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB214733734B73B3 -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB2221CE520A23ED -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB224B8934EA3310 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB2537AC7C1512C2 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB257E6D1670FD1 -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB265B0235943CC -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB27177B1980342F -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB287521416629B2 -> TrojanDownloader.

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 11:24:41 PM

Grr! It said it was too big to attach. I tried to scan it in really little, but it didn't get all of it. I can try to reduce the size & try to attach it again, but I want it to be big enough to read!

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 11:25:52 PM

Nope. Not gonna work. Any suggestions?

Title: More win32 problems
Post by: guestolo on September 05, 2005, 11:27:47 PM

Can you just do the following
Open the log and post it in multiple posts, just so I can see the whole log
Don't try and post it all at once
Just section it out into different replies

I see you posted the top part of the Ewido log, carry on a post the rest of it in a different reply

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 11:30:41 PM

Here goes nothing!


---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         7:15:44 PM, 9/5/2005
 + Report-Checksum:      9F8940A6

 + Scan result:

   HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
   HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{04CB6006-AB79-1366-4EF1-BFF815B874EE} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{09312E20-8C50-C241-742B-35F21EDA9875} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{0ADD4D53-B7DD-20F8-2AC9-AB9CB538A46F} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{0B538AE6-8676-E13B-4CEC-E6A75F19F1EF} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{15E6172A-5F7D-3085-1E94-14DA8D1A4479} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{1F5650BA-2C95-0E8C-5C3F-D482646BF979} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{1FE935FF-DB66-AC76-99D8-18EC1F0F013C} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{29B25401-5964-022D-3AC2-C7207FEFF994} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{29CDA41A-A8EB-6A68-BBF5-2877418D55C7} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{2A6A2EFF-2FC6-683C-5911-BB1AC07E5964} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{3A1550DD-FD7B-8D6E-989A-49A66DF1433F} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{3EA8A165-1EE8-2BEF-A8D1-9CDBD760FC43} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{3F15B481-32E2-FE85-96FA-A8976289B4FD} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{434236E6-77E0-412c-B45B-7E78E7F41E59} -> Spyware.PurityScan : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{43F226F3-3EDD-1F6E-B1F9-426F80DAB07E} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{4E11A0FD-72A3-AEF3-D4E4-E168F75A238E} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{52343DBF-CF46-B3EA-81BB-8A3DCB6B9A64} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{5345A51F-E5D0-5A0D-1418-A1C95C417E3C} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{551764CC-ABCF-335C-76F6-62283B478A0F} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{5DA6CA48-7D98-BC0B-40EF-22AC6558668A} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{62B52B4D-547B-BFC7-9850-79709FDECF27} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{6327D790-4626-130D-8171-E0E6AB10B53B} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{6D793FE9-8675-897B-589B-5BCAB9D3CFEF} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{714C2287-DB2D-3514-4785-8EC21BA5C5F1} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{735DDAC7-F8F1-47DD-D87A-6AF0100B6A48} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{765369C1-D4E0-D6A4-69B4-6261D4E1319A} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{7658C68E-7ED4-8476-AC96-729091012307} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{78CA5367-0660-D7DE-5424-C4AD26542538} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{7A66D0FF-9707-2E41-A80D-7DE113BDAC8B} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{7A8EC00B-7964-C396-E2F8-621F6C9029FA} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{7DA446BF-5485-78F9-CC9A-2A02C93519E4} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{8324D4AA-9FD0-5334-D040-C3B82F9A8957} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{8669ABB2-7410-3460-F449-E119DCA24CC4} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{86B29A5F-CB91-3C3D-28A2-EDA38C1F28A8} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{877DBFE0-6233-B1C4-8252-A4475BCF6DD2} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{92854EC1-0623-4E3A-3993-F60435FEDF74} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{952AA538-C1D7-30E5-8DC6-1A12E2F736A2} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{9913F006-5621-D9B4-E3CB-064477E8D278} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{99B1E639-DCA2-2C21-013F-DEF4B5729CA9} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{9C060FC3-F4CE-894D-8EB7-FA3935CE5AA1} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{9D7705A4-9543-9869-8249-F62AC961BDA5} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{A678B034-1492-1AC1-FF9B-636BC85F5643} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{AEF3E64A-B4FC-FC2A-5EF9-4FC735F322D9} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{AF197E67-53B8-6C01-4733-3E7C25BA3A3B} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{B1169ABC-E367-2937-9F96-3B9CB54E0F31} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{B36D5282-D413-F545-CF79-A6CE970CFEBB} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{B4F697AE-7E58-DC0D-D012-24F83EAB9F25} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{B59A1E0B-4C94-AA3A-C37F-94C8BFC643E7} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{B7ABD257-6E0C-E7F0-26F5-0315127E44C2} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{C092CEA0-FB34-5E12-83ED-47942941DECC} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{C9368290-DE0B-80FF-0E2D-8933F6CA1A46} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{D1F6B196-AB9F-2B48-C708-0B7CEC5DA4F9} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{D6063F46-66EC-A24F-FC65-2CF52E8C6A80} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{DBC8BCC3-8C2E-707C-3D8D-72B88F17460E} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{DBE13E5D-7E11-2943-722B-C75B9A94EFED} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{DE2D7676-D3B6-1EDB-60CA-DA72D6F9B006} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{E5181BB3-B821-0D7B-D568-3766286D5460} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{E8A06DEA-6626-407D-5720-FE211C989AC1} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{EF24BEB1-9592-9F8F-4B29-99399FD2C231} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{EF4CB83E-BEF0-2DE3-F01E-55D0127FF3EA} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{F1B10CDC-1975-EC0C-C522-2571525E92CF} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{F3B884B1-3181-A180-8EA9-B6E06DF7844E} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{F802FEC2-BF51-3198-4339-747CCF253651} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{F99D5FC9-1F47-B6F5-F1D5-55AFEAD2853A} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{FC955BB2-DAA2-E394-1DD3-E8A207B823A6} -> Spyware.BetterInternet : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{FDEDD1BB-EE5D-1AF2-C50B-11681C5E2A93} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\Interface\{18E6C36A-C45F-4B60-A1A4-5C0BB16D4CC2} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Classes\TypeLib\{00A322E2-7D50-4DBA-BEA4-5C8078D47269} -> Spyware.CoolWebSearch : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} -> Spyware.TotalVelocity : Cleaned with backup
   HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc -> Spyware.WebSearch : Cleaned with backup
   HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc\Security -> Spyware.WebSearch : Cleaned with backup
   HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc\Enum -> Spyware.WebSearch : Cleaned with backup
   C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-112DE11F7392717E1 -> TrojanDownloader.Agent.kf : Cleaned with backup

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 11:32:12 PM

Part 2


C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-CB6574E24AAE1C3A -> TrojanDownloader.Agent.bq : Cleaned with backup

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 11:35:10 PM

Part 3


C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-DE6C3B4122BC12B9 -> TrojanDownloader.Agent.bc : Cleaned with backup

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 11:36:21 PM

Part 4


C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-F5B76A666E567C92 -> TrojanDownloader.Agent.kf : Cleaned with backup

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 11:38:35 PM

Part 5

C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\prf\NCJEGHUW6GRB\VirusBin\Infected-F7516BC67FC02FB7 -> TrojanDownloader.Agent.kf : Cleaned with backup
   
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Counter.class-762d722b-53550c1e.class -> TrojanDownloader.Small.wv : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-124b39f0-3f7296d4.class -> Trojan.Byteverify : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-3006fde7-40ee1fbc.class -> Trojan.Byteverify : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-531c338a-39525e7a.class -> Trojan.Byteverify : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Gummy.class-3f43cd7c-50399ca2.class -> Trojan.Java.Femad : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-6fd9f626-1f53746d.class -> TrojanDownloader.Small.wv : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1199dff7-560b0186.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-13861c29-5593a6b4.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-15809ea9-56ab9376.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1660dbc9-77eea49f.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1f0ddbdc-7131905c.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-1f8b980f-53ec9fa1.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-2ecf098a-4ddfb688.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3c0efa2b-408427a8.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-3c0efa2b-408427a8.zip/Beyond.class -> Trojan.Java.ClassLoader.k : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-4a9df386-60616cfc.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5157872c-6d0b9094.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5589cb5d-120e3acf.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-58581c27-1c4b87fc.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-588fab9e-4258bd28.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5e4988ce-4457b595.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-5ef20017-31cc6667.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-6198e311-431e0420.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-71002e85-126f3079.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-77402a30-135a16c4.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-78c18078-12b9e513.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ar3.jar-78ee691-42d98dd2.zip/Gummy.class -> Trojan.Java.Femad : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-487b52a0-1da3b40c.zip/BlackBox.class -> TrojanDropper.Beyond.g : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-487b52a0-1da3b40c.zip/Beyond.class -> TrojanDropper.Beyond.g : Cleaned with backup
   C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\nocheat.jar-67b60e84-51aa07cf.zip/Matrix.class -> TrojanDownloader.OpenConnection.s : Cleaned with backup
   C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0F.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
   C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0044797.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

Title: More win32 problems
Post by: guestolo on September 05, 2005, 11:38:53 PM

I got the idea

Please don't post any results from Ewido that are in this folder

 C:\Documents and Settings\All Users\Application Data\Authentium\

and leave out the ones in your System Volume Information folder
This is your system restore folder, we'll clean this later
But post the rest

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 11:39:19 PM

Part 6

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\Fifoed\A0048338.exe -> Spyware.Spywad : Cleaned with backup

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 11:40:46 PM

C:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP314\A0048765.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 11:41:56 PM

C:\WINDOWS\A5W.INI:tprgbz -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\abamo.log:uzmrcg -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\addbj32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\adddb32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\addga32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\addiu.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\addkq.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\addpg.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\addqi.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\addqu32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\addrf.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\addux32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\addws32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\adjhj.dat:alcytz -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\adjhj.dat:csdlja -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\amkrd.log:jiloln -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\amkrd.log:tluevj -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\amkrd.log:utnqml -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\aneqe.log:ecryhs -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\aneqe.log:ohmvgq -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\apiaf32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\apicz32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\apida.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\apidi32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\apiek32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\apiev32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\apiid32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\apinv.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\appam32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\appcu32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\appeu.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\appqo32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\appqz32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\appxj.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\appxl32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\appyc32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\armox.txt:krryes -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\atldi32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\atlea32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\atlfa.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\atlql32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\atlte32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\atlxm32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\aurl.dat:tsclhe -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\aurl.dat:ukoegk -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\awcxn.txt:purazy -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\ayvwu.txt:lpthoa -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\ayvwu.txt:yyyqhp -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\bbckl.txt:arskmv -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\bbckl.txt:wdkebc -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\bbckl.txt:wqycje -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\bdtgx.txt:boonkz -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\bdtgx.txt:ghfjib -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\bjfqe.txt:fdkpdk -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\bjwrm.log:hnjgbi -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Blue Lace 16.bmp:pdcjdf -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Blue Lace 16.bmp:sbjvgc -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\Blue Lace 16.bmp:tskpgy -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\bootstat.dat:euneer -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\bootstat.dat:gvelle -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\bootstat.dat:orrqlo -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\bootstat.dat:xevvfu -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\bqvop.log:xkhght -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\brpgf.txt:ywpyno -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\btgmm.txt:wiydme -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\btgmm.txt:ziyocd -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\bvenf.txt:jxytwf -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\bvenf.txt:qkaljw -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\bvenf.txt:ylthal -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\bysites.dat:qmsgcs -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\bysites.dat:xyxveq -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\bzkzh.log:xtxhrt -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\cczhd.log:pjrqgp -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\cczhd.log:saxnxp -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\cdplayer.ini:kkrswb -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\cdplayer.ini:qziaht -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\clock.avi:qyqjrq -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Coffee Bean.bmp:blolpi -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Coffee Bean.bmp:bxmqnj -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Coffee Bean.bmp:iyjpls -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Coffee Bean.bmp:ktparr -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\COM+.log:dkbyym -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\COM+.log:oxizsl -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\COM+.log:yclejf -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\conjm.log:axwofb -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\conjm.log:bzuund -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\conjm.log:catttk -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\conjm.log:uyevht -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\control.ini:tmgqrk -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\cqvbm.txt:szgtgl -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\cqvbm.txt:umvtmh -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\crgb32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\crge32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\crhp32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\crit32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\crqv32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\crtx.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\crve.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\cswwe.dat:epvmmo -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\cswwe.dat:kayyiv -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\cswwe.dat:tsmhhn -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\cswwe.dat:ubmznm -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\cswwe.dat:wttrxb -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\ctybv.txt:enfgor -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\ctybv.txt:gijaoc -> Trojan.Agent.em : Cleaned with backup

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 11:42:38 PM

C:\WINDOWS\d3aw32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\d3ee.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\d3fo.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\d3ip32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\d3pq.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\d3tb.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\d3zt.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\dahotfix.log:uctegg -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\dccpo.log:jrfikt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\dellstat.ini:otmwzl -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\desktop.ini:pqgzgz -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\desktop.ini:vnidaj -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\desktop.ini:ziboim -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\DHCPUPG.LOG:arskmv -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\DHCPUPG.LOG:egjbff -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\DHCPUPG.LOG:ndlkii -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\DHCPUPG.LOG:ocytvn -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\DHCPUPG.LOG:rtczft -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\dipad.txt:juepiw -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\DirectX.log:gufbtn -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\DjVuDoc.ico:hdrzpx -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\DjVuDoc.ico:klangw -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\DjVuDoc.ico:uuerfg -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\dlmxz.txt:bvxdkg -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\dlmxz.txt:oqopwt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\dlmxz.txt:tskpgy -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\dlzpq.log:xgcohi -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\dmile.txt:amhvhw -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\dmile.txt:cmkaig -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\dmile.txt:ovkmfa -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\dmwwz.dat:evowhr -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\dmwwz.dat:jqszyv -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\dmwwz.dat:mwpifi -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\dokml.log:fcxkyp -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\dokml.log:ubphmv -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\dpdfz.txt:cxhumt -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\dpdfz.txt:oujzun -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\dphja.log:tpssmr -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\dphja.log:wybdmu -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Dsg.html:hvbfox -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\DtcInstall.log:flwbvf -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\DtcInstall.log:guocud -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\DtcInstall.log:xglgxq -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\ehjjp.log:cygcjq -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\ehjjp.log:nzkfio -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\eoixe.dat:lrhxwq -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\eReg.dat:arorra -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\eReg.dat:mqarfl -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\eReg.dat:oytigx -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\EReg072.dat:mlqehz -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\EReg072.dat:tqtunq -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\EReg072.dat:ymohxq -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\EReg072.dat:zvgppg -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\evxsk.txt:dlkgnv -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\explorer.scf:frtwin -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\explorer.scf:lfxneo -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\explorer.scf:mfpygk -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\explorer.scf:xjfesl -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\exzpx.dat:eljkbj -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\exzpx.dat:pqprpa -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\FaxSetup.log:klfywp -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\FaxSetup.log:wmclhf -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\fdabu.dat:bosvou -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\fdgrf.dat:iqzfjl -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\fdgrf.dat:xnwmvc -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\FeatherTexture.bmp:cmylyz -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\FeatherTexture.bmp:jhpzus -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\FeatherTexture.bmp:tjsnis -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\fiz2:arskmv -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\fiz2:egqayy -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\fiz2:sbnnt -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\fiz3:rcdvkt -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\fiz4:dkdscd -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\fmtyo.dat:ikqxpg -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\fmtyo.dat:jpblkp -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\fmtyo.dat:ojmsti -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\fmtyo.dat:tskpgy -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\fsmal.txt:gjbmya -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\fsmal.txt:optthd -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\fwoxj.dat:cdgogg -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\fwoxj.dat:edxvcg -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\fwshu.dat:bcunv -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\fwshu.dat:bhmqnz -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\fwshu.dat:necofe -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\fxrlv.log:qrlzqv -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\fxrlv.log:uzbgyp -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\fxrlv.log:zjtrac -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ggeju.txt:ffmchp -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ggeju.txt:kwstgj -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\ghjns.log:meygs -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\gkefn.dat:eqrvwv -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\gkefn.dat:mzmtsz -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Gone Fishing.bmp:arfjbj -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Gone Fishing.bmp:ibcenl -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Gone Fishing.bmp:iseekx -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Gone Fishing.bmp:kcgtvz -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\Gone Fishing.bmp:lnohul -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\Gone Fishing.bmp:pwigzb -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Gone Fishing.bmp:uywxek -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\gqkoo.log:uyzrlb -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\gqkoo.log:zuxrcq -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Greenstone.bmp:acgscm -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Greenstone.bmp:dpdzat -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\hamfj.log:cztubz -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\hdaqz.log:mykwfl -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\hdaqz.log:nzpczu -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\hdaqz.log:pqmrca -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\hdaqz.log:ssqpvu -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\hezqs.dat:rviwea -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\hezqs.dat:xwcgba -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\hhavy.txt:fazwsc -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\hhavy.txt:osojq -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\hhavy.txt:vamadk -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\hlzxg.dat:dwrgiz -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\hlzxg.dat:gmnxsq -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\hlzxg.dat:iktvkl -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\hobzg.log:upymlo -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\HPHins01.dat:lcrxxw -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\HPHins01.dat:sabipx -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\hphmdl01.dat:guuehb -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\hpoins03.dat:duyypk -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\hpoins03.dat:nhjsnz -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\hpoins03.dat:znycua -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\hpoins03.dat:ztzbm -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\hpomdl03.dat:ddjlzg -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\hpomdl03.dat:kalojz -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\hpomdl03.dat:vzwevk -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\hqtqa.txt:ueqnab -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\hqtqa.txt:xozmsh -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\ieei32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\iegt.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\iehc32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\iehf32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\iepv.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\iesn32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\iexj32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\iis6.log:mfjsvd -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\imsins.log:gxdptv -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\imsins.log:tatkuz -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\ipdp32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ipfx32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\iphb32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ipid32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ipmx32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ipng32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ipqib.log:ummmnh -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\iprg.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ipsa.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ipvb.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ixwzs.log:mnxrpk -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\izmhm.log:iwgwws -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\javabf.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\javadw.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\javafc.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\javafn.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\javanf32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\javapg32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\javazz32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\jdibe.log:apzkyu -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\jdnmb.log:wqzfou -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\jihic.dat:vizott -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\jjaxo.log:bqgkdn -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\jjaxo.log:wiijhy -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\jjots.txt:ppwtzo -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\jjots.txt:vgunva -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\jjots.txt:xalkub -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\jjots.txt:xnmpff -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\jptwv.log:cdtzqz -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\kaviq.log:gahxrx -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\kaviq.log:kvxpdf -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\kaviq.log:ndlmkc -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\kaviq.log:pwvaza -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\kaviq.log:utlhoh -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\kaviq.log:xtknwp -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\KB821557.log:lvnlla -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\KB821557.log:tsfsiu -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\KB823182.log:gerogj -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\KB823182.log:jihicm -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\KB823559.log:dwpdxp -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\KB823559.log:fgsadj -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\KB823559.log:fxhqsn -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\KB823559.log:ntemqr -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\KB823559.log:qbvqom -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\KB824105.log:iqlvqw -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\KB824105.log:msxylw -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\KB824141.log:bjzneo -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\KB824141.log:evfrfc -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\KB824146.log:icovio -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\KB824146.log:nwpdyd -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\KB825119.log:czutdj -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\KB825119.log:yhlfxt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\KB828035.log:arwalg -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\KB828035.log:phfagv -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\KB828741.log:aukrvs -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\KB828741.log:uesmkc -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\KB833407.log:uaezxm -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\KB835732.log:teaepd -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\KB837001.log:sncxpd -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\KB839643-DirectX9.log:nfdsme -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\KB839643-DirectX9.log:yysvuq -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\KB839643-DirectX9Uninst.log:ucfgdb -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\KB839643-DirectX9Uninst.log:vsplsw -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\KB839643-DirectX9Uninst.log:xmeiib -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\KB840374.log:inevts -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\KB840374.log:kjnvdo -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\KB840374.log:pvzzfy -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\kkrsw.dat:dzmjhj -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\kkrsw.dat:sayudj -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\knjkz.dat:yidcdf -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\kofja.txt:vlqgaj -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\krmwj.txt:vawwbu -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\kwv2.dat:ltrzxu -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\kwv2.dat:pnwvce -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\kwv2.dat:svjyra -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\kwv2.dat:zvkfib -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\kxvxe.txt:gusdoj -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\lbrcz.log:hrtnab -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\lbrcz.log:mjhnqa -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\lbrcz.log:xymaql -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\lbrcz.log:yrxapf -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\ldtqy.txt:etzehi -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\ldylr.dat:hfocyi -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\ldylr.dat:svqzte -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\lkojo.dat:ekeibn -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\lmqlj.log:pzfnkn -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\lmqlj.log:qsifrp -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\lmqlj.log:zgzpat -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\log.bak.txt:mxljuq -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\log.bak.txt:qqurxz -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\log.bak.txt:rprjqt -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\log.bak.txt:weaiae -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\log0.txt:hqjsur -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\log0.txt:swckcl -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\log0.txt:zgmccj -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\log1.txt:izytny -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\log1.txt:tjrzfs -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\log2.txt:baqxta -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\log2.txt:qfbhra -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\log3.txt:kxvxew -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\log3.txt:lxhzcj -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\log3.txt:sgfheu -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\log4.txt:saiyhi -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\log4.txt:vwwpnr -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\log4.txt:wyjtdv -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\lvytz.log:khdlmt -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\mactk.log:bymrnn -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\mactk.log:sgyjxu -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\marker_2.bin:czdndf -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\marker_2.bin:fwoxjm -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\marker_2.bin:jfsirg -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\mbdqb.dat:ciwrgd -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\mfcms32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\mfcpn.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\mfctk32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\mfcuc.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\mfcum.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\mfcvk.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\mhrxy.log:nxhcqt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\mlblu.txt:bbkazw -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\mlblu.txt:cmjfkj -> Spyware.SearchPage : Cleaned with backup

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 11:43:13 PM

C:\WINDOWS\mlblu.txt:fovlwd -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\mlblu.txt:nzffcf -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Mmm.html:gqypcl -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\mqarf.txt:mmwdrb -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\msak.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\msav32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\msbe.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\msci.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\msgl.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\msgsocm.log:gaqkwp -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\msgsocm.log:rpsdty -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\mshd32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\mshj32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\mske32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\msne.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\msoffice.ini:qjhprv -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\mspp32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\mstj32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\mswi.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\mtgzn.dat:vzqrzw -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\mwicz.txt:ikrclg -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\mwicz.txt:jqljnj -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\mwicz.txt:wcpcce -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\mWinXp.txt:xgznno -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\mWinXpD.txt:osjxbg -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\mWinXpD2.txt:bqvopl -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\mWinXpD2.txt:rjpwms -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\mwokv.txt:iccjal -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\nbilw.dat:nzbbtt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ncazq.txt:jufvsd -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\nero.INI:kybkxa -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\netda32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\netdet.ini:guntlj -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\netdet.ini:xnaqlq -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\netfb.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\netkf.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\netmt32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\netsi32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\netyh32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\nfczl.txt:urotkw -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\nfczl.txt:xzorhm -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\nggtu.log:fgcjuc -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\nggtu.log:qagxkw -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\nnlaq.dat:wkzocy -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\nsreg.dat:uoanee -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\nszxj.txt:wikpcr -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\ntaw32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ntbtlog.txt:evxskf -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\ntcq.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ntdtcsetup.log:bujpyj -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\ntdtcsetup.log:jcjbvi -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\ntdtcsetup.log:pteren -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ntemq.txt:etcpnj -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ntemq.txt:pjdvwc -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ntemq.txt:upmbvz -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\ntemq.txt:xruqac -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ntfp.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ntil.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\ntjm32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ntjq32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ntmu32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ntsq.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ntxi32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\nzrvf.dat:tucuat -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_aicywu.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_bgmumu.log:prqbai -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_bgmumu.log:vjitvm -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_bgmumu.log:wgxgif -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_bgmumu.log -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_bjfjhs.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_byfjhl.dat:ciukis -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_byfjhl.dat:dslkpr -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\n_byfjhl.dat:pkksvv -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\n_byfjhl.dat:qelfsm -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_byfjhl.dat:wwqfeq -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_byfjhl.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_cadrie.txt:ncazqp -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_cadrie.txt:ohptch -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_cadrie.txt:ueenju -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\n_cadrie.txt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_drbogi.txt:cczhdc -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_drbogi.txt:hsahvk -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_drbogi.txt:ujmpkd -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_drbogi.txt:vhgzbl -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_drbogi.txt:zumcvk -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\n_drbogi.txt -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\n_ebkdju.log:buprnm -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_ebkdju.log -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_eglxbg.log -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_fdfgps.txt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_fgpkbr.log:bdtgxt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_fgpkbr.log:cjtzyg -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\n_fgpkbr.log:jmeszg -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_fgpkbr.log:wqhkjn -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\n_fgpkbr.log -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_fmwxxv.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_gicrip.log:giqfwo -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_gicrip.log:mwhglk -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\n_gicrip.log:vdsmfn -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_gicrip.log -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_hlheqn.log -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_hxsavy.txt:caqgtl -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_hxsavy.txt:nzqvzr -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_hxsavy.txt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_ihkzxz.log:dbyzir -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_ihkzxz.log:ddcnbw -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_ihkzxz.log:nkemhp -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\n_ihkzxz.log:rmires -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_ihkzxz.log:ulaqry -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\n_ihkzxz.log -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_ipofuc.dat:klpczz -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_ipofuc.dat:zyblnd -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\n_ipofuc.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_ivwiyi.txt:gaibtb -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_ivwiyi.txt:ugplvt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_ivwiyi.txt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_jhfxdw.log:wcqekb -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_jhfxdw.log:wevsdh -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_jhfxdw.log -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_jihaln.txt:glprbs -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_jihaln.txt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_jlcaag.txt:cmihtk -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_jlcaag.txt:imzarm -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\n_jlcaag.txt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_kmsadz.txt:iszwsn -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\n_kmsadz.txt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_knaxkm.txt -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\n_kyolpo.txt -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\n_kzbygb.log:atsjmq -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_kzbygb.log -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_lqvixm.dat:wbdbhh -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_lqvixm.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_niqehu.txt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_ntsznn.log:gtfzxa -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_ntsznn.log -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_olmkaj.txt:pkgghf -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_olmkaj.txt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_orojry.txt:damzev -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_orojry.txt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_osfgdv.log:eshxfp -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_osfgdv.log:tgbpcl -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_osfgdv.log -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_pkrexh.dat:bevawk -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_pkrexh.dat:bzkzhx -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_pkrexh.dat:rmymzl -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_pkrexh.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_pyetaf.txt -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\n_qwmeoq.dat:avhkaa -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_qwmeoq.dat:vbwegf -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_qwmeoq.dat:zlugrh -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\n_qwmeoq.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_qyvopw.txt:itfjwp -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\n_qyvopw.txt:lkarhm -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\n_qyvopw.txt:mzuuwv -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_qyvopw.txt:nfczll -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_qyvopw.txt:xtrczs -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_qyvopw.txt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_rtmllq.txt:jnjrtv -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_rtmllq.txt:zenihh -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_rtmllq.txt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_ssgpwl.dat:lzdeba -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_ssgpwl.dat:teonyu -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_ssgpwl.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_swuaqu.txt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_syjydp.txt:clrejd -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_syjydp.txt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_tzjimh.txt:ggvegn -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_tzjimh.txt:vvhngj -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\n_tzjimh.txt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_vwzxyp.dat:qlkdpp -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_vwzxyp.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_wbtigj.log:ioqmdv -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\n_wbtigj.log:xafnsi -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_wbtigj.log -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_wshoxc.txt -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\n_wubfeb.txt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_wyagom.txt -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\n_xkreic.txt:bablxc -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\n_xkreic.txt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_xqafuq.log:pbqsvs -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_xqafuq.log -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_xqbebh.txt:vrqune -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\n_xqbebh.txt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_xxalfu.txt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_zcxxjf.log:hmdsag -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\n_zcxxjf.log -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_zzturv.dat:fsizpg -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\n_zzturv.dat -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ocmsn.log:ttmudc -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\ocmsn.log:zmoxvq -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ODBC.INI:bzqusx -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\ODBCINST.INI:xwhbri -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\odmiq.dat:gpqbmr -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\OEWABLog.txt:hmdfhb -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\oewbn.txt:pxagls -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\opsvu.txt:hwdmug -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\orun32.ini:rlbupz -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\orun32.ini:xmofnv -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\orun32.isu:xpbzej -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\oskns.log:awwawj -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\oskns.log:mwowsk -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\oskns.log:ryugod -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\ovqlb.txt:curaww -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\ozfjg.txt:vyjttp -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ozfjg.txt:yqbvby -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\patch.log:ntbyhu -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\patch.log:uvcgyh -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\patch.log:yksjwd -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\PhotoSuite.ini:sfhdqv -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\PlusDMESetup.log:cyfmqf -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\PlusDMESetup.log:mctstq -> Trojan.Agent.em : Cleaned with backup

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 11:43:52 PM

C:\WINDOWS\PlusDMESetup.log:rjhxof -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\pnwvc.log:btzfuk -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\pnwvc.log:drukqd -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\poqpf.dat:eclfvt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\poqpf.dat:vjsuil -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\PowerReg.dat:fnkepb -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\PowerReg.dat:gdksto -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\PowerReg.dat:kjzkii -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\PowerReg.dat:ltgtth -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\PowerReg.dat:uzxrlq -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\PowerReg.dat:witnlo -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Prairie Wind.bmp:beyclg -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Prairie Wind.bmp:ttskou -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\pvcwd.dat:wnpijq -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\pvcwd.dat:xbpvjo -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\pwzpd.log:ufrinq -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Q323255.log:hryeat -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Q327979.log:kzbwgi -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\Q327979.log:ockzln -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Q327979.log:onhnla -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Q327979.log:qciadq -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Q327979.log:sakuwe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Q327979.log:xncjjm -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Q328310.log:eucqrf -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Q328310.log:swgxxl -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Q329048.log:mbxefe -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\Q329048.log:yviwqr -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Q329112.log:jdoxce -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Q329112.log:xgqaae -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Q329112.log:zsrjcd -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Q329115.log:ixrsdp -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\Q329115.log:kxzdzv -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Q329170.log:omhcpu -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Q329170.log:qwabkb -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\q329256.log:bzcyid -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\q329256.log:dbonsr -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\q329256.log:lfkbug -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\q329256.log:sotppe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\q329256.log:vbbhog -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\Q329834.log:ayvffz -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Q329834.log:dgchoq -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Q329834.log:dpwhey -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Q329834.log:hmshjw -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Q329909.log:euwuyx -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Q331958.log:ezrjdk -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\Q331958.log:vqomgi -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Q810833.log:udymff -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Q811493.log:mgjxro -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Q811493.log:xydfvw -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Q811630.log:dpilgv -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\Q811630.log:qbdmrd -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\Q811789.log:ytipru -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Q814033.log:neqshp -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Q814033.log:pzvkpg -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Q814995.log:icwrlf -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\Q815021.log:yqxpmi -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Q815021Uninst.log:yxctzb -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\Q815485.log:hzkbmv -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\Q815485.log:klureu -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Q817287.log:bdwocs -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Q817287.log:igyiby -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Q817606.log:qriuot -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Q817606.log:tbghjj -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Q828026.log:dlmxze -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Q828026.log:tjxogo -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\qgdsc.log:uwgtwc -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\qgtqj.log:jaeqan -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\qhooj.log:vrnaac -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\qkmgo.log:bcigmg -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\qkmgo.log:kmualb -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\qkmgo.log:uhzvlq -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\qpbqp.txt:rjexec -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\QTFont.qfn:akkzdc -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\qtxlh.dat:chpmay -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\QUICKEN.INI:idtesv -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\QUICKEN.INI:vehdcb -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\QuickInstall.INI:kjbhox -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\QuickInstall.INI:rcoxoo -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\QuickInstall.INI:ynhdzx -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\QuickInstall.INI:zedndh -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\qujju.dat:gegrgd -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\qujju.dat:udqrqm -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\qyuwr.log:bdmjug -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\qyuwr.log:lmowlr -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\rbqwa.txt:cctnji -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\rbqwa.txt:pwyyny -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\rbqwa.txt:rfnsyk -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\rbqwa.txt:roaiti -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Readme.txt:aankjm -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\Readme.txt:neaelo -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Readme.txt:wwushu -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\redem.log:ciysiu -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\redem.log:itarzy -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\REGLOCS.OLD:hxjdqi -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\REGLOCS.OLD:qmdbai -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\REGLOCS.OLD:tdrjal -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\rfvzi.log:ujqyde -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\rgigh.dat:lejwuv -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\rgigh.dat:xcwwdv -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Rhododendron.bmp:hvltfr -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\River Sumida.bmp:cdamkv -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\rmkvv.dat:dkdkse -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\rmymz.dat:zwdgab -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\roait.dat:lkmtbh -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\rsrdk.dat:uplyfx -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\ruagb.dat:lkxngh -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\ruagb.dat:mifisn -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\ruagb.dat:wlwpuo -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Run32A50.mch:itcdjj -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\rwdsy.log:idtllu -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\rwyzn.dat:mqveaz -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\rwyzn.dat:rhujey -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\rzshg.log:aemrnx -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Santa Fe Stucco.bmp:ddibbk -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Santa Fe Stucco.bmp:ygtmux -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\savmj.dat:icchhh -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\sb_affiliate.ini:bwnwjy -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\SchedLgU.Txt:icawza -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\SchedLgU.Txt:uwckuf -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\scngo.dat:plrlje -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\sdkcb32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\sdkfk.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\sdkgk32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\sdklz32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\sdknd.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\sdknz.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\sdksb.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\sdkti.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\sdkyn32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\sessmgr.setup.log:txvrad -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\sessmgr.setup.log:uxfjdj -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\setupact.log:adsjtk -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\setupact.log:hlbqlg -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\setupact.log:mxupoi -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\setupact.log:mxwjir -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\setupact.log:vkzrmy -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\setupapi.log:twfseb -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\setupapi.log:vljhvs -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\setuperr.log:ieoxxl -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\setuplog.txt:fyppkc -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\setuplog.txt:ldtqyh -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\setuplog.txt:nljwoi -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\setuplog.txt:wmzikf -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\sgfhe.log:iobony -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\Soap Bubbles.bmp:bfgczv -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\Spyware Begone Setup Log.txt:edmwsj -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\srxjm.txt:gxnanf -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\suekb.txt:icmdcf -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\suekb.txt:zhfake -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\sxcvb.txt:bxeslv -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\SYMEVENT.LOG:dcrwdm -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\sys32_app.dat:uywxfx -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\syskq32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\sysol.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\systc32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system.ini:shojnc -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\system32:nlaa.dll -> TrojanDownloader.Small : Cleaned with backup
   C:\WINDOWS\system32\1010781.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\32101625.exe -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\WINDOWS\system32\addhx.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\addkt32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\addmh.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\addog.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\addys.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\apidd.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\apijv32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\apikw32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\apimh32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\apipp.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\apirv32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\apitq32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\apivg32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\appbz.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\appkv.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\appqo32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\apprk32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\appuo32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\appwb32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\appxk.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\atlba32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\atldk32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\atlkf32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\atlko.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\atlne32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\atlpe32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\atlrq.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\atltr.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\atlum.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\atluy32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\atlvm32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\crcn.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\crfp.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\crfw32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\crkr32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\crlc32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\crmc.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\crss32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\crvg.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\crvv.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\cryj.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\crzs32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\d3ca.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\d3cv.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\d3db.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\d3eg.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\d3ek.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\d3vi.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\d3we32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\d3zh32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\d3zw32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\iekk.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ieml.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\iene32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\iera.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ieri32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\iewi32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\iewt32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ieyb.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\iezset.exe -> Adware.eZula : Cleaned with backup
   C:\WINDOWS\system32\ipdf32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ipgh32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ipln32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ipoc32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ipop.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ipsu.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ipti.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ipxr32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\javabr.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\javabv.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\javajb.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\javajm32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\javaom.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\javaqu32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\javatj.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\javaua.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\javavx32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\javaxe32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\mfcce32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\mfces32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\mfcfq32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\mfcim.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\mfclc.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\mfclj32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\mfclr.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\mfcok.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\mfcpu.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\mfcql32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\mfctb.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\mfcvu.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\mfcxa.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\mscc32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\mseggo.gif -> TrojanSpy.Delf.dx : Cleaned with backup
   C:\WINDOWS\system32\msjq32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\msoo32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\msqp32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\msug.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\mswf32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup

Title: More win32 problems
Post by: guestolo on September 05, 2005, 11:45:40 PM

Is that it?  /biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

Title: More win32 problems
Post by: tektok3 on September 05, 2005, 11:46:36 PM

C:\WINDOWS\system32\msyl32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\netbo32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\netbx32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\netgp.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\netlc.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\netrd.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ntcu32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ntet.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ntii.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ntil.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ntji32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\ntju.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\ntlb32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ntmb32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ntok32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\ntos32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\ntpu.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\nttk32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\nttl.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\sdkcj32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\sdkgc32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\sdkio.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\sdkjp32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\sdkln32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\sdktp.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\sysft.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\sysfu32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\sysgh32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\sysji.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\syskq.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\sysle32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\sysls.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\sysrq32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\sysup.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\syswd.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\syswx32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\winca32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\winep32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\winfk.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\winha32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\winhb32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\system32\winhw.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\winpd.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\system32\winsz.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\system32\winwe.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\sysym32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\test:fdsypa -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\test:yuhthu -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\tgrgq.txt:khzpqe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\tgrgq.txt:tcilzv -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\tmdmi.txt:mmxlrv -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\tmsok.dat:fjjwrj -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\tmsok.dat:lhvpjm -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\tnpoz.log:tdhcjk -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\tnpoz.log:uphisn -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\tnpoz.log:yhlvvd -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\toooq.dat:fkuvny -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\tsclh.dat:fnpyly -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\tsclh.dat:lwuvyw -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\tsoc.log:ruagbe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ttcgf.txt:ltmldc -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\ttsko.dat:dwebtz -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ttsko.dat:mpanmx -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ttsko.dat:rhebxo -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ulhkp.log:qutotn -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\ulhkp.log:rrmneo -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\unnns.dat:alesnk -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\UPGRADE.TXT:ilpadp -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\UPGRADE.TXT:ksxtyz -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\UPGRADE.TXT:pwlooh -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\UPGRADE.TXT:usfvwk -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\uvjfd.log:ixebqr -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\uypll.txt:mcrtub -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\vb.ini:nttnbk -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\vb.ini:tlxxhn -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\vb.ini:vvmglf -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\vbaddin.ini:jvmbvp -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\vbaddin.ini:wcbywm -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\vcgsm.log:ntpazn -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\vdjcf.txt:lcpwyw -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\vdjcf.txt:lmqljx -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\vdjcf.txt:onsyye -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\vdjcf.txt:vwnadp -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\viassary-hp.reg:fbxevs -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\viassary-hp.reg:pnkygu -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\vmuninst.log:ccnryh -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\vmuninst.log:hokdth -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\vmuninst.log:tafxdi -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\vmuninst.log:yhqllt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\wbgxy.txt:cldoho -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\wbgxy.txt:houdae -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\whtmx.txt:fghxzp -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\whtmx.txt:kflibk -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\wiaservc.log:dhhlyt -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\wiaservc.log:iwyext -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\wiaservc.log:vlvujy -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\wifme.dat:vgdodu -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\win.ini:yzsctr -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\winap32.exe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\winfw.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\winhn32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\winmp32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\winnt.bmp:ovdfku -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\winnt.bmp:xergwe -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\winnt256.bmp:uisdjd -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\winnt256.bmp:xjmlrp -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\winnt256.bmp:zvocrj -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\WINNT32.LOG:awklly -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\WINNT32.LOG:ktcrvu -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\winto.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\wmsetup.log:eyvbml -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\wmsetup10.log:svgqlu -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\wmsetup10.log:txlwub -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\WMSysPr9.prx:supqgg -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\WMSysPr9.prx:ufetoe -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\WMSysPrx.prx:wznggv -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\WMSysPrx.prx:wzxnkl -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\wntlq.txt:vangzk -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\wqkmg.log:bdvkko -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\wqkmg.log:jeronl -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\wsdu.log:lxebod -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\wsdu.log:nyvmnl -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\wsdu.log:yrvtqr -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\wzklj.txt:ywxcjw -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\xhguk.txt:pkvxad -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\xkhgh.dat:hzlfpt -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\xkhgh.dat:ibmboz -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\xpsp1hfm.log:ddhazl -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\xpsp1hfm.log:hkocuo -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\xtfmg.log:abehic -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ybipy.dat:fkocvq -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\yebzn.txt:ddfcvq -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\yebzn.txt:yboghv -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\ygxds.dat:rbgljf -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\ygxds.dat:uahkhw -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\yhyuu.log:sabpvw -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\ykibo.txt:isngkt -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\ykibo.txt:zvqncp -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\yutqz.txt:schjsu -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\yutqz.txt:upwryc -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\yutqz.txt:vehjrf -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\Zapotec.bmp:mpowan -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\Zapotec.bmp:rnisxr -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\zdkvt.log:kbtuxg -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\zdkvt.log:zurxvv -> Spyware.SearchPage : Cleaned with backup
   C:\WINDOWS\zfqbr.log:qvldtp -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\zigai.txt:zftoqh -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\zlipv.log:kobfzc -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\znycu.txt:bvwjva -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\znycu.txt:xdgutg -> Trojan.Agent.em : Cleaned with backup
   C:\WINDOWS\_default.pif:ghyqx -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\_default.pif:nlfhk -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:adttrr -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:awhdvc -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:betxlx -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:bfcwhe -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:bnctqt -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:bymwvs -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:cunjeb -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:deuxme -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:dhbqhe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:dhdzir -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:dooqpd -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:dveryr -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:eibswl -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:epyrey -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:fnwfdu -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:fxaigz -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:fzlygk -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:gmnopv -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:hxlglx -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:icryc -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:ifhqlt -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:ikanph -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:ikywej -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:imzcnx -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:jyqntb -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:jyuqbp -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:kljrju -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:kndkns -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:kzmfvv -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:lgjlfu -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:mjuaag -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:mlvtit -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:mohyvy -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:nuvrb -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:oeabrn -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:pjeksy -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:qsfqkz -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:qxxirz -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:rcqyen -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:rfqgex -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:sgawnd -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:sxripm -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:tovzlw -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:txllna -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:ugvcbg -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:uklooq -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:uwolbn -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:vgzhhi -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:vivfkc -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:wvwwst -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:xaedam -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:xagng -> TrojanDownloader.Agent.bc : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:xopkfe -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:xqiwgj -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:xytnij -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:yfgbkm -> Trojan.Agent.bi : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:yoykx -> TrojanDownloader.Agent.bq : Cleaned with backup
   C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:zegtjf -> TrojanDownloader.Agent.bq : Cleaned with backup


::Report End

Title: More win32 problems
Post by: guestolo on September 06, 2005, 12:05:09 AM

OK, thanks for your hard work tektok3

I edited some of your replies to shorten it down a bit
I get the picture where many reside

We're going to try and shorten these lists

But first
Can I have you do the following please

Download and Save Cleandesktop to your computer from this link: http://www.thespykiller.co.uk/files/cleandesktop.exe (http://\"http://www.thespykiller.co.uk/files/cleandesktop.exe\") and double click on the cleandesktop.exe

Code: [Select]

It will automatically extract to C:\desktopclean where it needs to be to run and will automatically run the cleandesktop.vbs script

If it doesn't open then go to c:\desktopclean and double click on the cleandesktop.vbs Do not run any other file from there please unless asked to

If you have script blocking enabled you will get a warning about a malicious script wanting to run. Please allow this script to run. It is not malicious.

If you get a message when you first run it "Can not find script file ........."
Just doubleclick the cleandesktop.vbs script again you sometimes get that message when a script blocker blocks the script

It will then kill Explorer. You will lose your taskbar and desktop. It will repair the registry entries returning your normal desktop and context menu functions.

It will restart Explorer.

Once you have performed the cleanup, each of the other Users on the System needs to be signed in to clean up their desktop and regain the right click.

Include is another vbs to do this. It is named Other Profiles Regfix.vbs

Have each User sign in and run Other Profiles Regfix.vbs
Open C:\ (Go to Start>Run and type C: Press enter) and Open the c:\desktopclean folder. Double click on Other Profiles Regfix.vbs

Explorer will be ended and that user's active desktop registry entries will be repaired. Explorer will be restarted.

To restore the desktop to whatever picture you normally have right click on a blank part of desktop & select properties/desktop & select your prefered picture press apply & then ok to exit and then press F5

You will need to do this step for every user account
Afterwards, make sure you log off every other user but keep yourself logged on

==Download the Killbox by Option^Explicit (http://\"http://www.atribune.org/downloads/KillBox.exe\"). [color=\"red\"]*In the event you already have Killbox, this is a new version that I need you to download[/color].
* Save it to your desktop or a folder

Please Save these instructions  too a Notepad file on the desktop for reference
Disconnect from the Internet

Do another scan with Hijackthis and put a check next to these entries:

O2 - BHO: (no name) - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - (no file)
O2 - BHO: Class - {BD9CF1BA-C149-7FD6-0BF4-CE2A97CF0E4F} - C:\WINDOWS\sdklz32.dll (file missing)

O3 - Toolbar: (no name) - {64634180-B0EA-48B6-82B7-9620D33362C1} - (no file)

O9 - Extra button: Microsoft AntiSpyware helper - {D7811076-5F96-4C6C-B50E-1403311C1D3A} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D7811076-5F96-4C6C-B50E-1403311C1D3A} - C:\WINDOWS\System32\wldr.dll (file missing)

O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D7811076-5F96-4C6C-B50E-1403311C1D3A} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D7811076-5F96-4C6C-B50E-1403311C1D3A} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)

Fix the next ones too, if not set by yourself
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Run About:Buster again

Run Pocket KillBox.exe

In the killbox program, select the Delete on Reboot option.
Copy the file names below to the clipboard by highlighting them and pressing
Control + C

Killbox files to highlight between dotted lines
===================================================
C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\tvmcwrd.dll
C:\WINDOWS\SYSTEM32\fiz1
C:\WINDOWS\SYSTEM32\sdkdp32.exe
C:\WINDOWS\SYSTEM32\DRIVERS\csrss.exe
C:\WINDOWS\INF\alchem.inf
C:\WINDOWS\popup.html
C:\WINDOWS\Abi.html
C:\WINDOWS\Amu.html
C:\WINDOWS\Bft.html
C:\WINDOWS\Dsg.html
C:\WINDOWS\Fbc.html
C:\WINDOWS\Kkt.html
C:\WINDOWS\Laa.html
C:\WINDOWS\Tip.html
C:\WINDOWS\Mmm.html
C:\WINDOWS\Nng.html
C:\WINDOWS\popup.html
C:\WINDOWS\Rod.html
C:\WINDOWS\services.exe
C:\WINDOWS\system32\inetsrv\services.exe
C:\WINDOWS\system32\msfdje.gif
C:\WINDOWS\system32\pifn.dll
C:\WINDOWS\system32\wbem\svchost.exe


===================================================
*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer doesn't restart
Please Restart it now manually

Back in Windows

Can you do the following
Run Hijackthis again and post a new log

Also run WPFind.exe again, post the new log from it also
and the About:Buster log again

Title: More win32 problems
Post by: guestolo on September 06, 2005, 12:08:08 AM

I probably won't see your updated logs until tomorrow
That's it for me for tonight
So do what you can from the above

Title: More win32 problems
Post by: tektok3 on September 06, 2005, 12:11:27 AM

Thank you very much! I will not be home again until later tomorrow evening, so I will let you know thenhow it goes!

Title: More win32 problems
Post by: tektok3 on September 06, 2005, 12:50:37 AM

Here is my Hijackthis log:


Logfile of HijackThis v1.99.1
Scan saved at 12:48:04 AM, on 9/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Cox\Applications\app\Prism.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1124573388\ee\AOLHostManager.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\AOL\1124573388\ee\AOLServiceHost.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Yahoo!\Messenger\yupdater.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\AOL\1124573388\ee\AOLServiceHost.exe
C:\Desktop\ARIEL\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/ (http://\"http://google.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\AUserInit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {64634180-B0EA-48B6-82B7-9620D33362C1} - (no file)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124573388\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [MoneyAgent] C:\Program Files\Microsoft Money\System\mnyexpr.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://www.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wizlet/...flowActiveX.CAB (http://\"https://fastconnectkitsetup.cox.net/wizlet/CoxNA/static/controls/WebflowActiveX.CAB\")
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Title: More win32 problems
Post by: tektok3 on September 06, 2005, 01:06:11 AM

Here's the WPFind log:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP    Current Build: Service Pack 1    Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
UPX!                 4/26/2004 1:28:28 PM        3072       C:\WINDOWS\SYSTEM32\arpa.exe
UPX!                 7/23/2004 1:32:52 PM        9728       C:\WINDOWS\SYSTEM32\authz.exe
PEC2                 8/29/2002 6:00:00 AM        41397      C:\WINDOWS\SYSTEM32\dfrg.msc
PTech                4/29/2004 2:35:00 AM     H  3066522    C:\WINDOWS\SYSTEM32\kyf.dat
UPX!                 8/22/2001 6:00:00 PM        86030      C:\WINDOWS\SYSTEM32\msdjgk.dll
Umonitor             8/29/2002 6:00:00 AM        631808     C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync              8/29/2002 6:00:00 AM        1309184    C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
aspack               12/10/2004 10:30:48 AM  R   707176     C:\WINDOWS\SYSTEM32\drivers\css-dvp.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
                     8/4/2005 11:24:22 AM     H  65680      C:\WINDOWS\MEMORY.DMP
                     9/5/2005 9:56:02 PM      HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini
                     9/5/2005 9:56:02 PM      HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0XUZKDUF\desktop.ini
                     9/5/2005 9:56:02 PM      HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4LU78T6J\desktop.ini
                     9/5/2005 9:56:02 PM      HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GLYRW1QF\desktop.ini
                     9/5/2005 9:56:02 PM      HS 67         C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WX2R0LAR\desktop.ini
                     9/6/2005 12:45:14 AM     H  6          C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation          8/29/2002 6:00:00 AM        66048      C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp.    2/17/2004 5:49:14 AM        14193152   C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation          8/29/2002 6:00:00 AM        578560     C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        129024     C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        150016     C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation              4/7/2003 8:14:30 AM         94208      C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Ahead Software AG              5/26/2003 4:12:14 AM        57344      C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        292352     C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        121856     C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        65536      C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems               10/11/2003 4:52:00 AM       53352      C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        187904     C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        559616     C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        35840      C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        256000     C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation             8/19/2003 3:56:00 AM        143360     C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        36864      C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        109056     C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc.           9/23/2004 6:57:40 PM        323072     C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        268288     C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        28160      C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        90112      C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation          8/3/2004 2:03:24 PM         167704     C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        66048      C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        578560     C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        129024     C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        150016     C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        292352     C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        121856     C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        65536      C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        187904     C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        559616     C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        35840      C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        256000     C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        36864      C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        109056     C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        147456     C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        268288     C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        28160      C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation          8/29/2002 6:00:00 AM        90112      C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Realtek Semiconductor Corp.    2/17/2004 5:49:14 AM        14193152   C:\WINDOWS\SYSTEM32\DRVSTORE\Alcxwdm_cfb7d3fc0ab7f7a3133a6c25509eaf3479108975\ALSNDMGR.CPL
Intel Corporation              4/7/2003 8:14:30 AM         94208      C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\igfxcpl.cpl
Realtek Semiconductor Corp.    9/12/2003 8:24:20 PM        10435584   C:\WINDOWS\SYSTEM32\ReinstallBackups\0014\DriverFiles\ALSNDMGR.CPL

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
                     9/17/2004 10:28:00 PM       1562       C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dataviz Messenger.lnk
                     10/11/2003 4:16:08 AM    HS 84         C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
                     10/10/2003 9:10:12 PM    HS 62         C:\Documents and Settings\All Users\Application Data\desktop.ini
                     10/11/2003 5:35:18 AM       534        C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...
                     10/11/2003 4:16:08 AM    HS 84         C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini
                     9/17/2004 11:14:26 PM       1315       C:\Documents and Settings\Owner\Start Menu\Programs\Startup\HotSync Manager.lnk
                     6/17/2004 12:21:22 AM       938        C:\Documents and Settings\Owner\Start Menu\Programs\Startup\WKCALREM.LNK

Checking files in %USERPROFILE%\Application Data folder...
                     10/10/2003 9:10:12 PM    HS 62         C:\Documents and Settings\Owner\Application Data\desktop.ini
                     9/21/2004 9:27:20 PM        0          C:\Documents and Settings\Owner\Application Data\dm.ini
                     4/26/2005 11:02:10 PM       284        C:\Documents and Settings\Owner\Application Data\ViewerApp.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
   {5464D816-CF16-4784-B9F3-75C0DB52B499}    = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
   {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}    = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
   AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A4D90779-6CB2-4752-83C2-A2AB4D9A672D}
    =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
   &Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
   &Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
   {EF99BD32-C1FB-11D2-892F-0090271D4F88}    = &Yahoo! Companion   : C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
   {8E718888-423F-11D2-876E-00A0C9082467}    = &Radio   : C:\WINDOWS\System32\msdxm.ocx
   {64634180-B0EA-48B6-82B7-9620D33362C1}    =    :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
   MenuText    = Sun Java Console   : C:\WINDOWS\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
   ButtonText    = Messenger   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
   ButtonText    = Research   :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
   ButtonText    = AIM   : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F4430FE8-2638-42e5-B849-800749B94EED}
   ButtonText    = PartyPoker.net   : C:\Program Files\PartyPoker.net\partypokernet.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
   Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
   Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
   &Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
   File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
   Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
   Explorer Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}
   &Research = C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links   : %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
   {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address   : %SystemRoot%\System32\browseui.dll
   {EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion   : C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   NeroCheck   C:\WINDOWS\system32\NeroCheck.exe
   SSC_UserPrompt   C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
   iTunesHelper   C:\Program Files\iTunes\iTunesHelper.exe
   HostManager   C:\Program Files\Common Files\AOL\1124573388\ee\AOLHostManager.exe
   TkBellExe   "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
      

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   MSMSGS   C:\Program Files\Messenger\msmsgs.exe /background
   MoneyAgent   C:\Program Files\Microsoft Money\System\mnyexpr.exe
   AIM   C:\Program Files\AIM\aim.exe -cnetwait.odl
   Yahoo! Pager   C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
   {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
   {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
   {0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
   Key   KY/Pkx,Rå·cÎ
   Hint   rats
   FileName0   C:\WINDOWS\System32\RSACi.rat

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
   Allow_Unknowns   0
   PleaseMom   1
   Enabled   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html
   l   0
   n   0
   s   0
   v   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default
   NumSys   0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   dontdisplaylastusername   0
   legalnoticecaption   
   legalnoticetext   
   shutdownwithoutlogon   1
   undockwithoutlogon   1
   DisableTaskMgr   0


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
   NoComponents   0
   NoAddingComponents   0
   NoDeletingComponents   0
   NoEditingComponents   0
   NoHTMLWallPaper   0
   NoChangingWallPaper   0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   255
   _NoDriveTypeAutoRun   0
   NoSaveSettings   0
   NoThemesTab   0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
   disableregistrytools   0
   disabletaskmgr   0
   NoColorChoice   0
   NoSizeChoice   0
   NoDispScrSavPage   0
   NoDispCPL   0
   NoVisualStyleChoice   0
   NoDispSettingsPage   0
   NoDispBackgroundPage   0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
   PostBootReminder                  {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
   CDBurn                            {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
   WebCheck                          {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
   SysTray                           {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   UserInit   = C:\WINDOWS\System32\AUserInit.exe
   Shell      = Explorer.exe
   System      =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
    = igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
   Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
   AppInit_DLLs   


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.5   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/6/2005 1:01:28 AM

Title: More win32 problems
Post by: tektok3 on September 06, 2005, 01:10:04 AM

Here's my last AboutBuster Log:

AboutBuster 5.0 reference file 31
Scan started on [9/6/2005] at [1:06:10 AM]
------------------------------------------------
Removed Stream! C:\WINDOWS\KB828035.log:ptnaac
Removed Stream! C:\WINDOWS\KB828035.log:vkfltb
Removed Stream! C:\WINDOWS\Q327979.log:xwhnbf
Removed Stream! C:\WINDOWS\Q327979.log:yrecyp
Removed Stream! C:\WINDOWS\system.ini:ynupcv
Removed Stream! C:\WINDOWS\winnt.bmp:jdbjsj
Removed Stream! C:\WINDOWS\winnt.bmp:vpgpis
Removed Stream! C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:tpnpxv
Removed Stream! C:\WINDOWS\{F08B228D-74AF-4061-9A05-3E0C671873D6}.dat:umjxsi
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 1:07:05 AM

Title: More win32 problems
Post by: tektok3 on September 06, 2005, 09:12:18 PM

So what's the diagnosis?   /blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />

Title: More win32 problems
Post by: guestolo on September 06, 2005, 11:30:02 PM

Sorry for the delay, my every day job keeps me off the forum

Let's do the following,,
As promised I want to make those lists you supplied shorter

Can you do this please
Print this out so you can follow along with these instructions
Or save this too a note pad file on the desktop

Normally I leave clearing your system restore folder till last, because the malware listing is so long can you do the following
You should disable system restore---restart your computer--enable system restore
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature (http://\"http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm\")

Once back in Windows and System Restore is reenabled
Access the quarantine area of Command Software anti-virus  and delete the backups

Okay, now we reduced the list by a lot
Do the following
Open Ewido
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/ (http://\"http://www.ewido.net/en/download/updates/\")

Restart into safe mode
Make sure you have windows set to show hidden files and folders
Navigate to this folder
 C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0 <delete this folder, it will be replaced

Stay in safe mode

==Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files
Don't restart or log off yet
Instead

Open Ewido Security Suite
Click on the Scanner button on the left menu
Click on the Settings button on the right
Select "Scan Every File"
OK it and then click on the "Complete System Scan"
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

NOTE: When Ewido is running do NOT open any other Windows
Let it do it's job

Again in safe mode
Run Pocket KillBox.exe

In the killbox program, select the Delete on Reboot option.
Copy the file names below to the clipboard by highlighting them and pressing
Control + C

Killbox files to highlight between dotted lines
===================================================
:C:\WINDOWS\SYSTEM32\arpa.exe
C:\WINDOWS\SYSTEM32\authz.exe
C:\WINDOWS\SYSTEM32\kyf.dat
C:\WINDOWS\SYSTEM32\msdjgk.dll

===================================================
*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer doesn't restart
Please Restart it now manually back to normal mode

Back in normal mode

Do the following
Run another Panda scan
=Save the report afterwards and post it back here
Also post the new report from Ewidos
Again, run hijackthis and post a fresh log