Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Comp

Pages: [1]
1
Tech Clinic / My C: Drive loses memory everytime i startup
« on: October 06, 2006, 10:32:26 PM »
Oh yeah, I Forgot to tell you that I got Spybot, it found:

Advertising.com [color=\"#FF0000\"](1 Entries)[/color]
Avenue A, Inc. [color=\"#FF0000\"](1 Entries)[/color]
DoubleClick [color=\"#FF0000\"](2 Entries)[/color]
FastClick [color=\"#FF0000\"](2 Entries)[/color]
HitBox [color=\"#FF0000\"](3 Entries)[/color]
MediaPlex [color=\"#FF0000\"](1 Entries)[/color]
Microsoft.WindowsSecurityCenter.AntiVirusOverride [color=\"#FF0000\"](1 Entries)[/color]
MiniBug [color=\"#FF0000\"](1 Entries)[/color]
WebTrends Live [color=\"#FF0000\"](1 Entries)[/color]
WildTangent [color=\"#FF0000\"](6 Entries)[/color]

I also ran another search and destroy after getting your post and it found:

Advertising.com [color=\"#FF0000\"](1 Entries)[/color]
Avenue A, Inc. [color=\"#FF0000\"](1 Entries)[/color]
DoubleClick [color=\"#FF0000\"](2 Entries)[/color]
FastClick [color=\"#FF0000\"](2 Entries)[/color]
HitBox [color=\"#FF0000\"](3 Entries)[/color]
MediaPlex [color=\"#FF0000\"](1 Entries)[/color]
WebTrends Live [color=\"#FF0000\"](1 Entries)[/color]
WildTangent [color=\"#FF0000\"](1 Entries)[/color]

I think that it said that most were just tracking cookies though

2
Tech Clinic / My C: Drive loses memory everytime i startup
« on: October 06, 2006, 04:18:11 PM »
Yeah I Installed those Reg Fixes in hopes of fixing the computer... I'll uninstall them. Everything is running much better than before, but I'm still having the memory loss problem. For some reason everytime I turn on the computer the C: drive losses 10 Mb of memory. I have other drives with much much more memory than the C: so I'll just use those.

Thanks for all the help, everything else is running much better.  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />


Logfile of HijackThis v1.99.1
Scan saved at 5:10:37 PM, on 10/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\MMTray.exe
C:\WINDOWS\system32\MMTray2k.exe
C:\WINDOWS\system32\MMTrayLSI.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\My Documents\iPod\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "D:\My Documents\iPod\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - http://207.207.60.49/SiteRoots/main/Instal...raUpdaterAx.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.easports.com/downloads/games/co...py/iesnoopy.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

3
Tech Clinic / My C: Drive loses memory everytime i startup
« on: October 05, 2006, 08:24:31 PM »
No problem, I'm suprised how you can help so many people with only making a few mistakes

Now here is the HiJackThis scan, Exoprt.bat, and HiJackThis Uninstall list.

Logfile of HijackThis v1.99.1
Scan saved at 9:10:39 PM, on 10/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\MMTray.exe
C:\WINDOWS\system32\MMTray2k.exe
C:\WINDOWS\system32\MMTrayLSI.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\My Documents\iPod\iTunesHelper.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
E:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "D:\My Documents\iPod\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - http://207.207.60.49/SiteRoots/main/Instal...raUpdaterAx.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.easports.com/downloads/games/co...py/iesnoopy.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe


-----------------------------------------------------------------------------------------------------------------------------


Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000000
"startup"=dword:00000000


-----------------------------------------------------------------------------------------------------------------------------


ACE Mega CoDecS Pack
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe InDesign CS
Adobe Reader 6.0.1
Adobe SVG Viewer 3.0
Ahead Nero Burning ROM
AOL Instant Messenger
AVG Free Edition
Azureus
Calculator Powertoy for Windows XP
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Dell Laser Printer 1100 Software Uninstall
iPod for Windows 2005-09-23
iPod for Windows 2005-10-12
iTunes
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
JD Secure 3.1
LimeWire
LimeWire 4.12.6
Macromedia Flash Player 8
Macromedia Shockwave Player
Magic ISO Maker v4.8 (build 0138)
Mavis Beacon Teaches Typing 12 Deluxe
Microsoft Office XP Professional with FrontPage
Motorola Handset USB Driver
Music Visualizer Library 1.4.00
Nokia Connectivity Cable Driver
nProtect KeyCrypt
NTI DVD-Maker
NVIDIA Display Driver
NVIDIA Drivers
NVIDIA Windows 2000/XP nForce Drivers
OpenMG Limited Patch 3.4-04-16-16-01
OpenMG Secure Module 3.4.01
OpenMG Secure Module 4.0.00
PeerGuardian 2.0
QuickTime
Regfixer
RegistryFix v5.5
Ringtone Editor 1
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB925486)
Shockwave
SonicStage 2.0.06
StyleXP (remove only)
Themexp.org File
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Internet Mail
Yahoo! Messenger

4
Tech Clinic / My C: Drive loses memory everytime i startup
« on: October 04, 2006, 11:13:01 PM »
Ooops I'm sorry I didn't make that last post clear, I meant I couldn't find a file called "remove.reg" was it supposed to be created after the HiJackThis Fixed Check? I tried to run a search, but I can't find it. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' />

5
Tech Clinic / My C: Drive loses memory everytime i startup
« on: October 03, 2006, 03:36:44 PM »
I did everything you said until you told me to Double click on remove.reg, could you tell me where that is?

Also when I tried to Uninstall Java 2 Runtime Environment, SE v1.4.1_02 I clicked on Change/Remove and nothing happened so I clicked on it again and still nothing happened, so i closed and reopened Add/Remove Programs and it was still there except it had no size. Im not even sure if it was removed, but since it had no size I continued anyway. Should I have continued with your instructions up to the remove.reg point?

6
Tech Clinic / My C: Drive loses memory everytime i startup
« on: October 02, 2006, 10:39:04 PM »
Yeah there is only 1 user profile file besides the Administrator file.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Anti-Virus&Trojan.lnk]
"backup"="C:\\WINDOWS\\pss\\Anti-Virus&Trojan.lnkCommon Startup"
"location"="Common Startup"
"item"="Anti-Virus&Trojan"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^GStartup.lnk]
"backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
"location"="Common Startup"
"item"="GStartup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\NaviSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nls"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\SearchSetter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="searchsetter[1]"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\startupreg\updater]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wupdater"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\state]
"system.ini"=dword:00000000
"win.ini"=dword:00000000
"bootini"=dword:00000000
"services"=dword:00000000
"startup"=dword:00000000

7
Tech Clinic / My C: Drive loses memory everytime i startup
« on: October 02, 2006, 09:53:11 PM »
Accoona? Now that you mention it I don't even know what Accoona is, but a while back I think Adaware detected a virus with accoona in the name. That would make a lot of sense.

Anyway here is the Uninstall List

ACE Mega CoDecS Pack
Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe InDesign CS
Adobe Reader 6.0.1
Adobe SVG Viewer 3.0
Ahead Nero Burning ROM
AOL Instant Messenger
AVG Free Edition
Azureus
Calculator Powertoy for Windows XP
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities ZoomBrowser EX
Dell Laser Printer 1100 Software Uninstall
iPod for Windows 2005-09-23
iPod for Windows 2005-10-12
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 6
Java 2 Runtime Environment Standard Edition v1.3.1_04
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
JD Secure 3.1
LimeWire
LimeWire 4.12.6
Macromedia Flash Player 8
Macromedia Shockwave Player
Magic ISO Maker v4.8 (build 0138)
Mavis Beacon Teaches Typing 12 Deluxe
Microsoft Office XP Professional with FrontPage
Motorola Handset USB Driver
Music Visualizer Library 1.4.00
Nokia Connectivity Cable Driver
nProtect KeyCrypt
NTI DVD-Maker
NVIDIA Display Driver
NVIDIA Drivers
NVIDIA Windows 2000/XP nForce Drivers
OpenMG Limited Patch 3.4-04-16-16-01
OpenMG Secure Module 3.4.01
OpenMG Secure Module 4.0.00
PeerGuardian 2.0
QuickTime
Regfixer
RegistryFix v5.5
Ringtone Editor 1
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB925486)
Shockwave
SonicStage 2.0.06
StyleXP (remove only)
Themexp.org File
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yahoo! Internet Mail
Yahoo! Messenger

8
Tech Clinic / My C: Drive loses memory everytime i startup
« on: October 02, 2006, 08:43:13 PM »
I followed your instruction but when i restarted the computer it was stuck at a Biostar loading screen. So I had to restart the computer 3 times until it got passed that screen and then I got some kind of error message for WJView or something. Anyway here is the HiJackThis Log

*  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />  Wow I just checked my C: drive and it was 775 Mb and before the restart it was 300 Mb ..... ?????? http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' />

Logfile of HijackThis v1.99.1
Scan saved at 9:34:56 PM, on 10/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MMTray.exe
C:\WINDOWS\system32\MMTray2k.exe
C:\WINDOWS\system32\MMTrayLSI.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\My Documents\iPod\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
E:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/ac...mpaign=wdz0605a
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/ac...mpaign=wdz0605a
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "D:\My Documents\iPod\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [LimeShop] wjview /cp:p "C:\Program Files\LimeShop\System\Code" Main lp: "C:\Program Files\LimeShop"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - http://207.207.60.49/SiteRoots/main/Instal...raUpdaterAx.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.easports.com/downloads/games/co...py/iesnoopy.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

9
Tech Clinic / My C: Drive loses memory everytime i startup
« on: October 02, 2006, 07:13:24 PM »
Ok Here are the ComboFix and HiJackThis Logs

V - 06-10-02 20:04:50.46    Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\V\Desktop"

(((((((((((((((((((((((((((((((   Files Created from 2006-09-02 to 2006-10-02  ))))))))))))))))))))))))))))))))))
 

No new files created in this timespan
 

((((((((((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-10-02 15:16   71168   --a------   C:\WINDOWS\system32\LxrJD31s.exe
2006-10-02 15:16   69824   --a------   C:\WINDOWS\system32\drivers\LxrJD31d.sys
2006-10-02 15:16   61440   --a------   C:\WINDOWS\system32\LxrJD20Sat.dll
2006-10-02 15:16   249856   --a------   C:\WINDOWS\system32\LxrJD31.dll
2006-10-02 15:16   163840   --a------   C:\WINDOWS\system32\LxrJD31c.exe
2006-10-02 15:16   146432   --a------   C:\WINDOWS\system32\LxrJD31p.exe
2006-09-29 23:18   --------   d--------   C:\Program Files\Regfixer
2006-09-28 23:57   778656   --a------   C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-18 11:49   --------   d--------   C:\Program Files\Nokia
2006-09-18 11:48   --------   d--------   C:\Program Files\Common Files\PCSuite
2006-09-18 11:48   --------   d--------   C:\Program Files\Common Files\Nokia
2006-09-18 11:48   --------   d--------   C:\Program Files\Common Files
2006-08-21 08:21   16896   --a------   C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14   23040   --a------   C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14   128896   ---------   C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-11 17:39   --------   d--------   C:\Program Files\Internet Explorer
2006-08-08 01:20   27904   --a------   C:\WINDOWS\system32\drivers\avg7rsxp.sys
2006-07-27 09:24   679424   --a------   C:\WINDOWS\system32\inetcomm.dll
2006-07-21 04:24   72704   --a------   C:\WINDOWS\system32\hlink.dll
 

((((((((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))
 
*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp"
"MMTray"="MMTray.exe"
"MMTray2K"="MMTray2k.exe"
"MMTrayLSI"="MMTrayLSI.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"iTunesHelper"="\"D:\\My Documents\\iPod\\iTunesHelper.exe\""
"QuickTime Task"="\"E:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"DataLayer"="C:\\PROGRA~1\\COMMON~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\TRAYAP~1.EXE"
"type32"="\"C:\\Program Files\\Microsoft IntelliType Pro\\type32.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\"  -osboot"
"LimeShop"="wjview /cp:p \"C:\\Program Files\\LimeShop\\System\\Code\" Main lp: \"C:\\Program Files\\LimeShop\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e6,00,00,00,00,00,00,00,9a,03,00,00,3d,03,00,00,00,\
  00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
  ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
  00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Anti-Virus&Trojan.lnk]
"backup"="C:\\WINDOWS\\pss\\Anti-Virus&Trojan.lnkCommon Startup"
"location"="Common Startup"
"item"="Anti-Virus&Trojan"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^GStartup.lnk]
"backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
"location"="Common Startup"
"item"="GStartup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NaviSearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nls"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\SearchSetter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="searchsetter[1]"
"hkey"="HKCU"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\updater]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wupdater"
"hkey"="HKLM"
"inimapping"="0"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ  msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

 
Completion time: Mon 10/02/2006 20:06:52.76
ComboFix.txt


----------------------------------------------------------------------------------------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 8:12:14 PM, on 10/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MMTray.exe
C:\WINDOWS\system32\MMTray2k.exe
C:\WINDOWS\system32\MMTrayLSI.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\My Documents\iPod\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
E:\Program Files\Winamp\Winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/ac...mpaign=wdz0605a
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/ac...mpaign=wdz0605a
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "D:\My Documents\iPod\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [LimeShop] wjview /cp:p "C:\Program Files\LimeShop\System\Code" Main lp: "C:\Program Files\LimeShop"
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - http://207.207.60.49/SiteRoots/main/Instal...raUpdaterAx.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.easports.com/downloads/games/co...py/iesnoopy.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

10
Tech Clinic / My C: Drive loses memory everytime i startup
« on: October 02, 2006, 06:38:49 PM »
Thanks again for the help  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

Logfile of HijackThis v1.99.1
Scan saved at 7:32:42 PM, on 10/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MMTray.exe
C:\WINDOWS\system32\MMTray2k.exe
C:\WINDOWS\system32\MMTrayLSI.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
D:\My Documents\iPod\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
E:\Program Files\Winamp\Winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
E:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.accoona.com/search_assistant/ac...mpaign=wdz0605a
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.accoona.com/search_assistant/ac...mpaign=wdz0605a
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.accoona.com/search?q=%s
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "D:\My Documents\iPod\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\AIM\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\System32\shdocvw.dll
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} - http://207.207.60.49/SiteRoots/main/Instal...raUpdaterAx.cab
O16 - DPF: {525A15D0-4938-11D4-94C7-0050DA20189B} - http://www.easports.com/downloads/games/co...py/iesnoopy.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

11
Tech Clinic / My C: Drive loses memory everytime i startup
« on: October 02, 2006, 12:36:51 PM »
I have had this problem for a while now but i just ignored it, everytime i would restart or reboot my computer I would go check my C: drive and within the first 10 seconds of the computer being turned on it would just jump down 10 Mb. A While ago i used to have about 1.5 Gb in that drive but now I'm down to 300 Mb. http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/huh.gif\' class=\'bbc_emoticon\' alt=\':huh:\' /> I cant believe how much it added up...

I had the same problem a while ago, It was the Win32-P2P.Alcan.A. worm or something like that. I went to this site and got rid of it about a year ago. I found that old worm by using Adaware but this time Adaware can't find anything wrong with my computer... I'm wondering if it could be the same worm or something else.

I also went to my "Folder Options" and unchecked the "Hide Protected Operating System Files" and I found an "Uploads" Folder full of garbage I never downloaded. I have a feeling it's that old worm I used to have or something like it, but my Adaware can't detect it.

Can someone please help me? Sorry about all the reading and Thank you in advanced.

12
Tech Clinic / Win32.P2P-Worm.Alcan.a
« on: July 26, 2005, 11:59:10 AM »
Ok it seems to be gone thx a lot. Here is the Hijackthis and Ewido scans.

Logfile of HijackThis v1.99.1
Scan saved at 12:55:21 PM, on 7/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
E:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Downloads\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (file missing)

--------------------------------------------------------------------------------------------------------------------------------------------------------------

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         12:28:33 PM, 7/26/2005
 + Report-Checksum:      E280A9B8

 + Scan result:

   HKLM\SOFTWARE\Classes\ImgConv.clsImgConv -> Spyware.WebRebates : Cleaned with backup
   HKLM\SOFTWARE\Classes\ImgConv.clsImgConv\Clsid -> Spyware.WebRebates : Cleaned with backup
   HKLM\SOFTWARE\Classes\TypeLib\{15E7D23B-736E-46FA-BFFD-CBEC4126BEFD} -> Spyware.WebRebates : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
   C:\Documents and Settings\V\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
   C:\Uploads\!!Quick Search v1.04.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\!Easy ScreenSaver Studio v3.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\!Easy ScreenSaver Studio v3.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\!Quick Screen Capture v1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\!Quick Screen Capture v2.1 by DBZ.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\!Quick Screen Capture v2.1 by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\!Quick Screen Capture v2.1 by RP2K.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\!Quick Screen Capture v2.1 Crack by MP2K.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\!Quick Screen Capture v2.1 Serial by MP2K.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\!Quick Screenshot Maker (All).zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\!QuickCapture v1.05.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\!TraceRoute.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 CD Ripper 1.72.31.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 CD Ripper 1.72.35.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 CD Ripper 1.72.36.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 CD Ripper 1.72.38.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 CD Ripper 1.72.39.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 CD Ripper 1.72.40.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 CD Ripper 1.72.42.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 CD Ripper 1.72.43.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 CD Ripper 1.72.46.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 CD Ripper 1.72.48.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 CD Ripper 1.72.69.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 DVD Audio Ripper 1.0.24.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 DVD Audio Ripper 1.0.26.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 DVD Audio Ripper 1.0.7.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 DVD Ripper  1.3.08.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 DVD Ripper 01.03.1936.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 DVD Ripper 1.2.06.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 DVD Ripper 1.3.0.8.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 DVD Ripper 1.3.10.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 DVD Ripper 1.3.11.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 DVD Ripper 1.3.13.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 DVD Ripper 1.3.14.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 DVD Ripper 1.3.16.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 DVD Ripper 1.3.17.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 DVD Ripper 1.3.21.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 DVD Ripper 1.3.24.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 DVD Ripper 1.3.25.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 DVD Ripper 1.3.32.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 DVD Ripper SE 1.3.40.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 Screen Capture 3.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 Screen Capture.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 Video Converter 3.1.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 Video Converter 3.1.4.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 Video Converter 3.5.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 Video Converter 3.6.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 video converter 3.6.3 crack by tsrh.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 Video Converter 3.6.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 video converter 3.8.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#1 Video Converter 316a.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\#PC#Protect Stealth Activity Monitor V 4.01.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\$Test v1.2.005.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\$tock Exchange.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\(i) London 1.0 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\(Sonic) MyDvd.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\.mobile for Desktop PC 1.0.40603.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\0 Code Html Converter v2.0 Cracked by CRD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\0-code html converter 3.0 patch by rock.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\0-Code Scrollbar Style Creator v1.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\0-Picasso 1.01 by Eminence.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\0-Picasso 1.01 by Orion.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\0-Picasso v1.01.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\001 MP3 Encoder 1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\001 MP3 Encoder v1.0 by RP2K.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\001 MP3 Encoder v1.0 by TNT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\001 MP3 Encoder v1.0 by TSRH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\001 MP3 Encoder v1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\001Spy 1.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\001Spy version 1.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Customer Search Expert v3.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 DVD Copy 1.0 CRK by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 DVD Copy v1.0 Cracked by ViRiLiTY.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 James Bond.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 MP3 Agent v2.2.0.33.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Nightfire.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 SESAME 4.2 by FHCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software 3.0 keygen.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software 3.0 Pro.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software 3.03.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software 3.04.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software 3.12.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software 3.14.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software 3.17.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software 3.18.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software 3.19.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software 3.20.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software 3.32.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software Pro v3.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software v2.50.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software v3.0 by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software v3.0 by iPA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software v3.0 by TSZ.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software v3.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software v3.01.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software v3.04.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software v3.06.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software v3.12.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software v3.18.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software v3.2 by DiGERATi.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software v3.2 by SND.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software v3.31.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software v3.33.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software v3.41 Cracked by CPHV.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software v3.41.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software v3.45.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Spy Software v3.60.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 STARR Commander v1.34.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 STARR Commander v2.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 STARR Commander v2.21 by EViDENCE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 STARR Internet PC Ueberwachung v1.34.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 STARR PC and Internet Monitor Home Edition v3.01.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 STARR PC and Internet Monitor Home Edition v3.11.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 STARR PC and Internet Monitor Pro Edition v3.02.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 STARR PC and Internet Monitor Pro Edition v3.03 by RAC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 STARR PC and Internet Monitor Pro Edition v3.03 by UCU.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 STARR PC Internet Monitor V2.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Monitor (SAM) 4.2 by EViDENCE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Monitor (SAM) 4.2 by FHCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Monitor (SAM) 4.2 by RAC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Monitor (SAM) 4.2 by TEX.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Monitor (SAM) 4.2 by Unspoken.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Monitor (SAM) 4.2a Patch.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Monitor (SAM) 4.2a Serial by Lockless2k.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Monitor (SAM) 4.2a Serial by RAC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Monitor SAM 4.2 by EViDENCE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Monitor SAM 4.2 by FHCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Monitor SAM 4.2 by RAC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Monitor SAM 4.2 by TEX.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Monitor SAM 4.2 by Unspoken.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Monitor SAM 4.2a Patch.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Monitor SAM 4.2a Serial by Lockless2k.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Monitor SAM 4.2a Serial by RAC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Monitor v4.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Recorder & Reporter v1.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Recorder and Reporter (STARR) 1.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Recorder and Reporter (STARR) 1.33.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Recorder and Reporter (STARR) 1.34.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Recorder and Reporter (STARR) 2.0 by Eminence.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Recorder and Reporter (STARR) 2.0 by FHCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Recorder and Reporter (STARR) 2.0 by TNT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Recorder and Reporter (STARR) 2.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Recorder and Reporter (STARR) 2.21 Crack.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Recorder and Reporter (STARR) 2.21 Keygen.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Recorder and Reporter STARR 1.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Recorder and Reporter STARR 1.33.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Recorder and Reporter STARR 1.34.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Recorder and Reporter STARR 2.0 by TNT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Recorder and Reporter STARR 2.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Recorder and Reporter STARR 2.21 Crack.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Recorder Reporter STARR 2.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Recorder Reporter STARR V1.33.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007 Stealth Activity Recorder Reporter STARR v2.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007DTF - Direct Transfer Files v1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007th ZIG ZAG v2.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007th Zig-zag 2.3 Keygen.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007th Zig-zag 2.3 Serial by Elila.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007th Zig-zag 2.3 Serial by Lash.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007th Zig-zag 2.3 Serial by TNT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\007th Zig-zag v2.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\008Soft MP3 Splitter v2.0 by ORiON.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\008Soft MP3 Splitter v2.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\009Soft Traffic Counter v2.0 Patch by XMN.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor 1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor 1.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor 1.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor 2.0.1 CRK by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 editor 2.0.1 regfile by forteam.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor 2.0.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor 2.0.2 CRK by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor v1.0 by LasH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor v1.0 by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor v1.0.1 by Digerati.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor v1.0.1 by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor v1.1 by AvAtAr.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor v1.1 by GaBoR.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor v1.1 by LasH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor v1.1 by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor v1.1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor v1.2 by AvAtAr.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor v1.2 by SND.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor v1.2 by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor v1.2 Keygen Only-UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor v1.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor v1.3 by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor v1.3.2 by CAFE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor v2.0.1 by EXPLOSiON.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor v2.0.1000th Release by CAFE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Editor v2.0.2 by EXPLOSiON.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Memorizer 1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Memorizer v1.0.2 by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Memorizer v1.0.2 by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Memorizer v1.1 by Cim.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Memorizer v1.1 by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010 Memorizer v1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010editor 1.2 patch.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010Editor v1.3.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\010Memorizer v1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\0190killer v1.x.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\01W SoundEditor 6.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\024h lucky reminder 1.4 by rev.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\024h lucky reminder 1.41 by rev.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\024h Lucky Reminder 1.41.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\024h lucky reminder 1.6 by rev.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\024h lucky reminder 1.6.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\024h Lucky Reminder 1.71.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\024h lucky reminder 1.72 by rev.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\024h Lucky Reminder 1.80.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\024h Lucky Reminder v1.5 by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\024h Lucky Reminder v1.6 PROPER by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\024h Lucky Reminder v1.6 Proper.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\024h Lucky Reminder v1.6.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\024H Lucky Reminder v1.61 by ViRiLiTY.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\024H Lucky Reminder v1.61.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\024H Lucky Reminder v1.62 by ViRiLiTY.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\024H Lucky Reminder v1.62.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\024h Lucky Reminder v1.7 by iNFECTED.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\024h Lucky Reminder v1.71 by EXPLOSiON.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\024h Lucky Reminder v1.72 by ViRiLiTY.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\024h Lucky Reminder v1.80 by EXPLOSiON.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\0pop v2.05.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\0pop.v2.05.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1 CD Ripper 1.72.24.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1 Click DVD Ripper  v2.03.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1 Click DVD Ripper 2.03.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1 Click DVD to DivX avi.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1 Click DVD to VCD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1 Form Proposal Invoice 1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1 Form Proposal-Invoice 1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1 Form Proposal-Invoice 1.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1 Great Craps Game 1.3.6.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1 Moon Above 4.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1 Moon Above 4.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1 More Photo Calender 1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1 More PhotoCalendar 1.0 German.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1 More Scanner 1.06.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1 More Watermaker 1.00.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1 More Watermarker 1.20.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1 Screen Capture.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1 st Mass Mailer 2.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1+2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1- More PhotoCalendar 1.20.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-2-3 SuperPairs.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-2-3 Word Search Maker v1.0.0.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-2-3 Word Search Maker.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-2-Convert 1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-4-All 2.10.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-4-All HTML Editor 2.10.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-4-ALL HTML Editor v2.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-Clik-Calculator 1.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-Clik-Calculator 1.30.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-clik-calculator v1.30.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-clik-calendar v1.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-Clik-Clock 1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-clik-clock v1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-Clik-Shutter 1.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-clik-shutter v1.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-Form Proposal Invoice v1.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-more all products by rev.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-more all products.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Foto-Kalender v1.70.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalendar 1.10.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalendar 1.30.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-more photocalendar 1.50 serial by rev.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalendar 1.50.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalendar v1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalendar v1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalendar v1.10.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalendar v1.20 by Enfusia.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalendar v1.20.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalendar v1.21 by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalendar v1.21 by Orion.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalendar v1.21.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalendar v1.30.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalendar v1.41.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalendar v1.50 Keygen by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalendar v1.50 Serial by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalendar v1.50.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalendar v1.60 German by LAXiTY.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalendar v1.60 German.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalendar v1.70 German by ViRiLiTY.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalendar v1.70 German.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalendar v1.71 German by LAXiTY.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalendar v1.71 German.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalendar v1.73 by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalendar v1.73.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoCalender 1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoManager v1.20 by ORiON.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoManager v1.20 by UnderPl.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoManager v1.20.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoManager v1.30 German by LAXiTY.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More PhotoShow v1.04 German by LAXiTY.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Scanner 1.05.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Scanner 1.06.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-more scanner 1.10 serial by rev.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Scanner 1.10.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Scanner v1.06 by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Scanner v1.06 by MP2K.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Scanner v1.06.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Scanner v1.10 by ENFUSiA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Scanner v1.10 by Fritmo.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Scanner v1.10 Keygen by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Scanner v1.10 Serial by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Scanner v1.10.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Scanner v1.20 German Regged by DVT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Scanner v1.20 German.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Scanner v1.22 German by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Scanner v1.22 German Regged by DVT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-more watermark 1.10 serial by rev.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-more watermark 1.10.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Watermarker  1.0 German.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Watermarker 1.00 German.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Watermarker v1.00 by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Watermarker v1.00.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Watermarker v1.02 Keygen by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Watermarker v1.10 by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Watermarker v1.10 by Revenge.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Watermarker v1.10.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Watermarker v1.11 by ORiON.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Watermarker v1.20 by CORE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Watermarker v1.22 by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More Watermarker v1.22 German by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More WebCam v1.0 German by LAXiTY.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More WebCam v1.02 by UnderPl.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More WebCam v1.02 German by LAXiTY.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More WebCam v1.03 German by LAXiTY.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-more-scanner v1.06.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-More-WaterMarker v1.20 German by LAXiTY.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-PhotoCalendar.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-Pro-File v2.1.0.240.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-Step Audio Publisher 2.22.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-Step Audio Publisher V2.22.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-Step RoboPDF Desktop v3.0 by AGAiN.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-Step RoboPDF Desktop v3.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-Step RoboPDF Server v3.0 by AGAiN.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-Step RoboPDF Server v3.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1-Zip 2.00.088.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1.CD.Ripper.v1.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1.Click.And.Lock.v2.4.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 ARCHIVI MILLENNIUM.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Finger Schreibtrainer v2.0.1 German.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Finger-Schreibtrainer v2.0.1 by Eminence.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Finger-Schreibtrainer v2.0.1 by EVC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Finger-Schreibtrainer v2.0.1 by RAC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Meter Contest Log v2.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Meter Contest v1.7.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Minute Guide To Practical UNIX v2.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Minute Guide To Practical UNIX vv3.1 8.0 9.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Minute Guide To Practical UNIX vv3.1, 8.0, 9.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 mn guide to Unix v2.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 sek. Haushaltsbuch v1.1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Sekunden CD Verwaltung v2.02 GERMAN by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Sekunden CD Verwaltung v2.02 GERMAN.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Sekunden CD Verwaltung v2.03 GERMAN by TBE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Sekunden CD Verwaltung v2.04 GERMAN by TBE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Sekunden CD Verwaltung v2.05 GERMAN by TBE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Sekunden Haushaltsbuch v1.11 by Eminence.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Sekunden Haushaltsbuch v1.11 by RAC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Sekunden Haushaltsbuch v1.14.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Sekunden Haushaltsbuch v1.15.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Sekunden Haushaltsbuch v1.18.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Sekunden Haushaltsbuch v1.19.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Sekunden Haushaltsbuch v1.20 German.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Sekunden Haushaltsbuch v2.01.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Sekunden Haushaltsbuch v2.02.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Sekunden Haushaltsbuch v2.08 GERMAN by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Sekunden Haushaltsbuch v2.08 GERMAN.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Sekunden Haushaltsbuch v2.09 GERMAN by TBE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Sekunden Haushaltsbuch v2.11 GERMAN by TBE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10 Sekunden Haushaltsbuch v2.12 GERMAN by TBE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10-10 QSO Party Log v1.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10-Sekunden-Haushaltsbuch v1.17.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10-Strike FTPrint v3.43.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10-Strike Log-Analyzer v1.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10-Strike Log-Analyzer v1.4.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10-Strike MP3-Scanner v1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10-Strike MP3-Scanner v1.02.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10-Strike MP3-Scanner v1.0b.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10-Strike MP3-Scanner v1.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10-Strike MP3-Scanner v1.4.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\100 000 MGAWEB Super Submission v1.69.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\100 Happy Dollars 3D ScreeenSaver v1.3 by EViDENCE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\100 Happy Dollars 3D ScreeenSaver v1.6.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\100 Percent Word Search v2.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\100,000+ MGAWEB Super Submission v1.69.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1000 Lots Of Happiness In The Game 1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1001 Killer Internet Marketing Tactics 1.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1001 Killer Internet Marketing Tactics New Keygen.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1001 Lines v3.01 by TSZ.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\1001 Lines v3.01.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\100xCD v2.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\100xCD v2.7.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10DRemote v1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10DRemote v1.1 by Core.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10DRemote v1.1 by DBZ.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10DRemote v1.1 by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10DRemote v1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10sec Haushaltsbuch 1.18 german.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10sec Haushaltsbuch 1.18.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\10sek Haushaltsbuch 1.19.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\111 Quick Reinstaller 2.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\111 Quick Reinstaller 2.21 Keygen.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\111 Quick Reinstaller 2.21 Serial by AmoK.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\111 Quick Reinstaller 2.5 by EVC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\111 Quick Reinstaller 2.5 by TMG.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\111 QUICK REINSTALLER v2.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\111 QUICK REINSTALLER v2.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\111 QUICK REINSTALLER v2.21.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\111 Quick Reinstaller v2.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\111 Zondulux v1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\12!The Series... Pyramid 1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123 Audio CD Ripper v1.8.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123 Audio CD Ripper v1.80 Cracked by UnderPl.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123 Audio CD Ripper v1.80.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123 Audio CD Ripper v2.10.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123 Avi to Gif Converter 1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123 Bulk Email Direct Sender 2003 3.40.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123 Bulk Email Direct Sender 2005 Build 3.50 by CRD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123 CD Extractor v1.50.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123 CD Extractor v1.70.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123 CD Extractor v2.10 by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123 CD Ripper v1.50.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123 CD Ripper v1.70.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123 CD Ripper v1.80.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123 CD Ripper v2.10 by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123 CD to MP3 Ripper v1.60.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123 Cleaner v3.20 by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123 File Splitter 4.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123 Flash Image Extractor 1.00.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123 Flash Menu 1.02.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123 WashALL Pro 3.15.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123-Launch v1.2 PalmOS5 Cracked by CSCPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123-Project Management Software v2.1I by PH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123-Project Management Software v2.1L by PH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123-Project Management Software v2.1L.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123-Project Management v1.1a.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123-Project Management v1.6h.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\12345-Wizard v1.25.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123Backup v1.70.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123ColorPicker v1.01.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123ColorPicker v1.2 by EViDENCE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123ColorPicker v1.2 by TNO.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123Graphic Converter v1.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123GraphicConverter.v1.5.2.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123icon hunter v1.0 boilsoft.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123IconHunter 1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123Learn Barnyard Friends v1.6.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123Learn Forest Field Trip v1.6.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123Learn Sounds of the City v1.6.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123Pe 4.2.7.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123Pet 4.2.7.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123Pet 5.05.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123Pet v4.2.5 Cracked by RB.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123Pet v4.2.7 Regged by HERETiC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123Pet v4.2.7.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123Pet v4.2.8 Regged by ARN.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123Pet v4.2.8-ARN.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123Pet v4.3.3 Regged by ARN.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123Pet v4.3.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123Pet v4.3.4 Regged by ARN.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123Pet v4.3.4.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123pet v4.3.5 Regged by ARN.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123pet v4.4.0 Regged-ARN Regged by ARN.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123Pet v5.0.8 by BRD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123Pet v5.05 by FUTURiTY.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123Tag 1.14.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\123Tag v1.11.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\ABBYY FineReader 5 Pro. 5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\ABBYY FineReader 5.0 Home Edition 5.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\ABBYY FineReader OFFICE 5.0.0.335 RUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\ABBYY Lingvo 10 Multilingual Dictionary.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\ABBYY Lingvo 9.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B's Recorder GOLD5 v5.09.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Calc 3.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\b-Cards 3.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Cards v3.2b GERMAN Cracked by HS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Coder Professional v4.0 by TSRH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Hunter No-CD Crack.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw 7.6.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw 7.61.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw 7.7.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v2.11.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v3.00.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v5.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v5.01.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v5.5 NEW.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v5.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v5.55.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v6.0 NEW.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v6.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v6.02 by LasH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v6.02 by Orion.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v7.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v7.01 by DBC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v7.01 by LasH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v7.01 by Orion.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v7.01 by UCU.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v7.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v7.20.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v7.31.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v7.4.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v7.45 by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v7.45 by RP2K.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v7.45 by TNT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v7.5 by Desperate.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v7.5 by LasH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Jigsaw v7.6.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads\B-Plan Business Planner v4.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
   C:\Uploads&

13
Tech Clinic / Win32.P2P-Worm.Alcan.a
« on: July 25, 2005, 10:05:26 AM »
Here are the results for the WinPFind Scan. Thx 4 the help. I really appriciate it.

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»  

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
PECompact2           6/14/2004 2:04:06 AM   8791546    C:\WINDOWS\LPT$VPN.903
UPX!                 4/28/2004 11:51:46 PM  44032      C:\WINDOWS\Unwash5.exe
UPX!                 3/2/2005 10:04:44 AM   56832      C:\WINDOWS\Unwash6.exe
PECompact2           6/14/2004 2:04:06 AM   8791546    C:\WINDOWS\VPTNFILE.903
UPX!                 6/14/2004 2:04:06 AM   1036800    C:\WINDOWS\vsapi32.dll
aspack               6/14/2004 2:04:06 AM   1036800    C:\WINDOWS\vsapi32.dll

Checking %System% folder...
UPX!                 12/5/2002 6:13:42 PM   50176      C:\WINDOWS\SYSTEM32\ciaXPButton.ocx
PEC2                 9/1/2002 8:00:00 AM    41397      C:\WINDOWS\SYSTEM32\dfrg.msc
PECompact2           7/6/2005 10:21:30 PM   1366872    C:\WINDOWS\SYSTEM32\MRT.exe
aspack               7/6/2005 10:21:30 PM   1366872    C:\WINDOWS\SYSTEM32\MRT.exe
UPX!                 3/31/2004 6:55:24 PM   172544     C:\WINDOWS\SYSTEM32\npkcsvc.exe
aspack               8/4/2004 3:56:36 AM    708096     C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor             8/4/2004 3:56:44 AM    657920     C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync              9/1/2002 8:00:00 AM    1309184    C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech                8/4/2004 1:41:38 AM    1309184    C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Checking the Windows folder for system and hidden files within the last 60 days...
                     7/8/2005 1:55:16 AM    0          C:\WINDOWS\inf\oem31.inf
                     7/25/2005 10:47:34 AM  2          C:\WINDOWS\system32\cmd.com
                     7/25/2005 10:47:34 AM  2          C:\WINDOWS\system32\netstat.com
                     7/25/2005 10:47:34 AM  2          C:\WINDOWS\system32\ping.com
                     7/25/2005 10:47:34 AM  2          C:\WINDOWS\system32\regedit.com
                     7/25/2005 10:47:34 AM  2          C:\WINDOWS\system32\taskkill.com
                     7/25/2005 10:47:34 AM  2          C:\WINDOWS\system32\tasklist.com
                     7/25/2005 10:47:34 AM  2          C:\WINDOWS\system32\tracert.com
                     7/25/2005 10:49:22 AM  8192       C:\WINDOWS\system32\config\default.LOG
                     7/25/2005 10:49:48 AM  1024       C:\WINDOWS\system32\config\SAM.LOG
                     7/25/2005 10:49:34 AM  12288      C:\WINDOWS\system32\config\SECURITY.LOG
                     7/25/2005 10:49:50 AM  57344      C:\WINDOWS\system32\config\software.LOG
                     7/25/2005 10:49:38 AM  1015808    C:\WINDOWS\system32\config\system.LOG
                     7/14/2005 4:51:14 PM   1024       C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
                     7/2/2005 12:32:56 PM   388        C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\1f34c641-2666-4cb1-b29b-e17657517a4a
                     7/2/2005 12:32:56 PM   24         C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
                     7/25/2005 10:48:28 AM  6          C:\WINDOWS\Tasks\SA.DAT

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»  

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...
                     4/15/2005 10:06:04 PM  27680      C:\Documents and Settings\V\Application Data\GDIPFONTCACHEV1.DAT

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»  

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform\SV1
   SV1    =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\VirusScan
   {cda2863e-2497-4c49-9b89-06840e070a87}    = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Washer
   {6EE51AA0-77A0-11D7-B4E1-000347126E46}    = C:\PROGRA~1\COMMON~1\WEBROO~1\SHELLW~1.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
   {5464D816-CF16-4784-B9F3-75C0DB52B499}    = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\VirusScan
   {cda2863e-2497-4c49-9b89-06840e070a87}    = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
   {B41DB860-8EE4-11D2-9906-E49FADC173CA}    = C:\Program Files\WinRAR\rarext.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   IMJPMIG8.1   "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
   PHIME2002ASync   C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
   PHIME2002A   C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
   NvCplDaemon   RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
   nwiz   nwiz.exe /install
   BluetoothAuthenticationAgent   rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
   3aec3.exe   3aec3.exe
   QuickTime Task   "C:\Program Files\QuickTime\qttask.exe" -atboottime
   TkBellExe   "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
   ShStatEXE   "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
   McAfeeUpdaterUI   "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
   winupdate   C:\Program Files\winupdate\winupdate.exe /auto
   p2pnetworking   p2pnetworking.exe
   MSConfig   C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
   IMAIL
   MAPI
   MSFS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoCDBurning   0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}
    = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
    =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
    =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   dontdisplaylastusername   0
   legalnoticecaption   
   legalnoticetext   
   shutdownwithoutlogon   1
   undockwithoutlogon   1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   145


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
   UserInit   = C:\WINDOWS\system32\userinit.exe,
   Shell      = Explorer.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\PostBootReminder
   {7849596a-48ea-486e-8937-a2a3009f31a9}    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\CDBurn
   {fbeb8a05-beee-4442-804e-409d6c4515e9}    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebCheck
   {E6FB5E20-DE35-11CF-9C87-00AA005127ED}    = %SystemRoot%\System32\webcheck.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysTray
   {35CEC8A3-2BE6-11D2-8773-92E220524153}    = C:\WINDOWS\System32\stobject.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
   Debugger = ntsd -d

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
   AppInit_DLLs   

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»  
WinPFind v1.2.4   - Log file written to "WinPFind.Txt" in the WinPFind folder.
--------------------------------------------------------------------------------------------------------------------------------------------------------------
Here are the results of the hijackthis scan

Logfile of HijackThis v1.99.1
Scan saved at 11:02:34 AM, on 7/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Downloads\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\system32\sfg_5b32.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [3aec3.exe] 3aec3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...ler/install.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (file missing)

14
Tech Clinic / Win32.P2P-Worm.Alcan.a
« on: July 25, 2005, 09:29:31 AM »
I did find a "Complete" folder that does seem to be filled with zips i have never even downloaded before. All of them seem to be the same size "851 KB" or zero. There are a total 553 items and the total size is 415 MB. All have titles of popular games, movies, and computer programs. Now I'll do the next step like u said.

15
Tech Clinic / Win32.P2P-Worm.Alcan.a
« on: July 24, 2005, 05:13:43 PM »
I don't know when I got this worm but for some reason it is the only thing that all of my virus scanners detect that is in my system. I do use Limewire but i dont have the same problems as everyone else when it keeps opening. My memory in one of my harddrive keeps droping to zero. It is really troubling me. Can sumone help me get rid of it? It keeps coming back even when i use my ad aware every time i reboot. A lil help please?

Oh yeah my case seems to be a lil bit different. I read some others on the same worm where they can't use Ctrl-Alt-del but I can. Its just my memory keeps jumping up and down for no reason. Is this caused by the worm?

Oh yeah here is my HiJak Log

Logfile of HijackThis v1.99.1
Scan saved at 6:34:14 PM, on 7/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\V\LOCALS~1\Temp\Rar$EX00.328\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SafeGuard Protect PCShield - {564FFB73-9EEF-4969-92FA-5FC4A92E2C2A} - C:\WINDOWS\system32\sfg_5b32.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [3aec3.exe] 3aec3.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildtangent.com/bgn/partner...ler/install.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/...utocomplete.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://guard.gunbound.net/nProtect/keyCrypt/npkcx.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.com/content/zuma/popcaploader_v5.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MSCSPTISRV - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe (file missing)
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (file missing)

Pages: [1]