« previous next »
Pages: [1] 2

Author Topic: Help!  (Read 5163 times)

Offline Nyfe

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Help!
« on: July 12, 2005, 03:47:32 PM »
Hi - My computer has been completely messed up for a very long time and my friend just recently recommended this site to me.  So I thought I would give it a try.  Any help you offer will be greatly appreciated.  Here's my HJT log:



Logfile of HijackThis v1.99.1
Scan saved at 3:43:49 PM, on 7/12/2005
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\qqnnif.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\ClearSearch\Loader.exe
C:\WINDOWS\System32\soundcontrl.exe
C:\DOCUME~1\Joe\LOCALS~1\Temp\Loader.EXE
C:\windows\Altnet.exe
C:\windows\180Solutions.exe
C:\windows\180Sol.exe
C:\WINDOWS\System32\xte.exe
C:\Program Files\pmeh\laec.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\Program Files\ClearSearch\17444812.exe
C:\DOCUME~1\Joe\LOCALS~1\Temp\sysnet.exe
C:\WINDOWS\ajnjdll.exe
C:\WINDOWS\ajnjenc.exe
C:\Program Files\CMAPP\Client\cmappclient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.kazaa-lite.ws/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.kazaa-lite.ws/results.php?show=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.kazaa-lite.ws/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-0000-4582-B386-DEFD5B89DF4E} - C:\Program Files\ClearSearch\ClearSearch.dll
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: ohb - {22B720C7-5FA6-40A8-9F8F-8584BF669690} - C:\WINDOWS\System32\trgen.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll (file missing)
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\System32\winb2s32.dll
O2 - BHO: (no name) - {6EA33A24-BF10-55CF-DE01-11557CAF2315} - C:\WINDOWS\System32\xcptpeh.dll
O2 - BHO: NLS UrlCatcher Class - {AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} - C:\WINDOWS\System32\nvms.dll
O2 - BHO: (no name) - {B3F5ED94-7075-7FD8-5DC3-70C278E62FB3} - C:\WINDOWS\System32\noziz.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\System32\mscb.dll
O2 - BHO: Url Catcher - {CE31A1F7-3D90-4874-8FBE-A5D97F8BC8F1} - C:\WINDOWS\System32\apuc.dll
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\System32\msbe.dll
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\System32\richedtr.dll
O3 - Toolbar: Begin2Search.com Bar - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - C:\WINDOWS\System32\winb2s32.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [Image] rundll32 C:\WINDOWS\image.dll,Install
O4 - HKLM\..\Run: [soundcontrl] soundcontrl.exe
O4 - HKLM\..\Run: [jpegc] C:\WINDOWS\system32\NtmsData\jpegc.exe
O4 - HKLM\..\Run: [Dimension] C:\Program Files\Dimension\Dimension.exe
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [conscorr] C:\WINDOWS\conscorr.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [TempLoader] C:\DOCUME~1\Joe\LOCALS~1\Temp\Loader.EXE
O4 - HKLM\..\Run: [richup] C:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [jazgha] c:\windows\system32\qqnnif.exe r
O4 - HKLM\..\Run: [Sysnet] C:\DOCUME~1\Joe\LOCALS~1\Temp\sysnet.exe
O4 - HKLM\..\Run: [ajnjdll] C:\WINDOWS\ajnjdll.EXE
O4 - HKLM\..\Run: [ajnjenc] C:\WINDOWS\ajnjenc.EXE
O4 - HKLM\..\RunServices: [soundcontrl] soundcontrl.exe
O4 - HKLM\..\RunServices: [Altnet] C:\windows\Altnet.exe
O4 - HKLM\..\RunServices: [180Solutions] C:\windows\180Solutions.exe
O4 - HKLM\..\RunServices: [180Sol] C:\windows\180Sol.exe
O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Joe\Application Data\ttuh.exe
O4 - HKCU\..\Run: [Altnet] C:\windows\Altnet.exe
O4 - HKCU\..\Run: [180Solutions] C:\windows\180Solutions.exe
O4 - HKCU\..\Run: [180Sol] C:\windows\180Sol.exe
O4 - HKCU\..\Run: [Cojdgh] C:\WINDOWS\System32\xte.exe
O4 - HKCU\..\Run: [Vxdzxpl] C:\WINDOWS\System32\l?ass.exe
O4 - HKCU\..\Run: [Neta] C:\Program Files\pmeh\laec.exe
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - HKCU\..\RunServices: [Image] rundll32 C:\WINDOWS\image.dll,Install
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (file missing)
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O9 - Extra 'Tools' menuitem: &Messenger Addon - {FB5F1911-F110-11d2-BB9E-00C04F795683} - http://messenger.ipfox.com (file missing)
O16 - DPF: IEToolbarCab - http://www.animetoolbar.com/DailyToolbar.CAB
O16 - DPF: {07E9CDF4-20D2-46B1-B681-663968F527CE} (iiittt Class) - http://www.begin2search.com/toolbar/winb2s32.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwebpr...etup1.0.0.8.cab
O16 - DPF: {918753F1-34D2-46EE-9D53-2722D1FE4BCC} (MyCorkboard Class) - http://www.mycorkboard.com/CabFiles/WebsiteHelper.cab
O16 - DPF: {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} (brdg Class) - http://static.flingstone.com/cab/2000XP/CDTInc/bridge.cab
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - http://www.mt-download.com/MediaTicketsInstaller.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\CMAPP\Client\cmappmf.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\ajnjsvc.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help!
« Reply #1 on: July 12, 2005, 11:17:38 PM »
Wow, you have some cleaning to do

Can you do the following please

==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0
Give the link time to load or try it twice, it may be busy
Don't run this yet, we'll need it in a bit

Download and Install the free version of Ad-Aware SE Personal 1.06
From the direct link above or click HERE
Ensure you have the latest version
Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates
When installing, Ad-Aware should check for updates
Allow it, but don't run a scan yet

Instead
Download and Install Spybot 1.4 from
HERE
 or HERE
Don't activate the Tea Timer when installing, it's a great feature but can get in the way
of any fixes we may still have to do
After installation--Click the UPDATE button on the left
SEARCH FOR UPDATES on the right
Check, and download all updates
Again, don't run a scan yet

Now that you have some tools for initia cleanup, let's start getting your rig clean

Please Print this out or save these instructions to a Notepad file and save it to your Desktop
RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link
I supplied for a more detailed explanation

In safe mode, please do the following
==Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
DECLINE to Log off or Restart when scan is done.

Open Ad-Aware
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

Restart your computer to finish the cleaning process
Please Restart back to Safe mode

Back in Windows

Open Spybot
Click the Search & Destroy button on the left
Check for Problems---When the Scan is complete
FIX all selected promblems in RED

Restart back to Normal mode

Back in Windows, your system is far behind on Windows Updates
Please visit the following link and for now Download and install Service Pack 1a
Don't install Service pack 2 yet, we should clean your system beforehand
Just select your language and hit Go
save the Installer to desktop
http://www.microsoft.com/windowsxp/downloa...1/expresso.mspx
Reboot after installation and prompted

Run another scan with Hijackthis and post a fresh log
« Last Edit: July 12, 2005, 11:19:06 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Nyfe

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Help!
« Reply #2 on: July 13, 2005, 01:53:36 PM »
Ok!  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/laugh.gif\' class=\'bbc_emoticon\' alt=\':lol:\' />  thanks a bunch it fixed 1 problem but obvioulsy still more are in this blasted computer. well heres the log u requested and thanks alot for the help you have been giving me.

Logfile of HijackThis v1.99.1
Scan saved at 1:50:54 PM, on 7/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
c:\windows\system32\iaswdb.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\System32\soundcontrl.exe
C:\WINDOWS\ajnjdll.EXE
C:\WINDOWS\ajnjenc.EXE
C:\windows\Altnet.exe
C:\windows\180Solutions.exe
C:\windows\180Sol.exe
C:\WINDOWS\System32\l?ass.exe
C:\Program Files\CMAPP\Client\cmappclient.exe
C:\Program Files\pmeh\laec.exe
C:\windows\431xg82q.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\ajnjsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\hijackthis\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-0000-4BDA-9636-0B206F14166A} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll (file missing)
O2 - BHO: (no name) - {B3F5ED94-7075-7FD8-5DC3-70C278E62FB3} - C:\WINDOWS\System32\noziz.dll
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\System32\richedtr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [soundcontrl] soundcontrl.exe
O4 - HKLM\..\Run: [jpegc] C:\WINDOWS\system32\NtmsData\jpegc.exe
O4 - HKLM\..\Run: [Dimension] C:\Program Files\Dimension\Dimension.exe
O4 - HKLM\..\Run: [TempLoader] C:\DOCUME~1\Joe\LOCALS~1\Temp\Loader.EXE
O4 - HKLM\..\Run: [richup] C:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [Sysnet] C:\DOCUME~1\Joe\LOCALS~1\Temp\sysnet.exe
O4 - HKLM\..\Run: [ajnjdll] C:\WINDOWS\ajnjdll.EXE
O4 - HKLM\..\Run: [ajnjenc] C:\WINDOWS\ajnjenc.EXE
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [ptnwxh] c:\windows\system32\iaswdb.exe r
O4 - HKLM\..\RunServices: [soundcontrl] soundcontrl.exe
O4 - HKLM\..\RunServices: [Altnet] C:\windows\Altnet.exe
O4 - HKLM\..\RunServices: [180Solutions] C:\windows\180Solutions.exe
O4 - HKLM\..\RunServices: [180Sol] C:\windows\180Sol.exe
O4 - HKLM\..\RunServices: [431xg82q] C:\windows\431xg82q.exe
O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [Altnet] C:\windows\Altnet.exe
O4 - HKCU\..\Run: [180Solutions] C:\windows\180Solutions.exe
O4 - HKCU\..\Run: [180Sol] C:\windows\180Sol.exe
O4 - HKCU\..\Run: [Vxdzxpl] C:\WINDOWS\System32\l?ass.exe
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - HKCU\..\Run: [Neta] C:\Program Files\pmeh\laec.exe
O4 - HKCU\..\Run: [431xg82q] C:\windows\431xg82q.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (file missing)
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {07E9CDF4-20D2-46B1-B681-663968F527CE} - http://www.begin2search.com/toolbar/winb2s32.cab
O16 - DPF: {918753F1-34D2-46EE-9D53-2722D1FE4BCC} (MyCorkboard Class) - http://www.mycorkboard.com/CabFiles/WebsiteHelper.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\ajnjsvc.exe
« Last Edit: July 13, 2005, 01:56:37 PM by Nyfe »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help!
« Reply #3 on: July 13, 2005, 08:44:07 PM »
Let's continue cleaning this machine
A couple more times and you should be looking good

I need you too download a couple more tools please

Download and Unzip   The Hoster  to a folder
Open Hoster and
Press "Restore Original Hosts" and press "OK".
Then Exit

==Download and Save to desktop
FXGaobot.exe by Symantec's
Don't run it yet

==Please download Nailfix.zip
Unzip it to the desktop but please do NOT run it yet
Give the link time to load
EDIT>>Replaced the link to Nailfix, the first one may not be reliable

==Download and then Install
Ewido Security Suite
When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We'll fix that later
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

==Please Print this out or save these instructions to a Notepad file and save it to your Desktop

==Access your Add/Remove programs and remove if found
Alnets
WebSearch Tools
180Solutions <-Please allow Internet connection if found
Ensure your uninstalling at the prompts

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link
I supplied for a more detailed explanation

In safe mode, please do the following
Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- System Startup Service

Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled
Do the same for this service name
Windows VisFx Components

Open Hijackthis>>Open Misc tools Section>>Open "Delete an NT service"
Copy and paste, or type this into the blank box then hit OK
Windows VisFx Components

Don't restart if prompted, stay in safe mode

==Double-click on nailfix.cmd that you unzipped earlier. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal

==Run FXGaobot.exe tool  by Symantec's, let it scan your drive and fix what it finds

Find and delete these files or folders if found
Look carefully, don't delete something because it looks similiar
FILES
C:\WINDOWS\ajnjdll.EXE <-file
C:\WINDOWS\ajnjenc.EXE
C:\WINDOWS\ajnjsvc.exe
C:\windows\431xg82q.exe
C:\windows\Altnet.exe
C:\WINDOWS\Nail.exe
C:\WINDOWS\svcproc.exe
C:\windows\180Solutions.exe
C:\windows\180Sol.exe
C:\WINDOWS\systb.dll
c:\windows\system32\iaswdb.exe
C:\WINDOWS\System32\noziz.dll
C:\WINDOWS\System32\richedtr.dll
C:\WINDOWS\System32\richup.exe
C:\WINDOWS\System32\soundcontrl.exe

FOLDERS
C:\Program Files\pmeh <-folder
C:\Program Files\ClearSearch

Afterwards,
==Open Windows CleanUp!>>START>>programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
DECLINE to Log off or Restart when scan is done.

==Open Ewido trojan scanner
Click on the Scanner button on the left menu
Click on the Settings button on the right
Select "Scan Every File"
OK it and then click on the "Complete System Scan"
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
  Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido

NOTE: When Ewido is running do NOT open any other Windows
Let it do it's job

When the scan has finished and report saved

Do another scan with Hijackthis and put a check next to these entries:
Not all may be found, but check what you see from the below:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-0000-4BDA-9636-0B206F14166A} - C:\Program Files\ClearSearch\ClearSearch.dll (file missing)
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll (file missing)
O2 - BHO: (no name) - {B3F5ED94-7075-7FD8-5DC3-70C278E62FB3} - C:\WINDOWS\System32\noziz.dll
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\System32\richedtr.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [soundcontrl] soundcontrl.exe
O4 - HKLM\..\Run: [jpegc] C:\WINDOWS\system32\NtmsData\jpegc.exe

O4 - HKLM\..\Run: [TempLoader] C:\DOCUME~1\Joe\LOCALS~1\Temp\Loader.EXE
O4 - HKLM\..\Run: [richup] C:\WINDOWS\System32\richup.exe
O4 - HKLM\..\Run: [Sysnet] C:\DOCUME~1\Joe\LOCALS~1\Temp\sysnet.exe
O4 - HKLM\..\Run: [ajnjdll] C:\WINDOWS\ajnjdll.EXE
O4 - HKLM\..\Run: [ajnjenc] C:\WINDOWS\ajnjenc.EXE
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [ptnwxh] c:\windows\system32\iaswdb.exe r
O4 - HKLM\..\RunServices: [soundcontrl] soundcontrl.exe
O4 - HKLM\..\RunServices: [Altnet] C:\windows\Altnet.exe
O4 - HKLM\..\RunServices: [180Solutions] C:\windows\180Solutions.exe
O4 - HKLM\..\RunServices: [180Sol] C:\windows\180Sol.exe
O4 - HKLM\..\RunServices: [431xg82q] C:\windows\431xg82q.exe

O4 - HKCU\..\Run: [Altnet] C:\windows\Altnet.exe
O4 - HKCU\..\Run: [180Solutions] C:\windows\180Solutions.exe
O4 - HKCU\..\Run: [180Sol] C:\windows\180Sol.exe
O4 - HKCU\..\Run: [Vxdzxpl] C:\WINDOWS\System32\l?ass.exe
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - HKCU\..\Run: [Neta] C:\Program Files\pmeh\laec.exe
O4 - HKCU\..\Run: [431xg82q] C:\windows\431xg82q.exe

O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (file missing)
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll (file missing)

O16 - DPF: {07E9CDF4-20D2-46B1-B681-663968F527CE} - http://www.begin2search.com/toolbar/winb2s32.cab
O16 - DPF: {918753F1-34D2-46EE-9D53-2722D1FE4BCC} (MyCorkboard Class) - http://www.mycorkboard.com/CabFiles/WebsiteHelper.cab

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\ajnjsvc.exe

After you have ticked the above entries, close All other open windows,
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Restart your computer back to Normal mode afterwards

Back in Windows, open Hoster again and click the Restore Original Hosts

Run an online Virus scan at Panda's, the link to it is below in my Signature
Use IE when running the scan
When Panda has finished, can you save it's report please

Post back all the following
Run another scan with Hijackthis and post a fresh log
Also, include the report from Ewido's and Panda's
« Last Edit: July 14, 2005, 10:24:10 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Nyfe

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Help!
« Reply #4 on: July 14, 2005, 10:09:18 PM »
ok one problem  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' />  i dont see the file "system startup service" i jsut have system restore and system event notifier i dont know if i did something wrong but im following your dierections best i can my friend has been helping me but hes not here ATM so im trying this on my own and i did not see that file....
« Last Edit: July 14, 2005, 10:09:50 PM by Nyfe »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help!
« Reply #5 on: July 14, 2005, 10:19:51 PM »
Just carry on with the instructions
Don't disable those 2 services
Do what you can, let me know what you couldn't accomplish when you post back the fresh hijackthis log and the Ewido Report  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />

Oh, and the report from Panda's
« Last Edit: July 14, 2005, 10:21:58 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Nyfe

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Help!
« Reply #6 on: July 14, 2005, 11:46:21 PM »
alright i still cant thank u enuf for the time your putting into this project but im gonna have the friend that showed me this site come over and help me do it all cuz i dont want to mess up my computer anymore and have wasted your time so ill reply the olgs and stuff whenever he comes over thanks again  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Logged

Offline Nyfe

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Help!
« Reply #7 on: July 17, 2005, 09:09:55 PM »
sorry to sound stupid but at the point in yr instructions were it says to delete the files found in any folders and what not were am i supposed to look exactly? im sorry im just not very smart with computers.... http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help!
« Reply #8 on: July 17, 2005, 09:22:36 PM »
No problems, don't be sorry
After you have set Windows to show hidden files and folders
Do this
Open MyComputer
Double click on The C:\ drive to open the contents
Double click on the Windows folder to open the contents

In the Windows folder look for those files I asked you too delete
If you find any
Right click on it and select Delete
and send it to the recycle bin

When your done looking in the Windows folder
Double click on the System32 folder in the Windows folder to open it
Look for the files too delete in the System32 folder I asked you too remove

Then under the C:\ drive again open the Program Files folder
Look for these 2 folders and delete if found
pmeh & ClearSearch

Remember, don't delete something because it looks similiar

NOTE: I hope your using a different computer when posting back here
I want you to try as much as you can being offline and in Safe mode
Without interruption

Again, do what you can
Post back a fresh hijackthis log later and the other logs I asked for
Let me know what you couldn't accomplish after you post these logs back
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Guest

  • Guest
Help!
« Reply #9 on: July 18, 2005, 01:08:26 AM »
WOW  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/ohmy.gif\' class=\'bbc_emoticon\' alt=\':o\' />  thats amazing how much that shortend! thank u again
b(-.^)d


<HJT LOG>
Logfile of HijackThis v1.99.1
Scan saved at 1:04:15 AM, on 7/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll (file missing)
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\System32\richedtr.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dimension] C:\Program Files\Dimension\Dimension.exe
O4 - HKLM\..\Run: [fommdnt] c:\windows\system32\ngtdzx.exe r
O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: System Startup Service  (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)


Ewido

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         11:33:40 PM, 7/17/2005
 + Report-Checksum:      48846544

 + Scan result:

   HKLM\SOFTWARE\AnimeToolbar -> Spyware.DailyToolbar : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
   HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CLSID -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CurVer -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CLSID -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CurVer -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CLSID -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CurVer -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CLSID -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CurVer -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\Wbho.Band -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\Wbho.Band\CLSID -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\Classes\Wbho.Band\CurVer -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\ClearSearch1 -> Spyware.ClearSearch : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{07E9CDF4-20D2-46B1-B681-663968F527CE} -> Spyware.Begin2Search : Cleaned with backup
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
   HKLM\SOFTWARE\NIX Solutions -> Spyware.DailyToolbar : Cleaned with backup
   HKLM\SOFTWARE\NIX Solutions\AnimeToolbar -> Spyware.DailyToolbar : Cleaned with backup
   HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Cleaned with backup
   HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Spyware.BetterInternet : Cleaned with backup
   HKU\S-1-5-21-2883609167-3294550756-3105547019-1006\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
   HKU\S-1-5-21-2883609167-3294550756-3105547019-1006\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
   HKU\S-1-5-21-2883609167-3294550756-3105547019-1006\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
   HKU\S-1-5-21-2883609167-3294550756-3105547019-1006\Software\NIX Solutions -> Spyware.DailyToolbar : Cleaned with backup
   HKU\S-1-5-21-2883609167-3294550756-3105547019-1006\Software\NIX Solutions\AnimeToolbar -> Spyware.DailyToolbar : Cleaned with backup
   HKU\S-1-5-21-2883609167-3294550756-3105547019-1006\Software\NIX Solutions\AnimeToolbar\Search -> Spyware.DailyToolbar : Cleaned with backup
   HKU\S-1-5-21-2883609167-3294550756-3105547019-1006\Software\NIX Solutions\AnimeToolbar\Search\MRU -> Spyware.DailyToolbar : Cleaned with backup
   C:\Documents and Settings\All Users\Documents\README.EXE -> Worm.Blaxe : Cleaned with backup
   C:\Program Files\Kazaa\My Shared Folder\kmd263_en.exe -> Worm.Blaxe : Cleaned with backup
   C:\Program Files\Kazaa\My Shared Folder\kmd264_en.exe -> Worm.Blaxe : Cleaned with backup
   C:\Program Files\MSN Messenger\riched20.dll -> Spyware.MyWebSearch : Cleaned with backup
   C:\Program Files\MyEmoticons\VVSN_MYEM0442Inst.exe -> Adware.SaveNow : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP20\A0010373.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP20\A0010383.exe -> Spyware.PurityScan : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP20\A0011373.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP20\A0011374.exe -> Adware.BetterInternet : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP20\A0012372.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP20\A0012380.exe -> Adware.BetterInternet : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP20\A0012385.exe -> Spyware.PurityScan : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP20\A0012391.dll -> Spyware.PurityScan : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP20\A0013372.dll -> TrojanDownloader.Apropo.w : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP20\A0013373.exe -> TrojanDownloader.Apropo.r : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP20\A0013376.dll -> Spyware.AproposMedia : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP20\A0013390.exe -> Adware.BetterInternet : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP20\A0013393.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP20\A0013401.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP20\A0013402.exe -> Adware.BetterInternet : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0013414.exe -> Adware.BetterInternet : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0013424.exe -> Backdoor.Ruledor.g : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0013426.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0013433.exe -> Adware.SAHA : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0013435.exe -> Adware.SAHA : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0013437.dll -> Adware.SAHA : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0013450.exe -> TrojanDownloader.Apropo.ac : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0013454.exe -> TrojanDownloader.Agent.ed : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0013462.dll -> Heuristic.Win32.Hijacker1 : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0013475.exe -> Adware.BetterInternet : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0013477.exe -> Adware.BetterInternet : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0013542.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0013543.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0013590.dll -> Spyware.Beginto : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0013619.exe -> Spyware.WebRebates : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0013620.exe -> Spyware.WebRebates : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0013621.exe -> Spyware.WebRebates : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0013627.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0013639.exe -> Spyware.AproposMedia : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0014237.DLL -> Spyware.Wesbar : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0014238.DLL -> Spyware.MyWebSearch : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0014239.EXE -> Spyware.Wesbar : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0014240.DLL -> Spyware.MyWebSearch : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0014245.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0014246.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0014247.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP21\A0014250.exe -> Adware.BetterInternet : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0014480.exe -> Adware.BetterInternet : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0014481.exe -> Adware.BetterInternet : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0014482.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0014483.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0014484.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0014802.DLL -> Spyware.ClearSearch : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0014826.exe -> Adware.BetterInternet : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0014827.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0014828.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0014829.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0014840.exe -> Adware.BetterInternet : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0014841.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0014842.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0014843.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0015837.exe -> Spyware.SafeSurfing : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0015842.exe -> Adware.BetterInternet : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0015843.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0015844.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0015845.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0015875.exe -> Adware.BetterInternet : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0015876.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0015877.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0015878.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0015896.exe -> Adware.BetterInternet : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0015897.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0015898.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0015899.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0015907.exe -> Adware.BetterInternet : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016068.exe -> Adware.SaveNow : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016070.exe -> Spyware.MDH : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016072.exe -> Spyware.180Solutions : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016073.dll -> Spyware.180Solutions : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016074.dll -> Spyware.180Solutions : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016075.exe -> Spyware.180Solutions : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016076.dll -> Spyware.Altnet : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016078.DLL -> Spyware.ClearSearch : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016081.exe -> Spyware.ClearSearch : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016083.DLL -> Spyware.ClearSearch : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016087.DLL -> Spyware.ClearSearch : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016088.DLL -> Spyware.ClearSearch : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016093.EXE -> Spyware.ClearSearch : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016094.exe -> Backdoor.Ruledor.b : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016097.dll -> Spyware.eUniverse : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016099.dll -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016100.dll -> Spyware.Beginto : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016101.exe -> Spyware.PurityScan : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016102.exe -> TrojanDownloader.PurityScan.j : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016103.exe -> Spyware.180Solutions : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016104.exe -> Spyware.180Solutions : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016105.dll -> Spyware.180Solutions : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016106.exe -> Spyware.180Solutions : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016107.exe -> Spyware.180Solutions : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016108.dll -> Spyware.180Solutions : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016109.exe -> Spyware.180Solutions : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016110.exe -> Spyware.180Solutions : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016111.dll -> Spyware.180Solutions : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016112.exe -> Spyware.Lop : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016113.exe -> Spyware.Lop : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016114.exe -> Spyware.Lop : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016115.exe -> TrojanDownloader.WinShow.r : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016116.dll -> Spyware.Hijacker.Generic : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016118.exe -> Spyware.ConsCorr : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016120.exe -> Spyware.BiSpy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016122.dll -> Spyware.ImiBar : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016123.exe -> Trojan.Imiserv.c : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016124.dll -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016125.dll -> TrojanDownloader.Rameh.a : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016126.exe -> Backdoor.Ruledor.b : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016127.dll -> Adware.BetterInternet : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016128.exe -> Adware.eXact : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016129.exe -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016131.dll -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016132.dll -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016133.dll -> Spyware.180Solutions : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016134.dll -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016135.exe -> Spyware.Beginto : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016138.dll -> Spyware.HotBar : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016139.exe -> TrojanDropper.Delf.z : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016140.dll -> Spyware.WinShow : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016141.exe -> Adware.BetterInternet : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016142.exe -> TrojanDownloader.Intexp : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016143.exe -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016151.exe -> Adware.BetterInternet : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016153.exe -> Adware.BetterInternet : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016154.exe -> Adware.BetterInternet : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016156.exe -> Spyware.BargainBuddy : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016167.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016168.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016169.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016170.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016171.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016172.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016173.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016174.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016175.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016176.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016177.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016178.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016179.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016180.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016181.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016182.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016183.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016184.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016185.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016186.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016187.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016188.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016189.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016190.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016191.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016192.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016193.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016194.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016195.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016196.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016197.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016198.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016199.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016200.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016201.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016202.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016203.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016204.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016205.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016206.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016207.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016208.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016209.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016210.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016211.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016212.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016213.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016214.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016215.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016216.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016217.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016218.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016219.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016220.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016221.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016222.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016223.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016224.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016225.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016226.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016227.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016228.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016229.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016230.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016231.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016232.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016233.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016234.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016235.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016236.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016237.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016238.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016239.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016240.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016241.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016242.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016243.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016244.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016245.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016246.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016247.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016248.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016249.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016250.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016251.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016252.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016253.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016254.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016255.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016256.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016257.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016258.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016259.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016260.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016261.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016262.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016263.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016264.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016265.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016266.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016267.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016268.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016269.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016270.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016271.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016272.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016273.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016274.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016275.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016276.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016277.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016278.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016279.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016280.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016281.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016282.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016283.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016284.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016285.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016286.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016287.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016288.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016289.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016290.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016291.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016292.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016293.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016294.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016295.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016296.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016297.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016298.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016299.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016300.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016301.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016302.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016303.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016304.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016305.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016306.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016307.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016308.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016309.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016310.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016311.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016312.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016313.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016314.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016315.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016316.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016317.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016318.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016319.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016320.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016321.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016322.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016323.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016324.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016325.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016326.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016327.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016328.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016329.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016330.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016331.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016332.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016333.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016334.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016335.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016336.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016337.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016338.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016339.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016340.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016341.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016342.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016343.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016344.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016345.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016346.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016347.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016348.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016349.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016350.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016351.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016352.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016353.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016354.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016355.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016356.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016357.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016358.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016359.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016360.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016361.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016362.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016363.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016364.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016365.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016366.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016367.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016368.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016369.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016370.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016371.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016372.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016373.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016374.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016375.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016376.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016377.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016378.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016379.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016380.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016381.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016382.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016383.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016384.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016385.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016386.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP23\A0016387.exe -> Worm.Blaxe : Cleaned with backup
   C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83
Logged

Guest

  • Guest
Help!
« Reply #10 on: July 18, 2005, 01:10:13 AM »
i dont think panda posted in the last one nor am i sure if the ewido has everything posted so here panda


Incident                      Status                        Location                                                                                                                                                                                                                                                        

Spyware:spyware/tvmedia       No disinfected                C:\DOCUMENTS AND SETTINGS\JOE\APPLICATION DATA\tvmknwrd.dll                                                                                                                                                                                                    
Spyware:spyware/whazit        No disinfected                C:\WINDOWS\SYSTEM32\fiz1                                                                                                                                                                                                                                        
Adware:adware/cws             No disinfected                C:\DOCUMENTS AND SETTINGS\JOE\FAVORITES\Online Casino.url                                                                                                                                                                                                      
Adware:adware/ipinsight       No disinfected                C:\WINDOWS\INF\conscorr.inf                                                                                                                                                                                                                                    
Adware:adware/aurora          No disinfected                C:\WINDOWS\Nail.exe                                                                                                                                                                                                                                            
Spyware:spyware/new.net       No disinfected                C:\WINDOWS\NDNuninstall4_88.exe                                                                                                                                                                                                                                
Adware:adware/twain-tech      No disinfected                C:\WINDOWS\smdat32m.sys                                                                                                                                                                                                                                        
Adware:adware/ieplugin        No disinfected                C:\WINDOWS\systb.dll                                                                                                                                                                                                                                            
Adware:adware/apropos         No disinfected                C:\PROGRAM FILES\Aprps                                                                                                                                                                                                                                          
Adware:adware/sidesearch      No disinfected                C:\PROGRAM FILES\Lycos                                                                                                                                                                                                                                          
Adware:adware/myway           No disinfected                C:\PROGRAM FILES\MyWay                                                                                                                                                                                                                                          
Adware:adware/beginto         No disinfected                C:\WINDOWS\SYSTEM32\cache32_rtneg2                                                                                                                                                                                                                              
Adware:adware/ncase           No disinfected                C:\WINDOWS\SYSTEM32\FLEOK                                                                                                                                                                                                                                      
Adware:adware/sahagent        No disinfected                C:\WINDOWS\SYSTEM32\SahImages                                                                                                                                                                                                                                  
Adware:adware/mediatickets    No disinfected                HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\MODULEUSAGE\C:/WINDOWS/DOWNLOADED PROGRAM FILES/MEDIATICKETSINSTALLER.OCX                                                                                                                          
Adware:adware/sidefind        No disinfected                HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TSL INSTALLER                                                                                                                                                                            
Spyware:spyware/betterinet    No disinfected                HKEY_CURRENT_USER\SOFTWARE\IN3RD                                                                                                                                                                                                                                
Spyware:spyware/clearsearch   No disinfected                HKEY_LOCAL_MACHINE\SOFTWARE\CLEARSEARCH                                                                                                                                                                                                                        
Adware:adware/mywebsearch     No disinfected                HKEY_CLASSES_ROOT\CLSID\{147A976E-EEE1-4377-8EA7-4716E4CDD239}                                                                                                                                                                                                  
Adware:adware/funweb          No disinfected                HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}                                                                                                                                                                                                  
Adware:adware/brilliantdigitalNo disinfected                HKEY_CLASSES_ROOT\Interface\{48E59292-9880-11CF-9754-00AA00C00908}                                                                                                                                                                                              
Possible Virus.               No disinfected                C:\HJT\hijackthis\backups\backup-20050717-234424-935.dll                                                                                                                                                                                                        
Adware:Adware/ConsumerAlertSystemNo disinfected                C:\Program Files\CMAPP\Client\cmappmf.dll                                                                                                                                                                                                                      
Adware:Adware/Lop             No disinfected                C:\Program Files\htm comp user\DataRoam.exe                                                                                                                                                                                                                    
Adware:Adware/Lop             No disinfected                C:\Program Files\htm comp user\Does Mess Global.exe                                                                                                                                                                                                            
Adware:Adware/Lop             No disinfected                C:\Program Files\htm comp user\ealhvkdt.exe                                                                                                                                                                                                                    
Adware:Adware/Lop             No disinfected                C:\Program Files\htm comp user\guexwhap.exe                                                                                                                                                                                                                    
Adware:Adware/Lop             No disinfected                C:\Program Files\htm comp user\khwtsdeu.exe                                                                                                                                                                                                                    
Spyware:Spyware/BetterInet    No disinfected                C:\WINDOWS\INF\biini.inf                                                                                                                                                                                                                                        
Adware:Adware/IPInsight       No disinfected                C:\WINDOWS\INF\conscorr.inf                                                                                                                                                                                                                                    
Adware:Adware/Transponder     No disinfected                C:\WINDOWS\Nail.exe                                                                                                                                                                                                                                            
Spyware:Spyware/New.net       No disinfected                C:\WINDOWS\NDNuninstall4_88.exe                                                                                                                                                                                                                                
Spyware:Spyware/New.net       No disinfected                C:\WINDOWS\NDNuninstall4_94.exe                                                                                                                                                                                                                                
Spyware:Spyware/New.net       No disinfected                C:\WINDOWS\NDNuninstall5_40.exe                                                                                                                                                                                                                                
Spyware:Spyware/New.net       No disinfected                C:\WINDOWS\NDNuninstall5_48.exe                                                                                                                                                                                                                                
Virus:Trj/Imiserv.D           Disinfected                   C:\WINDOWS\systb.dll                                                                                                                                                                                                                                            
Adware:Adware/Transponder     No disinfected                C:\WINDOWS\SYSTEM32\aqadkgs.exe                                                                                                                                                                                                                                
Virus:W32/Sasser.ftp          Disinfected                   C:\WINDOWS\SYSTEM32\cmd.ftp                                                                                                                                                                                                                                    
Virus:Trj/Qhost.gen           Disinfected                   C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.20050713-122924.backup                                                                                                                                                                                                    
Adware:Adware/Transponder     No disinfected                C:\WINDOWS\SYSTEM32\glwnyc.exe                                                                                                                                                                                                                                  
Adware:Adware/Transponder     No disinfected                C:\WINDOWS\SYSTEM32\gthufm.exe                                                                                                                                                                                                                                  
Adware:Adware/Transponder     No disinfected                C:\WINDOWS\SYSTEM32\hkmmtr.exe                                                                                                                                                                                                                                  
Adware:Adware/Transponder     No disinfected                C:\WINDOWS\SYSTEM32\icedup.exe                                                                                                                                                                                                                                  
Adware:Adware/Transponder     No disinfected                C:\WINDOWS\SYSTEM32\idwoucc.exe                                                                                                                                                                                                                                
Adware:Adware/Transponder     No disinfected                C:\WINDOWS\SYSTEM32\ihmjqc.exe                                                                                                                                                                                                                                  
Adware:Adware/Transponder     No disinfected                C:\WINDOWS\SYSTEM32\impupkt.exe                                                                                                                                                                                                                                
Virus:Trj/Dropper.HR          Disinfected                   C:\WINDOWS\SYSTEM32\in2b3s.dlltmp                                                                                                                                                                                                                              
Spyware:Spyware/SafeSurf      No disinfected                C:\WINDOWS\SYSTEM32\InstallerV3.exe                                                                                                                                                                                                                            
Adware:Adware/Transponder     No disinfected                C:\WINDOWS\SYSTEM32\jcpwjvq.exe                                                                                                                                                                                                                                
Adware:Adware/Transponder     No disinfected                C:\WINDOWS\SYSTEM32\jgnpdvx.exe                                                                                                                                                                                                                                
Adware:Adware/Transponder     No disinfected                C:\WINDOWS\SYSTEM32\kbnpshp.exe                                                                                                                                                                                                                                
Adware:Adware/Transponder     No disinfected                C:\WINDOWS\SYSTEM32\kptiit.exe                                                                                                                                                                                                                                  
Adware:Adware/Transponder     No disinfected                C:\WINDOWS\SYSTEM32\ldotek.exe                                                                                                                                                                                                                                  
Adware:Adware/PurityScan      No disinfected                C:\WINDOWS\SYSTEM32\l?ass.exe                                                                                                                                                                                                                                  
Adware:Adware/Transponder     No disinfected                C:\WINDOWS\SYSTEM32\ouwuhz.exe                                                                                                                                                                                                                                  
Adware:Adware/Transponder     No disinfected                C:\WINDOWS\SYSTEM32\ozzttf.exe                                                                                                                                                                                                                                  
Adware:Adware/Transponder     No disinfected                C:\WINDOWS\SYSTEM32\qongqf.exe                                                                                                                                                                                                                                  
Adware:Adware/Transponder     No disinfected                C:\WINDOWS\SYSTEM32\rzgyto.exe                                                                                                                                                                                                                                  
Adware:Adware/PurityScan      No disinfected                C:\WINDOWS\SYSTEM32\Shex.exe                                                                                                                                                                                                                                    
Adware:Adware/Transponder     No disinfected                C:\WINDOWS\SYSTEM32\snsiqjh.exe                                                                                                                                                                                                                                
Adware:Adware/Transponder     No disinfected                C:\WINDOWS\SYSTEM32\udgosp.exe                                                                                                                                                                                                                                  
Adware:Adware/Transponder     No disinfected                C:\WINDOWS\SYSTEM32\uimifr.exe                                                                                                                                                                                                                                  
Adware:Adware/Transponder     No disinfected                C:\WINDOWS\SYSTEM32\vcmzzg.exe                                                                                                                                                                                                                                  
Virus:Trj/Dropper.HQ          Disinfected                   C:\WINDOWS\SYSTEM32\w1ub.dll                                                                                                                                                                                                                                    
Adware:Adware/Transponder     No disinfected                C:\WINDOWS\SYSTEM32\zbsqfug.exe
Logged

Guest

  • Guest
Help!
« Reply #11 on: July 18, 2005, 02:11:56 PM »
ok i have a question everytime i start my comp ewido comes up saying infected objects found and i must click OK like a hundred times before it stops is that normal?
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help!
« Reply #12 on: July 18, 2005, 11:08:14 PM »
Let's try some more cleaning please
Usually I ask that you disable sytem restore at the end, in your case I would like to see the whole report from Ewidos
So please do the following

Disable System restore, if your unsure how to please follow this link
Don't reenable it until I prompt you
Disable System Restore

Download and UNZIP to your desktop Fix.zip
So you now have Fix.reg and Remove.bat extracted to your desktop
We'll need these later
[attachment=292:attachment]

Delete your version of Nailfix.zip and the Nailfix folder
Download and SAVE to desktop this version of
NailFix.exe
we'll need this later

==Download the Killbox by Option^Explicit. [color=\"red\"]*In the event you already have Killbox, this is a new version that I need you to download[/color].
* UNZIP it to your desktop or a folder

Open a Notepad file..Go to START>>RUN>>Type in notepad
Hit OK

[color=\"red\"]I need you to copy all of the Killbox file paths below and paste them into Notepad.[/color]
Save this Notepad file too desktop

Disconnect from the Internet, close all browser windows

Do another scan with Hijackthis and put a check next to these entries:

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll (file missing)
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\System32\richedtr.dll

O4 - HKLM\..\Run: [fommdnt] c:\windows\system32\ngtdzx.exe r
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

After you have ticked the above entries, close All other open windows,
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

* Please double-click Killbox.exe to run it.
* Select "Delete on Reboot".

* Open the Notepad file where you saved the file paths earlier and copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

[color=\"purple\"]Killbox file paths to copy and paste to Notepad between dotted lines[/color]
===========================================
C:\DOCUMENTS AND SETTINGS\JOE\APPLICATION DATA\tvmknwrd.dll
C:\WINDOWS\SYSTEM32\fiz1
C:\DOCUMENTS AND SETTINGS\JOE\FAVORITES\Online Casino.url
C:\WINDOWS\INF\conscorr.inf
C:\WINDOWS\Nail.exe
C:\WINDOWS\NDNuninstall4_88.exe
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\systb.dll
C:\Program Files\CMAPP\Client\cmappmf.dll
C:\Program Files\htm comp user\DataRoam.exe
C:\Program Files\htm comp user\Does Mess Global.exe
C:\Program Files\htm comp user\ealhvkdt.exe
C:\Program Files\htm comp user\guexwhap.exe
C:\Program Files\htm comp user\khwtsdeu.exe
C:\WINDOWS\INF\biini.inf
C:\WINDOWS\NDNuninstall4_94.exe
C:\WINDOWS\NDNuninstall5_40.exe
C:\WINDOWS\NDNuninstall5_48.exe
c:\windows\system32\ngtdzx.exe
C:\WINDOWS\SYSTEM32\aqadkgs.exe
C:\WINDOWS\SYSTEM32\glwnyc.exe
C:\WINDOWS\SYSTEM32\gthufm.exe
C:\WINDOWS\SYSTEM32\hkmmtr.exe
C:\WINDOWS\SYSTEM32\icedup.exe
C:\WINDOWS\SYSTEM32\idwoucc.exe
C:\WINDOWS\SYSTEM32\ihmjqc.exe
C:\WINDOWS\SYSTEM32\impupkt.exe
C:\WINDOWS\SYSTEM32\InstallerV3.exe
C:\WINDOWS\SYSTEM32\jcpwjvq.exe
C:\WINDOWS\SYSTEM32\jgnpdvx.exe
C:\WINDOWS\SYSTEM32\kbnpshp.exe
C:\WINDOWS\SYSTEM32\kptiit.exe
C:\WINDOWS\SYSTEM32\ldotek.exe
C:\WINDOWS\SYSTEM32\l?ass.exe
C:\WINDOWS\SYSTEM32\ouwuhz.exe
C:\WINDOWS\SYSTEM32\ozzttf.exe
C:\WINDOWS\SYSTEM32\qongqf.exe
C:\WINDOWS\SYSTEM32\rzgyto.exe
C:\WINDOWS\SYSTEM32\Shex.exe
C:\WINDOWS\SYSTEM32\snsiqjh.exe
C:\WINDOWS\SYSTEM32\udgosp.exe
C:\WINDOWS\SYSTEM32\uimifr.exe
C:\WINDOWS\SYSTEM32\vcmzzg.exe
C:\WINDOWS\SYSTEM32\w1ub.dll
C:\WINDOWS\SYSTEM32\zbsqfug.exe
===================================================
*  Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button.  Click "Yes" at the Delete on Reboot prompt.  Click "No" at the Pending Operations prompt.
Don't worry about No file found messages or error messages

If your computer does not restart automatically, please restart it manually.  
Please Restart your computer into safe mode as the computer is rebooting

In safe mode
Double click on NailFix.exe to run it
Click NEXT and then FINISH
A window will flash quickly, this is normal

Double click on Remove.bat >>A window will open and close quickly, this is normal
Double click on fix.reg and allow to add or merge to the registry

Find and delete these folders if found
C:\PROGRAM FILES\Aprps
C:\PROGRAM FILES\Lycos
C:\PROGRAM FILES\MyWay
C:\WINDOWS\SYSTEM32\cache32_rtneg2
C:\WINDOWS\SYSTEM32\FLEOK
C:\WINDOWS\SYSTEM32\SahImages

Stay in safe Mode
Run Windows CleanUp! again
Don't restart or log off when it's done

Instead run Ewido again
Save the log afterwards

Restart back to Normal mode
Re-enable System Restore

Run another online scan at Pandas again
Save the report

post back a fresh hijackthis log
The fresh Ewido report and the fresh Panda report
« Last Edit: July 18, 2005, 11:37:51 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Guest

  • Guest
Help!
« Reply #13 on: July 19, 2005, 02:21:40 PM »
ok heres the logs you requested

<HJT>
Logfile of HijackThis v1.99.1
Scan saved at 2:19:45 PM, on 7/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dimension] C:\Program Files\Dimension\Dimension.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [djckvln] c:\windows\system32\mvvywmw.exe r
O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

<EWIDO>
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:         1:43:27 PM, 7/19/2005
 + Report-Checksum:      9FA4DF0D

 + Scan result:

   No infected objects found.


::Report End

<Panda>Incident                      Status                        Location                                                                                                                                                                                                                                                        

Spyware:spyware/whazit        No disinfected                C:\WINDOWS\SYSTEM32\kyf.dat                                                                                                                                                                                                                                    
Adware:adware/sidesearch      No disinfected                C:\DOCUMENTS AND SETTINGS\JOE\APPLICATION DATA\Lycos                                                                                                                                                                                                            
Adware:adware/beginto         No disinfected                C:\WINDOWS\SYSTEM32\cache32_rtneg2                                                                                                                                                                                                                              
Adware:adware/ncase           No disinfected                C:\WINDOWS\SYSTEM32\FLEOK                                                                                                                                                                                                                                      
Adware:adware/sahagent        No disinfected                C:\WINDOWS\SYSTEM32\SahImages                                                                                                                                                                                                                                  
Adware:adware/ieplugin        No disinfected                HKEY_CLASSES_ROOT\IMITOOLBAR.BOTTOMFRAME.1                                                                                                                                                                                                                      
Adware:adware/wupd            No disinfected                HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WIN SERVER UPDT                                                                                                                                                                                
Spyware:spyware/shopnav       No disinfected                HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch                                                                                                                                                                                  
Adware:Adware/PurityScan      No disinfected                C:\HJT\hijackthis\backups\backup-20050717-234424-935.dll                                                                                                                                                                                                        
Adware:Adware/PurityScan      No disinfected                C:\WINDOWS\SYSTEM32\l?ass.exe                                                                                                                                                                                                                                   there you have it http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help!
« Reply #14 on: July 20, 2005, 09:16:55 PM »
Can you do the following please

Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg
Save this file on the desktop
Code: [Select]
REGEDIT4

[-HKEY_CLASSES_ROOT\IMITOOLBAR.BOTTOMFRAME.1]

Double click on fix.reg and allow to add or Merge to the registry

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [djckvln] c:\windows\system32\mvvywmw.exe r

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Restart your computer into SAFE MODE

In safe mode
Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

Find and delete these files or folders if found
Manually look for them, don't do a Search for them
C:\WINDOWS\SYSTEM32\kyf.dat <-file
C:\DOCUMENTS AND SETTINGS\JOE\APPLICATION DATA\Lycos <-folder
C:\WINDOWS\SYSTEM32\cache32_rtneg2 <-folder
C:\WINDOWS\SYSTEM32\FLEOK <-folder
C:\WINDOWS\SYSTEM32\SahImages <-folder

Restart back to Normal mode

You are not running any Anti-Virus software on your computer
If you don't have your own to install, please download the free version of AVG 7
from this link
http://free.grisoft.com/doc/2/lng/us/tpl/v5
Scroll down to the following
"AVG Free Edition installation files
File   Version
avg70free_323a539.exe" <-click this link or similiar
Save the installer to desktop
Double click to Install
After installation ensure it's right up to date
Restart back to Safe mode
Run a full system scan with avg7
Afterwards, back in Normal mode

Run another scan with Hijackthis and post a fresh log

Could you also
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
In Notepad click FILE>>SAVE AS
Name the file as export.bat
Save this file on the desktop

 
Code: [Select]
dir C:\WINDOWS\SYSTEM32\l?ass.exe /a h > files.txt
notepad files.txt

Double click on export.bat
A text file should open, can you copy and paste those findings back here please

NOTE: After you post all the above, can you refrain from restarting your computer again until I have a chance to see the updated hijackthis log and give you further instructions
« Last Edit: July 20, 2005, 09:22:03 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Nyfe

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Help!
« Reply #15 on: July 23, 2005, 04:47:24 PM »
Here's the new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 4:38:02 PM, on 7/23/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Dimension] C:\Program Files\Dimension\Dimension.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [uoltray] C:\Program Files\NetZero\exec.exe regrun
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe



For some reason, a message pops up saying that export.bat cannot be found when I double-click on it, even though it's right there on the desktop.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help!
« Reply #16 on: July 24, 2005, 12:15:32 PM »
I've uploaded Export2.zip
Can you download it and UNZIP it to your desktop
Double click on Export2.bat and copy and paste back the contents of the text file that opens
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Nyfe

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Help!
« Reply #17 on: July 25, 2005, 03:53:21 PM »
it wont let me open it i extracted the file to my desktop and when i double click it it says windows can not find yadda yadda yadda and make sure u typed in the name correctly and all that good stuff so I dont know  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/tongue.gif\' class=\'bbc_emoticon\' alt=\':P\' />
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Help!
« Reply #18 on: July 25, 2005, 09:01:19 PM »
I just want to check on something

Download and save WinPFind.zip
UNZIP the contents to your desktop
Don't run it yet

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link
I supplied for a more detailed explanation

In safe mode
Open the WinPFind folder you extracted to desktop
Double click on WinPFind.exe
This could take some time as it will scan your drive
Once the Scan is Complete
   1. Reboot back to Normal mode
   2. Go to the WinPFind folder
   3. Locate WinPFind.txt in the WinPfind folder
Post the results of the WindPFind.txt
« Last Edit: July 26, 2005, 12:33:31 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline Nyfe

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Help!
« Reply #19 on: July 27, 2005, 03:55:33 PM »
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»  

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
abetterinternet.com  1/7/2005 10:53:50 PM   3278       C:\WINDOWS\abiuninst.htm
UPX!                 1/15/2003 11:57:24 PM  80384      C:\WINDOWS\cqdkobgcn.exe
buddy.exe            1/15/2003 11:57:24 PM  80384      C:\WINDOWS\cqdkobgcn.exe
UPX!                 9/12/2000 11:30:18 AM  104960     C:\WINDOWS\GizmoZone Screensaver.scr

Checking %System% folder...
PEC2                 8/18/2001 7:00:00 AM   41397      C:\WINDOWS\SYSTEM32\dfrg.msc
Umonitor             8/29/2002 5:41:10 AM   631808     C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync              8/18/2001 7:00:00 AM   1309184    C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
UPX!                 7/23/2005 3:49:52 PM   668704     C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG!                 7/23/2005 3:49:52 PM   668704     C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack               7/23/2005 3:49:52 PM   668704     C:\WINDOWS\SYSTEM32\drivers\avg7core.sys

Checking the Windows folder for system and hidden files within the last 60 days...
                     7/14/2005 9:40:12 PM   0          C:\WINDOWS\INF\oem57.inf
                     7/10/2005 2:23:48 PM   0          C:\WINDOWS\LastGood(2)\INF\oem59.inf
                     7/10/2005 2:23:48 PM   0          C:\WINDOWS\LastGood(2)\INF\oem59.PNF
                     7/27/2005 3:42:22 PM   8192       C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
                     7/27/2005 3:42:42 PM   1024       C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
                     7/27/2005 3:42:30 PM   16384      C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
                     7/27/2005 3:43:46 PM   77824      C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
                     7/27/2005 3:42:34 PM   782336     C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
                     7/20/2005 1:06:06 PM   67         C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\FG8RJTLM\desktop.ini
                     7/20/2005 1:06:06 PM   67         C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GH9AKLVE\desktop.ini
                     7/20/2005 1:06:06 PM   67         C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KX2R0T6R\desktop.ini
                     7/20/2005 1:06:06 PM   67         C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\UA23DKIJ\desktop.ini
                     7/13/2005 1:32:48 PM   388        C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\432347d6-fcf8-4714-b1b6-c16516ca1f42
                     7/13/2005 1:32:48 PM   24         C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
                     7/13/2005 1:39:30 PM   13698      C:\WINDOWS\SYSTEM32\Restore\filelist.xml
                     7/27/2005 3:41:50 PM   6          C:\WINDOWS\Tasks\SA.DAT

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»  

Checking files in %ALLUSERSPROFILE%\Startup folder...

Checking files in %ALLUSERSPROFILE%\Application Data folder...
                     1/18/2004 7:24:08 PM   188        C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...
                     1/26/2004 5:30:04 PM   12358      C:\Documents and Settings\Joe\Application Data\PFP110JCM.{PB
                     1/26/2004 5:30:04 PM   61678      C:\Documents and Settings\Joe\Application Data\PFP110JPR.{PB

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»  

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved

HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
   {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}    = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
   {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}    = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\IMMenuShellExt
   {F8984111-38B6-11D5-8725-0050DA2761C4}    = C:\Program Files\IncrediMail\bin\IMShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
   {750fdf0e-2a26-11d1-a3ea-080036587f03}    = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
   {09799AFB-AD67-11d1-ABCD-00C04FC30936}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
   {A470F8CF-A1E8-4f65-8335-227475AA5C46}    = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
   {5464D816-CF16-4784-B9F3-75C0DB52B499}    = C:\WINDOWS\Downloaded Program Files\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
   Start Menu Pin    = %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
   {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}    = C:\Program Files\Grisoft\AVG Free\avgse.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
    = %SystemRoot%\system32\SHELL32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   IgfxTray   C:\WINDOWS\System32\igfxtray.exe
   HotKeysCmds   C:\WINDOWS\System32\hkcmd.exe
   BCMSMMSG   BCMSMMSG.exe
   TkBellExe   "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
   DwlClient   C:\Program Files\Common Files\Dell\EUSW\Support.exe
   Dimension   C:\Program Files\Dimension\Dimension.exe
   AVG7_CC   C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
   AVG7_EMC   C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   uoltray   C:\Program Files\NetZero\exec.exe regrun

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{BDEADF00-C265-11D0-BCED-00A0C90AB50F}
    = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}
    =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\{0DF44EAA-FF21-4412-828E-260A8728E7F1}
    =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
   dontdisplaylastusername   0
   legalnoticecaption   
   legalnoticetext   
   shutdownwithoutlogon   1
   undockwithoutlogon   1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
   NoDriveTypeAutoRun   145


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
   UserInit   = C:\WINDOWS\system32\userinit.exe,
   Shell      = explorer.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
    = crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
    = cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
    = cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
    = igfxsrvc.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
    = wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
    = wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
    = sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
    = WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
    = wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
    = wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\PostBootReminder
   {7849596a-48ea-486e-8937-a2a3009f31a9}    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\CDBurn
   {fbeb8a05-beee-4442-804e-409d6c4515e9}    = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\WebCheck
   {E6FB5E20-DE35-11CF-9C87-00AA005127ED}    = %SystemRoot%\System32\webcheck.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SysTray
   {35CEC8A3-2BE6-11D2-8773-92E220524153}    = C:\WINDOWS\System32\stobject.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\UPnPMonitor
   {e57ce738-33e8-4c51-8354-bb4de9d215d1}    = C:\WINDOWS\System32\upnpui.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
   Debugger = ntsd -d

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
   AppInit_DLLs   

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»  
WinPFind v1.2.4   - Log file written to "WinPFind.Txt" in the WinPFind folder.
Logged
Pages: [1] 2
« previous next »