Results from Dr Web
=============================================================================
Dr.Web(R) Scanner for Windows v4.33.2 (4.33.2.10060)
Copyright (c) Igor Daniloff, 1992-2006
Log generated on: 2007-02-13, 05:48:18 [FRONTROOM][Administrator]
Command-line: "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cureit.exe" /lng /ini:cureit_XP.ini
Operating system:Windows XP Home Edition x86 (Build 2600), Service Pack 1
=============================================================================
Engine version: 4.33 (4.33.5.10110)
Engine API version: 2.01
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crwtoday.cdb - 267 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43374.cdb - 2090 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43373.cdb - 1252 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43372.cdb - 1289 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43371.cdb - 2370 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43370.cdb - 2022 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43369.cdb - 687 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43368.cdb - 1099 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43367.cdb - 1834 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43366.cdb - 4015 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43365.cdb - 1342 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43364.cdb - 1335 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43363.cdb - 1152 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43362.cdb - 1006 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43361.cdb - 878 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43360.cdb - 988 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43359.cdb - 1205 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43358.cdb - 1139 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43357.cdb - 1302 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43356.cdb - 1332 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43355.cdb - 2456 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43354.cdb - 1283 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43353.cdb - 795 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43352.cdb - 2016 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43351.cdb - 941 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43350.cdb - 1020 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43349.cdb - 1008 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43348.cdb - 1096 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43347.cdb - 707 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43346.cdb - 1428 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43345.cdb - 1358 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43344.cdb - 694 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43343.cdb - 1186 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43342.cdb - 744 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43341.cdb - 841 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43340.cdb - 822 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43339.cdb - 1071 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43338.cdb - 989 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43337.cdb - 855 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43336.cdb - 1297 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43335.cdb - 1195 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43334.cdb - 900 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43333.cdb - 1381 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43332.cdb - 1340 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43331.cdb - 2735 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43330.cdb - 2078 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43329.cdb - 2490 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43328.cdb - 743 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43327.cdb - 958 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43326.cdb - 793 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43325.cdb - 713 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43324.cdb - 655 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43323.cdb - 655 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43322.cdb - 778 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43321.cdb - 846 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43320.cdb - 808 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43319.cdb - 764 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43318.cdb - 838 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43317.cdb - 363 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43316.cdb - 730 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43315.cdb - 627 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43314.cdb - 824 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43313.cdb - 842 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43312.cdb - 830 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43311.cdb - 862 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43310.cdb - 853 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43309.cdb - 733 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43308.cdb - 708 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43307.cdb - 839 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43306.cdb - 930 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43305.cdb - 759 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43304.cdb - 721 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43303.cdb - 638 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43302.cdb - 806 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43301.cdb - 504 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crw43300.cdb - 24 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crwebase.cdb - 78674 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwrtoday.cdb - 415 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwr43301.cdb - 697 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crwrisky.cdb - 1271 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwntoday.cdb - 762 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43306.cdb - 781 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43305.cdb - 752 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43304.cdb - 793 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43303.cdb - 766 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43302.cdb - 850 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cwn43301.cdb - 772 virus records
[Virus base] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\crwnasty.cdb - 4867 virus records
Total virus records: 175874
Key file: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\cureit.key
License key number: 0010092936
Registered to: Dr.Web CureIt Project
License key activates: 2007-02-05
License key expires: 2010-02-11
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 0
Infected objects found: 0
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 0
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 0
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 0 Kb/s
Scan time: 00:00:00
-----------------------------------------------------------------------------
[Scan path] c:\documents and settings\administrator\local settings\temp\rarsfx0\_start.exe
[Scan path] c:\documents and settings\administrator\local settings\temp\rarsfx0\cureit.exe
[Scan path] c:\documents and settings\administrator\start menu\programs\startup\desktop.ini
[Scan path] c:\documents and settings\all users\start menu\programs\startup\.protected
[Scan path] c:\documents and settings\all users\start menu\programs\startup\desktop.ini
[Scan path] c:\documents and settings\duane\desktop\drweb-cureit.exe
[Scan path] c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
[Scan path] c:\program files\adobe\acrobat 7.0\activex\pdfshell.dll
[Scan path] c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
[Scan path] c:\program files\belarc\advisor\system\bavoilax.dll
[Scan path] c:\program files\bigfix\bigfix.exe
[Scan path] c:\program files\common files\aolshare\shell\us\shellext.dll
[Scan path] c:\program files\common files\csshare\shell\us\shellext.dll
[Scan path] c:\program files\common files\installshield\driver\11\intel 32\idrivert.exe
[Scan path] c:\program files\common files\microsoft shared\source engine\ose.exe
[Scan path] c:\program files\common files\symantec shared\security center\symwsc.exe
[Scan path] c:\program files\common files\symantec shared\security center\usrprmpt.exe
[Scan path] c:\program files\common files\system\ole db\oledb32.dll
[Scan path] c:\program files\deluxecommunications\dxc.exe
c:\program files\deluxecommunications\dxc.exe is adware program Adware.Surfside
[Scan path] c:\program files\deluxecommunications\dxcbho.dll
c:\program files\deluxecommunications\dxcbho.dll is adware program Adware.Surfside
[Scan path] c:\program files\epson\epson web-to-page\epson web-to-page.dll
[Scan path] c:\program files\google\common\google updater\googleupdaterservice.exe
[Scan path] c:\program files\google\googletoolbar3.dll
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.exe
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
[Scan path] c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll
[Scan path] c:\program files\grisoft\avg free\avgamsvr.exe
[Scan path] c:\program files\grisoft\avg free\avgcc.exe
[Scan path] c:\program files\grisoft\avg free\avgemc.exe
[Scan path] c:\program files\grisoft\avg free\avgse.dll
[Scan path] c:\program files\grisoft\avg free\avgupsvc.exe
[Scan path] c:\program files\grisoft\avg free\avgw.exe
[Scan path] c:\program files\hewlett-packard\hp software update\hpwuschd2.exe
[Scan path] c:\program files\hp\hpcoretech\comp\hpuiprot.dll
[Scan path] c:\program files\hp\hpcoretech\hpcmpmgr.exe
[Scan path] c:\program files\icq\icq.exe
[Scan path] c:\program files\icq\icqshext.dll
[Scan path] c:\program files\ipod\bin\ipodservice.exe
[Scan path] c:\program files\itunes\ituneshelper.exe
[Scan path] c:\program files\itunes\itunesminiplayer.dll
[Scan path] c:\program files\messenger\msmsgs.exe
[Scan path] c:\program files\micro innovations\keyboard\kbdap32a.exe
[Scan path] c:\program files\micro innovations\mouse\mouse32a.exe
[Scan path] c:\program files\microsoft money\system\mnyside.dll
[Scan path] c:\program files\microsoft office\office11\msohev.dll
[Scan path] c:\program files\mywebsearchwb\bar\1.bin\w6bar.dll
c:\program files\mywebsearchwb\bar\1.bin\w6bar.dll is adware program Adware.Websearch
[Scan path] c:\program files\outlook express\setup50.exe
[Scan path] c:\program files\outlook express\wabfind.dll
[Scan path] c:\program files\pcpitstop\optimize\pcpoptimize.exe
[Scan path] c:\program files\picasa2\picasamediadetector.exe
[Scan path] c:\program files\real\realplayer\rpshell.dll
[Scan path] c:\program files\spybot - search & destroy\sdhelper.dll
[Scan path] c:\program files\sygate\spf\smc.exe
[Scan path] c:\program files\ulead systems\ulead photo explorer 8.0 se basic\monitor.exe
[Scan path] c:\program files\ulead systems\ulead photo express 4.0 se\calcheck.exe
[Scan path] c:\program files\ultimate cleaner\com\securedelete.dll
[Scan path] c:\program files\yahoo!\companion\installs\cpn1\ycomp5_3_16_0.dll
[Scan path] c:\windows\explorer.exe
[Scan path] c:\windows\inf\unregmp2.exe
[Scan path] c:\windows\msagent\agentpsh.dll
[Scan path] c:\windows\system32:lzx32.sys
c:\windows\system32*.* - read error
[Scan path] c:\windows\system32\advapi32.dll
[Scan path] c:\windows\system32\advpack.dll
[Scan path] c:\windows\system32\alg.exe
[Scan path] c:\windows\system32\appwiz.cpl
[Scan path] c:\windows\system32\audiodev.dll
[Scan path] c:\windows\system32\autochk.exe
[Scan path] c:\windows\system32\browseui.dll
[Scan path] c:\windows\system32\byxwttt.dll
c:\windows\system32\byxwttt.dll infected with Trojan.Virtumod - will be cured after reboot
[Scan path] c:\windows\system32\cabview.dll
[Scan path] c:\windows\system32\cdfview.dll
[Scan path] c:\windows\system32\cisvc.exe
[Scan path] c:\windows\system32\clipsrv.exe
[Scan path] c:\windows\system32\cnbjmon.dll
[Scan path] c:\windows\system32\comdlg32.dll
[Scan path] c:\windows\system32\crypt32.dll
[Scan path] c:\windows\system32\cryptext.dll
[Scan path] c:\windows\system32\cryptnet.dll
[Scan path] c:\windows\system32\cscdll.dll
[Scan path] c:\windows\system32\cscui.dll
[Scan path] c:\windows\system32\csrss.exe
[Scan path] c:\windows\system32\cstatvmq.exe
[Scan path] c:\windows\system32\ctlmems.exe
c:\windows\system32\ctlmems.exe infected with BackDoor.Mailbot - deleted
[Scan path] c:\windows\system32\deskadp.dll
[Scan path] c:\windows\system32\deskmon.dll
[Scan path] c:\windows\system32\deskperf.dll
[Scan path] c:\windows\system32\dfsshlex.dll
[Scan path] c:\windows\system32\diskcopy.dll
[Scan path] c:\windows\system32\dllhost.exe
[Scan path] c:\windows\system32\dmadmin.exe
[Scan path] c:\windows\system32\docprop.dll
[Scan path] c:\windows\system32\docprop2.dll
[Scan path] c:\windows\system32\drivers\acpi.sys
[Scan path] c:\windows\system32\drivers\aec.sys
[Scan path] c:\windows\system32\drivers\afd.sys
[Scan path] c:\windows\system32\drivers\alcxwdm.sys
[Scan path] c:\windows\system32\drivers\asyncmac.sys
[Scan path] c:\windows\system32\drivers\atapi.sys
[Scan path] c:\windows\system32\drivers\atmarpc.sys
[Scan path] c:\windows\system32\drivers\audstub.sys
[Scan path] c:\windows\system32\drivers\avg7core.sys
[Scan path] c:\windows\system32\drivers\avg7rsw.sys
[Scan path] c:\windows\system32\drivers\avg7rsxp.sys
[Scan path] c:\windows\system32\drivers\avgascln.sys
[Scan path] c:\windows\system32\drivers\avgtdi.sys
[Scan path] c:\windows\system32\drivers\bantext.sys
[Scan path] c:\windows\system32\drivers\bulk536.sys
[Scan path] c:\windows\system32\drivers\ca536av.sys
[Scan path] c:\windows\system32\drivers\ccdecode.sys
[Scan path] c:\windows\system32\drivers\cdrom.sys
[Scan path] c:\windows\system32\drivers\disk.sys
[Scan path] c:\windows\system32\drivers\dmboot.sys
[Scan path] c:\windows\system32\drivers\dmio.sys
[Scan path] c:\windows\system32\drivers\dmload.sys
[Scan path] c:\windows\system32\drivers\dmusic.sys
[Scan path] c:\windows\system32\drivers\drmkaud.sys
[Scan path] c:\windows\system32\drivers\drvmcdb.sys
[Scan path] c:\windows\system32\drivers\fdc.sys
[Scan path] c:\windows\system32\drivers\flpydisk.sys
[Scan path] c:\windows\system32\drivers\ftdisk.sys
[Scan path] c:\windows\system32\drivers\gearaspiwdm.sys
[Scan path] c:\windows\system32\drivers\hidusb.sys
[Scan path] c:\windows\system32\drivers\hsf_cnxt.sys
[Scan path] c:\windows\system32\drivers\hsf_dp.sys
[Scan path] c:\windows\system32\drivers\hsfhwbs2.sys
[Scan path] c:\windows\system32\drivers\i8042prt.sys
[Scan path] c:\windows\system32\drivers\ialmkchw.sys
[Scan path] c:\windows\system32\drivers\ialmnt5.sys
[Scan path] c:\windows\system32\drivers\ialmsbw.sys
[Scan path] c:\windows\system32\drivers\imapi.sys
[Scan path] c:\windows\system32\drivers\intelide.sys
[Scan path] c:\windows\system32\drivers\ipfltdrv.sys
[Scan path] c:\windows\system32\drivers\ipinip.sys
[Scan path] c:\windows\system32\drivers\ipnat.sys
[Scan path] c:\windows\system32\drivers\ipsec.sys
[Scan path] c:\windows\system32\drivers\irenum.sys
[Scan path] c:\windows\system32\drivers\isapnp.sys
[Scan path] c:\windows\system32\drivers\kbdclass.sys
[Scan path] c:\windows\system32\drivers\kmixer.sys
[Scan path] c:\windows\system32\drivers\mdmxsdk.sys
[Scan path] c:\windows\system32\drivers\mouclass.sys
[Scan path] c:\windows\system32\drivers\mouhid.sys
[Scan path] c:\windows\system32\drivers\mrxdav.sys
[Scan path] c:\windows\system32\drivers\mrxsmb.sys
[Scan path] c:\windows\system32\drivers\msgpc.sys
[Scan path] c:\windows\system32\drivers\mskssrv.sys
[Scan path] c:\windows\system32\drivers\mspclock.sys
[Scan path] c:\windows\system32\drivers\mspqm.sys
[Scan path] c:\windows\system32\drivers\mstee.sys
[Scan path] c:\windows\system32\drivers\nabtsfec.sys
[Scan path] c:\windows\system32\drivers\ndisip.sys
[Scan path] c:\windows\system32\drivers\ndistapi.sys
[Scan path] c:\windows\system32\drivers\ndisuio.sys
[Scan path] c:\windows\system32\drivers\ndiswan.sys
[Scan path] c:\windows\system32\drivers\netbios.sys
[Scan path] c:\windows\system32\drivers\netbt.sys
[Scan path] c:\windows\system32\drivers\nwlnkflt.sys
[Scan path] c:\windows\system32\drivers\nwlnkfwd.sys
[Scan path] c:\windows\system32\drivers\parport.sys
[Scan path] c:\windows\system32\drivers\pci.sys
[Scan path] c:\windows\system32\drivers\pciide.sys
[Scan path] c:\windows\system32\drivers\pcouffin.sys
[Scan path] c:\windows\system32\drivers\processr.sys
[Scan path] c:\windows\system32\drivers\psched.sys
[Scan path] c:\windows\system32\drivers\ptilink.sys
[Scan path] c:\windows\system32\drivers\pxhelp20.sys
[Scan path] c:\windows\system32\drivers\rasacd.sys
[Scan path] c:\windows\system32\drivers\rasl2tp.sys
[Scan path] c:\windows\system32\drivers\raspppoe.sys
[Scan path] c:\windows\system32\drivers\raspptp.sys
[Scan path] c:\windows\system32\drivers\raspti.sys
[Scan path] c:\windows\system32\drivers\rdbss.sys
[Scan path] c:\windows\system32\drivers\rdpcdd.sys
[Scan path] c:\windows\system32\drivers\redbook.sys
[Scan path] c:\windows\system32\drivers\rtl8139.sys
[Scan path] c:\windows\system32\drivers\secdrv.sys
[Scan path] c:\windows\system32\drivers\serenum.sys
[Scan path] c:\windows\system32\drivers\serial.sys
[Scan path] c:\windows\system32\drivers\slip.sys
[Scan path] c:\windows\system32\drivers\splitter.sys
[Scan path] c:\windows\system32\drivers\sr.sys
[Scan path] c:\windows\system32\drivers\srv.sys
[Scan path] c:\windows\system32\drivers\stream18.sys
[Scan path] c:\windows\system32\drivers\streamip.sys
[Scan path] c:\windows\system32\drivers\swenum.sys
[Scan path] c:\windows\system32\drivers\swmidi.sys
[Scan path] c:\windows\system32\drivers\sysaudio.sys
[Scan path] c:\windows\system32\drivers\tcpip.sys
[Scan path] c:\windows\system32\drivers\teefer.sys
[Scan path] c:\windows\system32\drivers\termdd.sys
[Scan path] c:\windows\system32\drivers\update.sys
[Scan path] c:\windows\system32\drivers\usbaudio.sys
[Scan path] c:\windows\system32\drivers\usbehci.sys
[Scan path] c:\windows\system32\drivers\usbhub.sys
[Scan path] c:\windows\system32\drivers\usbprint.sys
[Scan path] c:\windows\system32\drivers\usbstor.sys
[Scan path] c:\windows\system32\drivers\usbuhci.sys
[Scan path] c:\windows\system32\drivers\vga.sys
[Scan path] c:\windows\system32\drivers\wanarp.sys
[Scan path] c:\windows\system32\drivers\wanatw4.sys
[Scan path] c:\windows\system32\drivers\wdmaud.sys
[Scan path] c:\windows\system32\drivers\wg3n.sys
[Scan path] c:\windows\system32\drivers\wg4n.sys
[Scan path] c:\windows\system32\drivers\wg5n.sys
[Scan path] c:\windows\system32\drivers\wg6n.sys
[Scan path] c:\windows\system32\drivers\wpsdrvnt.sys
[Scan path] c:\windows\system32\drivers\wstcodec.sys
[Scan path] c:\windows\system32\dskquoui.dll
[Scan path] c:\windows\system32\dsquery.dll
[Scan path] c:\windows\system32\dssec.dll
[Scan path] c:\windows\system32\dsuiext.dll
[Scan path] c:\windows\system32\dxclib303562752.dll
c:\windows\system32\dxclib303562752.dll is adware program Adware.Surfside
[Scan path] c:\windows\system32\ebpmon24.dll
[Scan path] c:\windows\system32\fcqlep.exe
[Scan path] c:\windows\system32\fontext.dll
[Scan path] c:\windows\system32\fxsugwhh.exe
[Scan path] c:\windows\system32\gdi32.dll
[Scan path] c:\windows\system32\gmonstml.exe
[Scan path] c:\windows\system32\hpzsnt10.dll
[Scan path] c:\windows\system32\hticons.dll
[Scan path] c:\windows\system32\icmui.dll
[Scan path] c:\windows\system32\ie4uinit.exe
[Scan path] c:\windows\system32\iedkcs32.dll
[Scan path] c:\windows\system32\igfxsrvc.dll
[Scan path] c:\windows\system32\iiydacla.dll
c:\windows\system32\iiydacla.dll infected with Trojan.Virtumod - deleted
[Scan path] c:\windows\system32\imagehlp.dll
[Scan path] c:\windows\system32\imapi.exe
[Scan path] c:\windows\system32\inetcomm.dll
[Scan path] c:\windows\system32\itss.dll
[Scan path] c:\windows\system32\kerberos.dll
[Scan path] c:\windows\system32\kernel32.dll
[Scan path] c:\windows\system32\localspl.dll
[Scan path] c:\windows\system32\locator.exe
[Scan path] c:\windows\system32\logon.scr
[Scan path] c:\windows\system32\logonui.exe
[Scan path] c:\windows\system32\lsass.exe
[Scan path] c:\windows\system32\lz32.dll
[Scan path] c:\windows\system32\mmcshext.dll
[Scan path] c:\windows\system32\mmsys.cpl
[Scan path] c:\windows\system32\mnmsrvc.exe
[Scan path] c:\windows\system32\msdtc.exe
[Scan path] c:\windows\system32\msdxm.ocx
[Scan path] c:\windows\system32\mshtml.dll
[Scan path] c:\windows\system32\msieftp.dll
[Scan path] c:\windows\system32\msiexec.exe
[Scan path] c:\windows\system32\mstask.dll
[Scan path] c:\windows\system32\msv1_0.dll
[Scan path] c:\windows\system32\msvidctl.dll
[Scan path] c:\windows\system32\mswsock.dll
[Scan path] c:\windows\system32\mydocs.dll
[Scan path] c:\windows\system32\netdde.exe
[Scan path] c:\windows\system32\netplwiz.dll
[Scan path] c:\windows\system32\netshell.dll
[Scan path] c:\windows\system32\ntlanui2.dll
[Scan path] c:\windows\system32\ntsd.exe
[Scan path] c:\windows\system32\ntshrui.dll
[Scan path] c:\windows\system32\occache.dll
[Scan path] c:\windows\system32\ole32.dll
[Scan path] c:\windows\system32\oleaut32.dll
[Scan path] c:\windows\system32\olecli32.dll
[Scan path] c:\windows\system32\olecnv32.dll
[Scan path] c:\windows\system32\olesvr32.dll
[Scan path] c:\windows\system32\olethk32.dll
[Scan path] c:\windows\system32\photowiz.dll
[Scan path] c:\windows\system32\pjlmon.dll
[Scan path] c:\windows\system32\printui.dll
[Scan path] c:\windows\system32\qwinpoeb.exe
[Scan path] c:\windows\system32\regsvr32.exe
[Scan path] c:\windows\system32\remotepg.dll
[Scan path] c:\windows\system32\rpcrt4.dll
[Scan path] c:\windows\system32\rpcss.dll
[Scan path] c:\windows\system32\rshx32.dll
[Scan path] c:\windows\system32\rsvp.exe
[Scan path] c:\windows\system32\rsvpsp.dll
[Scan path] c:\windows\system32\rundll32.exe
[Scan path] c:\windows\system32\scardsvr.exe
[Scan path] c:\windows\system32\scecli.dll
[Scan path] c:\windows\system32\schannel.dll
[Scan path] c:\windows\system32\sclgntfy.dll
[Scan path] c:\windows\system32\scmdcon.exe
c:\windows\system32\scmdcon.exe infected with BackDoor.Mailbot - deleted
[Scan path] c:\windows\system32\sdmmlmn.exe
c:\windows\system32\sdmmlmn.exe infected with BackDoor.Mailbot - deleted
[Scan path] c:\windows\system32\sendmail.dll
[Scan path] c:\windows\system32\services.exe
[Scan path] c:\windows\system32\sessmgr.exe
[Scan path] c:\windows\system32\shdocvw.dll
[Scan path] c:\windows\system32\shell32.dll
[Scan path] c:\windows\system32\shimgvw.dll
[Scan path] c:\windows\system32\shmedia.dll
[Scan path] c:\windows\system32\shmgrate.exe
[Scan path] c:\windows\system32\shscrap.dll
[Scan path] c:\windows\system32\slayerxp.dll
[Scan path] c:\windows\system32\smlogsvc.exe
[Scan path] c:\windows\system32\smss.exe
[Scan path] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
[Scan path] c:\windows\system32\spoolsv.exe
[Scan path] c:\windows\system32\stobject.dll
[Scan path] c:\windows\system32\svchost.exe
[Scan path] c:\windows\system32\svchost.exe:exe.exe
[Scan path] c:\windows\system32\syncui.dll
[Scan path] c:\windows\system32\szr_dr.sys
[Scan path] c:\windows\system32\tcpmon.dll
[Scan path] c:\windows\system32\themeui.dll
[Scan path] c:\windows\system32\ups.exe
[Scan path] c:\windows\system32\url.dll
[Scan path] c:\windows\system32\urlmon.dll
[Scan path] c:\windows\system32\usbmon.dll
[Scan path] c:\windows\system32\user32.dll
[Scan path] c:\windows\system32\version.dll
[Scan path] c:\windows\system32\vssvc.exe
[Scan path] c:\windows\system32\vtstr.dll
c:\windows\system32\vtstr.dll infected with Trojan.Virtumod - will be cured after reboot
[Scan path] c:\windows\system32\wbem\wmiapsrv.exe
[Scan path] c:\windows\system32\wdfmgr.exe
[Scan path] c:\windows\system32\wdigest.dll
[Scan path] c:\windows\system32\webcheck.dll
[Scan path] c:\windows\system32\wiascr.dll
[Scan path] c:\windows\system32\wiashext.dll
[Scan path] c:\windows\system32\wininet.dll
[Scan path] c:\windows\system32\winlogon.exe
[Scan path] c:\windows\system32\wldap32.dll
[Scan path] c:\windows\system32\wlnotify.dll
[Scan path] c:\windows\system32\wmpshell.dll
[Scan path] c:\windows\system32\wshext.dll
[Scan path] c:\windows\system32\wuaucpl.cpl
[Scan path] c:\windows\system32\zipfldr.dll
[Scan path] c:\windows\szr_dll.dll
[Scan path] c:\windows\wanmpsvc.exe
[Scan path] c:\windows\web\related.htm
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 334
Infected objects found: 6
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 4
Dialer programs found: 0
Joke programs found: 0
Riskware programs found: 0
Hacktool programs found: 0
Objects cured: 0
Objects deleted: 4
Objects renamed: 0
Objects moved: 0
Objects ignored: 0
Scan speed: 394 Kb/s
Scan time: 00:03:18
-----------------------------------------------------------------------------
[Scan path] C:\
C:\010.exe is adware program Adware.ZenoSearch
C:\012.exe is dialer program Dialer.Egroup
C:\02.exe is adware program Adware.Nexus
C:\03.exe is adware program Adware.NewDotNet
C:\08.exe is adware program Adware.ZenoSearch
C:\NNSKYA638.exe is adware program Adware.NewDotNet
C:\rmfi.exe infected with Trojan.Virtumod - deleted
C:\silent_installer.exe is dialer program Dialer.Egroup
C:\TISED001.exe is adware program Adware.ZenoSearch
C:\zisky001.exe is adware program Adware.ZenoSearch
C:\Documents and Settings\Administrator\NTUSER.DAT - read error
C:\Documents and Settings\Administrator\NTUSER~1.LOG - read error
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat - read error
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\USRCLA~1.LOG - read error
C:\Documents and Settings\Cody\Local Settings\Temp\ICD1.tmp\UWA6P_0001_N91M1807NetInstaller.exe infected with Trojan.DownLoader.10963 - deleted
C:\Documents and Settings\Duane\Local Settings\Temp\242421.exe infected with Trojan.DownLoader.17511 - deleted
C:\Documents and Settings\Duane\Local Settings\Temp\360640.exe infected with Trojan.DownLoader.17511 - deleted
C:\Documents and Settings\Duane\Local Settings\Temp\vpqbklbc.dll infected with Trojan.Virtumod - deleted
C:\Documents and Settings\Duane\Local Settings\Temp\SmitfraudFix\SmitfraudFix\Process.exe is hacktool program Tool.Prockill
C:\Documents and Settings\Duane\Local Settings\Temp\SmitfraudFix\SmitfraudFix\restart.exe is hacktool program Tool.ShutDown.11
C:\Documents and Settings\Duane\Local Settings\Temporary Internet Files\Content.IE5\49G1IH4P\lo1[1] infected with Trojan.Virtumod - deleted
C:\Documents and Settings\Duane\Local Settings\Temporary Internet Files\Content.IE5\49G1IH4P\tvhbjs2[1].jpg infected with BackDoor.Mailbot - incurable - moved
C:\Documents and Settings\Duane\Local Settings\Temporary Internet Files\Content.IE5\EHKVE1I5\vrnini4[1].jpg infected with Trojan.Spambot - deleted
C:\Documents and Settings\Duane\Local Settings\Temporary Internet Files\Content.IE5\OHWHS3IH\tnkjfcne2[1].jpg infected with BackDoor.Mailbot - deleted
C:\Documents and Settings\Duane\Local Settings\Temporary Internet Files\Content.IE5\S1KBKJ0N\bbhgsnknfwj3[1].jpg infected with BackDoor.Mailbot - deleted
C:\Documents and Settings\Duane\Local Settings\Temporary Internet Files\Content.IE5\S1KBKJ0N\bffgrenk4[1].jpg infected with BackDoor.Mailbot - deleted
C:\Documents and Settings\Duane\Local Settings\Temporary Internet Files\Content.IE5\S1KBKJ0N\wbk1B6.tmp infected with Trojan.Bankfraud - deleted
C:\Documents and Settings\Duane\Local Settings\Temporary Internet Files\Content.IE5\S9GN4VYV\vrnini4[2].jpg infected with Trojan.Spambot - deleted
Invalid path to file C:\Documents and Settings\Molly\Local Settings\Temp\Temporary Internet Files\Content.IE5\4HA30TIF\site=cs&pagepos=84&page=profile&guide=boc&brand=smx_yp-nc&adsize=125x125&context=directory%26city%3Dphoenix%26rstid%3D24%26market_id%3D71%26lat%3D334483%26long%3D%2D1120733[1]
Invalid path to file C:\Documents and Settings\Molly\Local Settings\Temp\Temporary Internet Files\Content.IE5\EDAZY185\Type=click&FlightID=126342&AdID=167172&TargetID=25575&Segments=4,1987,2214,12606,13429,13546,13617,17169,17173,18054,18245,19056,21239,21349,21351,21424,21556&Targets=33389[1].htm
Invalid path to file C:\Documents and Settings\Molly\Local Settings\Temp\Temporary Internet Files\Content.IE5\EDAZY185\Type=click&FlightID=126342&AdID=167172&TargetID=25575&Segments=4,1987,2214,12606,13429,13546,13617,17169,17173,18054,18245,19056,21239,21349,21351,21424,21556&Targets=33389[2].htm
Invalid path to file C:\Documents and Settings\Molly\Local Settings\Temp\Temporary Internet Files\Content.IE5\IBI30JKH\Type=click&FlightID=126342&AdID=167172&TargetID=25575&Segments=4,1987,2214,12606,13429,13546,13617,17169,17173,17429,18054,18245,19056,21239,21349,21351,21424,21556&Targets[1].htm
Invalid path to file C:\Documents and Settings\Molly\Local Settings\Temp\Temporary Internet Files\Content.IE5\IBI30JKH\Type=click&FlightID=126342&AdID=167172&TargetID=25575&Segments=4,1987,2214,12606,13429,13546,13617,17169,17173,18054,18245,19056,21239,21349,21351,21424,21556&Targets=33389[1].htm
Invalid path to file C:\Documents and Settings\Molly\Local Settings\Temp\Temporary Internet Files\Content.IE5\M9MVQXKZ\Type=click&FlightID=126342&AdID=167172&TargetID=25575&Segments=4,1987,2214,12606,13429,13546,13617,17169,17173,18054,18245,19056,21239,21349,21351,21424,21556&Targets=33389[1].htm
Invalid path to file C:\Documents and Settings\Molly\Local Settings\Temp\Temporary Internet Files\Content.IE5\QH0V4PCF\Type=click&FlightID=126342&AdID=167172&TargetID=25575&Segments=4,1987,2214,12606,13429,13546,13617,17169,17173,17429,18054,18245,19056,21239,21349,21351,21424,21556&Targets[1]
Invalid path to file C:\Documents and Settings\Molly\Local Settings\Temp\Temporary Internet Files\Content.IE5\QH0V4PCF\Type=click&FlightID=126342&AdID=167172&TargetID=25575&Segments=4,1987,2214,12606,13429,13546,13617,17169,17173,18054,18245,19056,21239,21349,21351,21424,21556&Targets=33389[1].htm
Invalid path to file C:\Documents and Settings\Molly\Local Settings\Temp\Temporary Internet Files\Content.IE5\QH0V4PCF\Type=click&FlightID=126342&AdID=167172&TargetID=25575&Segments=4,1987,2214,12606,13429,13546,13617,17169,17173,18054,18245,19056,21239,21349,21351,21424,21556&Targets=33389[2].htm
Invalid path to file C:\Documents and Settings\Molly\Local Settings\Temp\Temporary Internet Files\Content.IE5\QH0V4PCF\Type=click&FlightID=126342&AdID=167172&TargetID=25575&Segments=4,1987,2214,12606,13429,13546,13617,17169,17173,18054,18245,19056,21239,21349,21351,21424,21556&Targets=33389[3].htm
Invalid path to file C:\Documents and Settings\Molly\Local Settings\Temp\Temporary Internet Files\Content.IE5\SDE3KL2J\site=cs&pagepos=1&cat_id=20&page=profile&subcat_id=124&adsize=468x60&context=directory&entityid=35577351&flavor=10&adsize=728x90%26city%3Dphoenix%26rstid%3D24%26market_id[1].htm
C:\Program Files\Common Files\Sandlot Shared\slghex.dll is adware program Adware.SpywareStorm
C:\Program Files\DeluxeCommunications\Dxc.exe is adware program Adware.Surfside
C:\Program Files\DeluxeCommunications\DxcBho.dll is adware program Adware.Surfside
C:\Program Files\DeluxeCommunications\DxcCore.dll is adware program Adware.Surfside
C:\Program Files\MyWebSearchWB\bar\1.bin\NPMYSRWB.DLL is adware program Adware.Msearch
C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL is adware program Adware.Websearch
C:\Program Files\MyWebSearchWB\bar\1.bin\W6PLUGIN.DLL is adware program Adware.Msearch
C:\Program Files\Save\Save.exe is adware program Adware.SaveNow
>C:\Program Files\Save\saveupdate.exe is adware program Adware.SaveNow
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP218\A0016634.exe is adware program Adware.NewDotNet
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP219\A0016642.exe is adware program Adware.SaveNow
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP219\A0016643.exe is adware program Adware.SaveNow
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP219\A0016644.dll is adware program Adware.SaveNow
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP219\A0016650.dll is adware program Adware.NewDotNet
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0043981.EXE is adware program Adware.DSSAgent
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0043987.DLL infected with Trojan.Funweb - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0043988.DLL is adware program Adware.MWS
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0043989.DLL is adware program Adware.MWS
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0043991.DLL is adware program Adware.Msearch
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0043993.DLL infected with Trojan.Isbar.438 - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0043995.SCR is adware program Adware.Msearch
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0043997.DLL is adware program Adware.Msearch
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0043998.EXE is adware program Adware.Msearch
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0043999.DLL infected with Trojan.DownLoader.7028 - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0044001.DLL is adware program Adware.Msearch
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0044003.DLL is adware program Adware.Msearch
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0044004.DLL is adware program Adware.MWS
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0044005.DLL is adware program Adware.Msearch
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0044006.DLL is adware program Adware.Msearch
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0044009.DLL is adware program Adware.Websearch
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0044010.DLL is adware program Adware.Msearch
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0044012.exe is adware program Adware.NewDotNet
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0044013.exe is adware program Adware.NewDotNet
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0044024.EXE is adware program Adware.Websearch
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP258\A0066243.exe infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP259\A0067258.exe is adware program Adware.Nexus
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP260\A0070335.exe infected with Trojan.Spambot - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP261\A0072491.exe is adware program Adware.Spysheriff
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP261\A0072502.exe is adware program Adware.Spysheriff
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP261\A0072505.exe is adware program Adware.ZenoSearch
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP261\A0072506.exe is adware program Adware.ZenoSearch
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP261\A0072515.dll is adware program Adware.NewDotNet
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP261\A0073515.exe infected with Trojan.Spambot - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP261\A0073549.exe infected with BackDoor.Mailbot - incurable - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP261\A0073554.exe infected with BackDoor.Mailbot - incurable - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP261\A0073564.exe infected with BackDoor.IRC.Sdbot.986 - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP263\A0075612.exe infected with Trojan.Spambot - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP263\A0076643.exe infected with Trojan.Spambot - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP263\A0076644.exe infected with Trojan.Spambot - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP263\A0076646.exe infected with Trojan.DownLoader.based - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP263\A0076647.exe infected with Trojan.DownLoader.based - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP263\A0076648.exe infected with Trojan.DownLoader.based - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP263\A0076652.exe infected with Trojan.Spambot - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP263\A0076653.exe infected with Trojan.Spambot - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP263\A0076654.exe infected with Trojan.Spambot - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP263\A0076655.exe infected with Trojan.Spambot - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP263\A0076668.exe infected with BackDoor.Mailbot - incurable - moved
>C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP273\A0095962.exe infected with Trojan.DownLoader.13909 - deleted
>C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP273\A0095963.exe infected with Trojan.DownLoader.10963 - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP273\A0095964.dll infected with Trojan.AutoAff - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP273\A0095965.exe infected with Dialer.Maxd - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP273\A0095966.exe infected with Trojan.Fakealert - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP273\A0095970.dll infected with Trojan.Fakealert.234 - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP273\A0095971.exe infected with Trojan.Fakealert - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP274\A0106014.exe infected with BackDoor.Mailbot - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP274\A0106016.exe infected with BackDoor.Mailbot - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP274\A0106017.exe infected with BackDoor.Mailbot - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP275\A0106061.exe infected with BackDoor.Mailbot - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP275\A0106063.exe infected with BackDoor.Mailbot - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP275\A0106064.exe infected with BackDoor.Mailbot - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109296.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109297.exe is adware program Adware.TopSearch
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109298.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109299.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109300.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109301.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109302.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109303.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109304.exe is adware program Adware.TopSearch
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109305.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109306.dll infected with Trojan.Juan - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109307.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109308.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109309.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109310.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109311.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109312.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109313.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109314.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109315.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109316.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109317.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109318.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109319.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109320.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109321.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109322.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109323.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109324.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109325.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109326.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109327.exe is adware program Adware.TopSearch
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109328.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109329.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109330.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109334.exe infected with BackDoor.Mailbot - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109345.exe infected with BackDoor.Mailbot - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109359.exe infected with BackDoor.Mailbot - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109365.exe infected with BackDoor.Mailbot - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109366.dll infected with Trojan.Virtumod - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109367.exe infected with BackDoor.Mailbot - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109368.exe infected with BackDoor.Mailbot - deleted
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109369.exe infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\awttqpm.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\bcyqquco.exe.bad is adware program Adware.TopSearch
C:\VundoFix Backups\byxwttt.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\cbxxwxy.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\ddccdde.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\efcawvw.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\iifdabb.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\jkkhfda.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\jkkifgh.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\kbfjmtiu.exe.bad is adware program Adware.TopSearch
C:\VundoFix Backups\khfgfcd.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\lfkekvsk.dll.bad infected with Trojan.Juan - deleted
C:\VundoFix Backups\mljghgg.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\nmbrotgd.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\nnnlmjj.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\nnnlmjk.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\nnnoomm.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\nnnoopn.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\opnmlkl.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\opnnkii.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\opnopop.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\pmkjj.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\qomlmlj.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\qommnnk.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\qomnnnk.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\rqropop.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\rqrppol.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\rqrsrsq.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\urqrqrs.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\vturppo.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\vtusqnl.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\vtutsqr.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\wokdkkfn.exe.bad is adware program Adware.TopSearch
C:\VundoFix Backups\xxywuss.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\yaywwvv.dll.bad infected with Trojan.Virtumod - deleted
C:\VundoFix Backups\yayywvu.dll.bad infected with Trojan.Virtumod - deleted
C:\WINDOWS\bvdgtrhre.exe infected with BackDoor.Mailbot - deleted
C:\WINDOWS\grfjnfew.exe infected with BackDoor.Mailbot - deleted
C:\WINDOWS\NDNuninstall6_98.exe is adware program Adware.NewDotNet
C:\WINDOWS\NDNuninstall7_48.exe is adware program Adware.NewDotNet
C:\WINDOWS\reftrh.exe infected with Trojan.Spambot - deleted
C:\WINDOWS\tmihjs.exe infected with BackDoor.Mailbot - incurable - moved
C:\WINDOWS\wdehtrh.exe infected with Trojan.Spambot - deleted
C:\WINDOWS\Downloaded Program Files\MiniBugTransporter.dll is adware program Adware.Minibug
C:\WINDOWS\Downloaded Program Files\popcaploader.dll is riskware program Program.PopcapLoader
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe infected with Trojan.DownLoader.10963 - deleted
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe infected with Trojan.DownLoader.10963 - deleted
C:\WINDOWS\system32\bkd.exe is adware program Adware.Surfside
C:\WINDOWS\system32\byxwttt.dll infected with Trojan.Virtumod - will be cured after reboot
C:\WINDOWS\system32\dxclib303562752.dll is adware program Adware.Surfside
C:\WINDOWS\system32\f3PSSavr.scr is adware program Adware.Msearch
C:\WINDOWS\system32\Process.exe is hacktool program Tool.Prockill
C:\WINDOWS\system32\vtstr.dll infected with Trojan.Virtumod - will be cured after reboot
C:\WINDOWS\system32\config\default - read error
C:\WINDOWS\system32\config\default.LOG - read error
C:\WINDOWS\system32\config\SAM - read error
C:\WINDOWS\system32\config\SAM.LOG - read error
C:\WINDOWS\system32\config\SECURITY - read error
C:\WINDOWS\system32\config\SECURITY.LOG - read error
C:\WINDOWS\system32\config\software - read error
C:\WINDOWS\system32\config\software.LOG - read error
C:\WINDOWS\system32\config\system - read error
C:\WINDOWS\system32\config\system.LOG - read error
C:\WINDOWS\temp\dldr3.exe infected with Trojan.PWS.Sizer - deleted
-----------------------------------------------------------------------------
Scan statistics
-----------------------------------------------------------------------------
Objects scanned: 224442
Infected objects found: 129
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 56
Dialer programs found: 2
Joke programs found: 0
Riskware programs found: 1
Hacktool programs found: 3
Objects cured: 0
Objects deleted: 122
Objects renamed: 0
Objects moved: 5
Objects ignored: 0
Scan speed: 55 Kb/s
Scan time: 13:55:09
-----------------------------------------------------------------------------
c:\program files\deluxecommunications\dxc.exe - will be moved after reboot
c:\program files\deluxecommunications\dxcbho.dll - will be moved after reboot
c:\program files\mywebsearchwb\bar\1.bin\w6bar.dll - moved
c:\windows\system32\dxclib303562752.dll - will be moved after reboot
C:\010.exe - moved
C:\012.exe - moved
C:\02.exe - moved
C:\03.exe - moved
C:\08.exe - moved
C:\NNSKYA638.exe - moved
C:\silent_installer.exe - moved
C:\TISED001.exe - moved
C:\zisky001.exe - moved
C:\Documents and Settings\Duane\Local Settings\Temp\SmitfraudFix\SmitfraudFix\Process.exe - moved
C:\Documents and Settings\Duane\Local Settings\Temp\SmitfraudFix\SmitfraudFix\restart.exe - moved
C:\Program Files\Common Files\Sandlot Shared\slghex.dll - moved
C:\Program Files\DeluxeCommunications\Dxc.exe - will be moved after reboot
C:\Program Files\DeluxeCommunications\DxcBho.dll - will be moved after reboot
C:\Program Files\DeluxeCommunications\DxcCore.dll - will be moved after reboot
C:\Program Files\MyWebSearchWB\bar\1.bin\NPMYSRWB.DLL - moved
C:\Program Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
C:\Program Files\MyWebSearchWB\bar\1.bin\W6PLUGIN.DLL - moved
C:\Program Files\Save\Save.exe - moved
C:\Program Files\Save\saveupdate.exe - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP218\A0016634.exe - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP219\A0016642.exe - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP219\A0016643.exe - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP219\A0016644.dll - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP219\A0016650.dll - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0043981.EXE - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0043988.DLL - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0043989.DLL - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0043991.DLL - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0043995.SCR - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0043997.DLL - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0043998.EXE - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0044001.DLL - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0044003.DLL - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0044004.DLL - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0044005.DLL - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0044006.DLL - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0044009.DLL - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0044010.DLL - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0044012.exe - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0044013.exe - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP255\A0044024.EXE - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP259\A0067258.exe - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP261\A0072491.exe - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP261\A0072502.exe - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP261\A0072505.exe - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP261\A0072506.exe - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP261\A0072515.dll - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109297.exe - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109304.exe - moved
C:\System Volume Information\_restore{7EDB5A9C-466C-4274-AEC3-C534983AC7C7}\RP283\A0109327.exe - moved
C:\VundoFix Backups\bcyqquco.exe.bad - moved
C:\VundoFix Backups\kbfjmtiu.exe.bad - moved
C:\VundoFix Backups\wokdkkfn.exe.bad - moved
C:\WINDOWS\NDNuninstall6_98.exe - moved
C:\WINDOWS\NDNuninstall7_48.exe - moved
C:\WINDOWS\Downloaded Program Files\MiniBugTransporter.dll - moved
C:\WINDOWS\Downloaded Program Files\popcaploader.dll - moved
C:\WINDOWS\system32\bkd.exe - moved
C:\WINDOWS\system32\dxclib303562752.dll - will be moved after reboot
C:\WINDOWS\system32\f3PSSavr.scr - moved
C:\WINDOWS\system32\Process.exe - moved
=============================================================================
Total session statistics
=============================================================================
Objects scanned: 224776
Infected objects found: 135
Objects with modifications found: 0
Suspicious objects found: 0
Adware programs found: 60
Dialer programs found: 2
Joke programs found: 0
Riskware programs found: 1
Hacktool programs found: 3
Objects cured: 0
Objects deleted: 126
Objects renamed: 0
Objects moved: 70
Objects ignored: 0
Scan speed: 56 Kb/s
Scan time: 13:58:27
=============================================================================
Most recent HJT
Logfile of HijackThis v1.99.1
Scan saved at 10:28:15 PM, on 2/13/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\qwinpoeb.exe
C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
C:\WINDOWS\System32\fxsugwhh.exe
C:\WINDOWS\System32\cstatvmq.exe
C:\WINDOWS\System32\gmonstml.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Duane\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about
:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///c:/secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about
:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about
:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about
:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.emachines.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - C:\Program Files\DeluxeCommunications\DxcBho.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~2\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE
O4 - HKLM\..\Run: [ijciiqc.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\ijciiqc.dll,okbblr
O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\System32\autosys.exe
O4 - HKLM\..\Run: [{7B-BE-E8-8B-ZN}] C:\windows\system32\nodsregj.exe SKY001
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\qwinpoeb.exe SKY001
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [lmjvservc] fxsugwhh.exe
O4 - HKLM\..\Run: [nvcdllx] C:\WINDOWS\System32\cstatvmq.exe
O4 - HKLM\..\Run: [kdmmcvs] C:\WINDOWS\System32\gmonstml.exe
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\iiydacla.dll",setvm
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [cwingllib] C:\WINDOWS\system32\atllsimm.exe
O4 - HKCU\..\Run: [jmlcv4m] C:\WINDOWS\System32\mgcplwin.exe
O4 - HKCU\..\Run: [WinInit] "C:\DOCUME~1\Duane\LOCALS~1\Temp\162015.exe "
O4 - HKCU\..\Run: [ymmsddlop] C:\WINDOWS\system32\vssmnptc.exe
O4 - HKCU\..\Run: [mdwinllm3] C:\WINDOWS\System32\sscmsslv.exe
O4 - HKCU\..\Run: [lvcdmsys] C:\WINDOWS\System32\dbbsrcc.exe
O4 - HKCU\..\Run: [winksddm] C:\WINDOWS\System32\jvmmods.exe
O4 - HKCU\..\Run: [lsmdwinr] C:\WINDOWS\System32\vstldmem.exe
O4 - HKCU\..\Run: [gdxapimn] C:\WINDOWS\System32\jgdepgc.exe
O4 - HKCU\..\Run: [nvcdllx] C:\WINDOWS\System32\cstatvmq.exe
O4 - HKCU\..\Run: [csmhtop] C:\WINDOWS\System32\sdmmlmn.exe
O4 - HKCU\..\Run: [ddsysmns] C:\WINDOWS\System32\scmdcon.exe
O4 - HKCU\..\Run: [ncsmmlg] C:\WINDOWS\System32\ctlmems.exe
O4 - HKCU\..\Run: [kdmmcvs] C:\WINDOWS\System32\gmonstml.exe
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search -
http://edits.mywebsearch.com/toolbar...p=ZUxdm080YYUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Video Poker -
http://download.games.yahoo.com/game...s/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon -
http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo -
http://download.games.yahoo.com/game...ts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack -
http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers -
http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess -
http://download.games.yahoo.com/game...ts/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage -
http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Dice -
http://download.games.yahoo.com/game...s/y/dct4_x.cab
O16 - DPF: Yahoo! Go Fish -
http://download.games.yahoo.com/game...ts/y/zt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire -
http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Poker -
http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids -
http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -
http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} -
http://www.errornuker.com/products/e...rInstaller.exe
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) -
http://wdownload.weatherbug.com/mini...ansporter.cab?
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) -
http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://software-dl.real.com/14939218...p/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) -
http://maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) -
http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) -
http://www.live365.com/players/play365.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) -
http://download.games.yahoo.com/game.../gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://download.games.yahoo.com/game...ploader_v6.cab
O20 - AppInit_DLLs: dxclib303562752.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Windows Host Services (DLLHOST32) - Unknown owner - C:\WINDOWS\system\dllhost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\System32\svchost.exe:exe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
O23 - Service: WINS Client (RpcPatch) - Unknown owner - C:\WINDOWS\System32\wins\DLLHOST.EXE (file missing)
O23 - Service: Network Connections Sharing (RpcTftpd) - Unknown owner - C:\WINDOWS\System32\wins\svchost.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TCP and UDP Supp0rt - Unknown owner - C:\WINDOWS\System32\tccpip.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Microsoft Apache for Windows (Windows Apache Service) - Unknown owner - C:\WINDOWS\wpablin.exe (file missing)
I also had 2 ****.dll errors come up when I was restarting the system. FYI - maybe it will be cured later, was not sure, just bringing to your attention. Do I go to XP forum later?