Suspected Virus/trojan/worm

nicdonati · 11-23-2006, 08:50 AM

Hi,

My computer is on the verge of dying, the problme started after using a p2p programme called Tvants or ppmate (im not sure which) it started off with chinese pop ups for example www.netv3g.net and has got worse and worse. My computer keeps freezing on startup with just the background picture (no icons or taskbar and the mouse cant move) This time i have managed to get it to start in normtabilised a little bit alltho the pop up keeps coming up in IE (even tho i use Mozilla) and lots of applications said they couldnt run cos they werent win32 apps. I have run McAfee and it said it found a problem with IEXPL0RE.exe and SVCHOST.exe. However it couldnt remove them and they are sitll running on my process. I tried to turn it off in Msconfig with no luck (i turned it off but it still loaded anyway) and so i have put it back to normal like u advise here is the HJT file

Logfile of HijackThis v1.99.1
Scan saved at 16:41:16, on 23/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\QKeys\QKeys.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\PowerISO\SCDEmuApp.exe
D:\WINDOWS\IEXPL0RE.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\WINDOWS\System32\sexmple.exe
D:\Program Files\SiteAdvisor\4608\SiteAdv.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
D:\Program Files\BitLord\BitLord.exe
C:\HJT\HijackThis.exe
D:\PROGRA~1\McAfee\MSC\mclogsrv.exe
D:\Program Files\CASIO\Photo Loader\Plauto.exe
D:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
d:\program files\common files\mcafee\mna\mcnasvc.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
D:\PROGRA~1\McAfee\MSC\mcpromgr.exe
d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
d:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\PROGRA~1\McAfee\MSC\mctskshd.exe
D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\Program Files\SiteAdvisor\4608\SAService.exe
D:\WINDOWS\system32\slserv.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
d:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\WINDOWS\System32\imapi.exe
D:\DOCUME~1\Nic\LOCALS~1\Temp\svc1F0.tmp
D:\DOCUME~1\Nic\LOCALS~1\Temp\mhsystem.exe
D:\DOCUME~1\Nic\LOCALS~1\Temp\ztsystem.exe
d:\program files\mcafee\msc\mcuimgr.exe
D:\WINDOWS\explorer.exe
C:\HJT\HijackThis.exe
D:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
O1 - Hosts: 61.141.31.11 www.kzdh.com
O1 - Hosts: 61.141.31.11 www.7255.com
O1 - Hosts: 61.141.31.11 www.7322.com
O1 - Hosts: 61.141.31.11 www.7939.com
O1 - Hosts: 61.141.31.11 www.piaoxue.com
O1 - Hosts: 61.141.31.11 www.feixu.net
O1 - Hosts: 61.141.31.11 www.6781.com
O1 - Hosts: 61.141.31.11 www.7b.com.cn
O1 - Hosts: 61.141.31.11 7b.com.cn
O1 - Hosts: 61.141.31.11 www.918188.com
O1 - Hosts: 61.141.31.11 hao.allxue.com
O1 - Hosts: 61.141.31.11 good.allxue.com
O1 - Hosts: 61.141.31.11 baby.allxue.com
O1 - Hosts: 61.141.31.11 www.allxue.com
O1 - Hosts: 61.141.31.11 about.lank.la
O1 - Hosts: 61.141.31.11 www.x114x.com
O1 - Hosts: 61.141.31.11 www.37ss.com
O1 - Hosts: 61.141.31.11 www.7k.cc
O1 - Hosts: 61.141.31.11 www.73ss.com
O1 - Hosts: 125.91.14.230 www.hao123.com
O1 - Hosts: 61.141.31.11 www.81915.com
O1 - Hosts: 61.141.31.11 222.88.90.22
O1 - Hosts: 61.141.31.11 www.9991.com
O1 - Hosts: 61.141.31.11 www.my123.com
O1 - Hosts: 61.141.31.11 www.haokan123.com
O1 - Hosts: 61.141.31.11 www.5566.net
O1 - Hosts: 61.141.31.11 www.gjj.cc
O1 - Hosts: 61.141.31.11 www.2345.com
O1 - Hosts: 61.141.31.11 dl.hao318.com
O1 - Hosts: 61.141.31.11 www.123wa.com
O1 - Hosts: 61.141.31.11 www.ku886.com
O1 - Hosts: 61.141.31.11 www.5icrack.com
O1 - Hosts: 61.141.31.11 www.jjol.cn
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - D:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O2 - BHO: (no name) - {1AAF1095-4979-430F-9E2C-1648BD1BE5A9} - (no file)
O2 - BHO: CNNIC ÍøÂç¹¤¾ßDrag - {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} - (no file)
O2 - BHO: (no name) - {435911D8-FE66-D5CA-1BB3-A0BFAFF0DAE0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - d:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: (no name) - {7EB20AEA-E550-C5F3-2C50-BECE1B98B8BE} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QKeys] "D:\Program Files\QKeys\QKeys.EXE"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SCDEmuApp.exe] "D:\Program Files\PowerISO\SCDEmuApp.exe"
O4 - HKLM\..\Run: [WinStar] D:\WINDOWS\IEXPL0RE.exe
O4 - HKLM\..\Run: [r] D:\WINDOWS\down\rundll32.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [load] D:\WINDOWS\uninstall\rundl132.exe
O4 - HKLM\..\Run: [WindowsStar] D:\WINDOWS\System32\sexmple.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [SiteAdvisor] D:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft WindowsUpdaters] WINUPDATER.EXE
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [Registry Cleaner] "D:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe"
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitLord\BitLord.exe"
O4 - Global Startup: Photo Loader supervisory.lnk = D:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\aelupsvc32.dll
O10 - Unknown file in Winsock LSP: d:\windows\system32\aelupsvc32.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.adsextend.net
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - D:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - D:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - d:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - D:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - D:\Program Files\SiteAdvisor\4608\SAService.exe
O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

dorts · 11-24-2006, 09:42 AM

Hello and welcome to TSF

Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. Please stay with me until your system has been declared clean.

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.

You have a very nasty chinese infection and this will take a while to clean. So please hang in there.

Please refrain from using the Internet and disconnect it when not in use.

Connect to the Internet.

Downloads

Please download combofix from this link and save it on your desktop. DO NOT run it yet.

Please download System Repair Engineer and save it to your desktop. Extract the contents of the archive onto your desktop.

Disconnect from the Interent.

Safe Mode

Restart your computer.
Before the Windows logo appear, tap F8 repeatedly. In some systems, this may be the F5 key.
A menu should appear, select Safe Mode from the menu using your arrow keys and then hit Enter on your keyboard.
This will take a while than usual, so just wait.
After it loads, Login on your usual account.

ComboFix

1. Run combofix by clicking on combofix.exe on your desktop.

3. When finished, it shall produce a log for you. It will be located at D:\combofix.txt Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

You may now reboot back to normal mode

SREng

Please start the program by clicking on SREng.exe
Click on Smart Scan (magnifying glass icon)
Click on Scan at the bottom right and the program will start scanning your system.
Once it is done, a new window will open.
Click on Save Reports and save the log on your desktop with the default file name, SREngLOG.log.
You may now exit the program.

Please post the contents of SREngLOG.log in your next reply.

Connect back to the Internet.

Logs

Please post the following logs in your next reply...

D:\combofix.txt
SREngLOG.log
A New HijackThis Log

nicdonati · 11-25-2006, 06:09 AM

things have gone from bad to worse! I cant open ANY application because i get this message.

This file does not have a program associated with it performing this action. Create an association in the Folder Options contol panel.

I dont know what that means!! Or how to fix it i went to Folder Options but i dont know what to do.

Also Safe mode didnt work the computer started running then it just switched off and started again. This happened several times so i tried usingthe Directory Service Restore Mode (which also says its opening in Safe Mode) and it says Safe Mode in all 4 corners.

dorts · 11-25-2006, 06:17 AM

Ok. I believe you have downloaded SREng. This will allow you to run EXE files again.

Go to My Computer->Tools->Folder Options->View tab:

Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck the Hide protected operating system files (recommended) option.
Also make sure there is no checkmark beside Hide file extensions for known file types
Click Yes to confirm and then click OK.

Rename sreng.exe to sreng.com
Run SReng.com
Click System Repair
Select the File Association tab and check the checkbox beside the EXE extension name.
Click Repair at the bottom right.
Restart your computer.

Quote:

Also Safe mode didnt work the computer started running then it just switched off and started again.

Can you explain further? Do you get a blue screen before it restarts/switched off?

nicdonati · 11-25-2006, 06:37 AM

I did manage to get thos programmes though. As although my internet browser wouldnt open as i had the above message i found a shortcut for website. When i opened that it opened mozilla. However wehn i try and open any program from it shortcut or from its source it gives that message.

dorts · 11-25-2006, 06:41 AM

Follow the instructions as above and you should be able to run programs.

nicdonati · 11-25-2006, 08:26 AM

Hi,

Here is the combo.exe log file

Nic - 06-11-25 16:04:01.55 Service Pack 1
ComboFix 06.11.22W - Running from: "D:\Documents and Settings\Nic\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

D:\WINDOWS\system32\regedit.com
D:\WINDOWS\system32\wnstssu.exe
d:\pagefile.pif
d:\autorun.inf
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
D:\Program Files\INSTALL.LOG
D:\Program Files\Internet Explorer\PLUGINS\system.jmp
D:\autorun.inf
D:\pagefile.pif
D:\WINDOWS\1.com
D:\WINDOWS\exeroute.exe
D:\WINDOWS\explorer.com
D:\WINDOWS\finder.com
D:\WINDOWS\logo1_.exe
D:\WINDOWS\winlogon.exe
D:\WINDOWS\debug\debugprogram.exe
D:\WINDOWS\system32\command.pif
D:\WINDOWS\system32\dllwm.dll
D:\WINDOWS\system32\dxdiag.com
D:\WINDOWS\system32\exmple.dll
D:\WINDOWS\system32\finder.com
D:\WINDOWS\system32\iexp_log.txt
D:\WINDOWS\system32\msconfig.com
D:\WINDOWS\system32\regedit.com
D:\WINDOWS\system32\rundll32.com
D:\WINDOWS\system32\sexmple.exe
D:\WINDOWS\system32\wldll.dll
D:\WINDOWS\system32\ztdll.dll
D:\Program Files\internet explorer\iexplore.com
D:\Program Files\Common Files\iexplore.pif
D:\WINDOWS\IEXPL0RE.exe
D:\WINDOWS\system32\aelupsvc32.dll
D:\WINDOWS\system32\drivers\wsfit32.sys

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

D:\qoobox\purity\WINDOWS\WNSXS~1
D:\qoobox\purity\WINDOWS\system32\WNSXS~1
D:\qoobox\purity\WINDOWS\WNSXS~1\WNSXS~1
D:\qoobox\purity\Program Files\ASEMBL~1
D:\qoobox\purity\Documents and Settings\Nic\Application Data\CROSOF~1
D:\qoobox\purity\Documents and Settings\Nic\My Documents\YMANTE~1
D:\qoobox\purity\Documents and Settings\Nic\My Documents\CROSOF~1.NET
D:\qoobox\purity\Documents and Settings\Nic\My Documents\SMBOLS~1

((((((((((((((((((((((((((((((( Files Created from 2006-10-25 to 2006-11-25 ))))))))))))))))))))))))))))))))))

2006-11-25 16:09 <DIR> d-------- D:\WINDOWS\erdnt
2006-11-25 01:10 35,960 -r-hs---- D:\WINDOWS\SERVICES.EXE
2006-11-23 16:16 68,608 --a------ D:\WINDOWS\system32\locator.exe
2006-11-23 16:16 67,584 --a------ D:\WINDOWS\system32\magnify.exe
2006-11-23 16:16 544,256 --a------ D:\WINDOWS\system32\crypt32.dll
2006-11-23 16:16 532,480 --a------ D:\WINDOWS\system32\rpcrt4.dll
2006-11-23 16:16 53,760 --a------ D:\WINDOWS\system32\cryptsvc.dll
2006-11-23 16:16 51,200 --a------ D:\WINDOWS\system32\narrator.exe
2006-11-23 16:16 37,888 --a------ D:\WINDOWS\system32\hhsetup.dll
2006-11-23 16:16 316,928 --a------ D:\WINDOWS\system32\zipfldr.dll
2006-11-23 16:16 260,608 --a------ D:\WINDOWS\system32\rpcss.dll
2006-11-23 16:16 238,080 --a------ D:\WINDOWS\system32\newdev.dll
2006-11-23 16:16 226,816 --a------ D:\WINDOWS\system32\srrstr.dll
2006-11-23 16:16 212,480 --a------ D:\WINDOWS\system32\osk.exe
2006-11-23 16:16 179,200 --a------ D:\WINDOWS\system32\accwiz.exe
2006-11-23 16:16 143,872 --a------ D:\WINDOWS\system32\itircl.dll
2006-11-23 16:16 125,440 --a------ D:\WINDOWS\system32\shmedia.dll
2006-11-23 16:16 122,368 --a------ D:\WINDOWS\system32\itss.dll
2006-11-23 16:16 10,752 --a------ D:\WINDOWS\hh.exe
2006-11-23 16:16 1,172,992 --a------ D:\WINDOWS\system32\ole32.dll
2006-11-23 16:12 31,744 --a------ D:\WINDOWS\system32\rundll32.exe
2006-11-23 16:08 <DIR> d--hs---- D:\FOUND.000
2006-11-23 15:47 947,472 --a------ D:\WINDOWS\system32\msjava.dll
2006-11-23 15:47 63,248 --a------ D:\WINDOWS\system32\javaprxy.dll
2006-11-23 15:47 49,424 --a------ D:\WINDOWS\system32\clspack.exe
2006-11-23 15:47 46,352 --a------ D:\WINDOWS\setdebug.exe
2006-11-23 15:47 404,752 --a------ D:\WINDOWS\system32\javart.dll
2006-11-23 15:47 313,856 --a------ D:\WINDOWS\system32\dx3j.dll
2006-11-23 15:47 286,992 --a------ D:\WINDOWS\system32\vmhelper.dll
2006-11-23 15:47 21,264 --a------ D:\WINDOWS\system32\msjdbc10.dll
2006-11-23 15:47 187,152 --a------ D:\WINDOWS\system32\javacypt.dll
2006-11-23 15:47 172,304 --a------ D:\WINDOWS\system32\jview.exe
2006-11-23 15:47 171,792 --a------ D:\WINDOWS\system32\wjview.exe
2006-11-23 15:47 171,280 --a------ D:\WINDOWS\system32\jit.dll
2006-11-23 15:47 154,384 --a------ D:\WINDOWS\system32\msawt.dll
2006-11-23 15:47 15,120 --a------ D:\WINDOWS\system32\jdbgmgr.exe
2006-11-23 15:47 139,536 --a------ D:\WINDOWS\system32\javaee.dll
2006-11-23 15:47 113 --a------ D:\WINDOWS\system32\zonedon.reg
2006-11-23 15:47 113 --a------ D:\WINDOWS\system32\zonedoff.reg
2006-11-23 15:46 528,896 --a------ D:\WINDOWS\system32\user32.dll
2006-11-23 15:46 46,208 --a------ D:\WINDOWS\system32\drivers\raspptp.sys
2006-11-23 15:46 42,485 --a------ D:\WINDOWS\system32\r1ft7.dll
2006-11-23 15:46 392,576 --a------ D:\WINDOWS\system32\drivers\mrxsmb.sys
2006-11-23 15:46 322,048 --a------ D:\WINDOWS\system32\drivers\srv.sys
2006-11-23 15:46 272,896 --a------ D:\WINDOWS\system32\winsrv.dll
2006-11-23 15:46 1,949,440 --a------ D:\WINDOWS\system32\ntkrnlpa.exe
2006-11-23 15:46 1,925,760 --a------ D:\WINDOWS\system32\ntoskrnl.exe
2006-11-23 15:46 1,694,336 --a------ D:\WINDOWS\system32\win32k.sys
2006-11-23 15:37 32,256 --a------ D:\WINDOWS\system32\msgsvc.dll
2006-11-23 15:36 676,864 --a------ D:\WINDOWS\system32\sxs.dll
2006-11-23 15:35 7,680 --------- D:\WINDOWS\system32\bitsprx2.dll
2006-11-23 15:35 7,168 --------- D:\WINDOWS\system32\bitsprx3.dll
2006-11-23 15:35 593,408 --------- D:\WINDOWS\system32\xpsp2res.dll
2006-11-23 15:35 331,776 --a------ D:\WINDOWS\system32\winhttp.dll
2006-11-23 15:35 260,096 --a------ D:\WINDOWS\system32\mstask.dll
2006-11-23 15:35 172,544 --a------ D:\WINDOWS\system32\schedsvc.dll
2006-11-23 15:35 17,408 --a------ D:\WINDOWS\system32\qmgrprxy.dll
2006-11-23 15:35 158,720 --------- D:\WINDOWS\system32\xpob2res.dll
2006-11-23 15:35 10,752 --a------ D:\WINDOWS\system32\mstinit.exe
2006-11-23 15:35 <DIR> d-------- D:\WINDOWS\system32\bits
2006-11-23 15:05 <DIR> d--h----- D:\WINDOWS\msdownld.tmp
2006-11-23 15:05 <DIR> d-------- D:\WINDOWS\Windows Update Setup Files
2006-11-23 14:20 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-23 14:11 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Lavasoft
2006-11-23 14:07 60,717 --a------ D:\WINDOWS\system32\schost.exe
2006-11-22 23:52 86,016 --a------ D:\WINDOWS\system32\WSD_SOCK32.dll
2006-11-22 23:52 45,056 --a------ D:\WINDOWS\system32\XpIcfOpt.dll
2006-11-21 18:16 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SiteAdvisor
2006-11-21 16:51 0 --a------ D:\WINDOWS\system32\interest.exe
2006-11-21 16:41 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\McAfee
2006-11-21 12:19 <DIR> d-------- D:\Program Files\RegCleaner
2006-11-21 11:49 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Uniblue
2006-11-21 10:49 229,376 -ra------ D:\WINDOWS\system32\atiiiexx.dll
2006-11-21 10:25 <DIR> d-------- D:\WINDOWS\Favorites
2006-11-21 00:20 31,744 --a------ D:\WINDOWS\system32\wao.exe
2006-11-20 22:45 182,880 --a------ D:\WINDOWS\system32\iuengine.dll
2006-11-20 22:06 <DIR> d-------- D:\WINDOWS\Prefetch
2006-11-20 21:48 99,328 --a------ D:\WINDOWS\system32\irftp.exe
2006-11-20 21:48 78,336 --a------ D:\WINDOWS\system32\irmon.dll
2006-11-20 21:48 7,680 --a------ D:\WINDOWS\system32\wshirda.dll
2006-11-20 21:48 55,296 --a------ D:\WINDOWS\system32\drivers\irda.sys
2006-11-20 21:45 4,096 --a------ D:\WINDOWS\system32\ksuser.dll
2006-11-20 21:43 27,165 --a------ D:\WINDOWS\system32\drivers\fetnd5.sys
2006-11-20 21:32 19,584 --a------ D:\WINDOWS\system32\drivers\rasirda.sys
2006-11-20 21:30 24,661 --a------ D:\WINDOWS\system32\spxcoins.dll
2006-11-20 21:30 13,312 --a------ D:\WINDOWS\system32\irclass.dll
2006-11-20 21:19 73,728 --a------ D:\WINDOWS\smcfg.exe
2006-11-20 21:19 607,732 --a------ D:\WINDOWS\system32\drivers\ntmtlfax.sys
2006-11-20 21:19 45,056 --a------ D:\WINDOWS\system32\slserv.exe
2006-11-20 21:19 45,056 --a------ D:\WINDOWS\system32\coinst.dll
2006-11-20 21:19 42,296 --a------ D:\WINDOWS\system32\winddx.sys
2006-11-20 21:19 413,696 --a------ D:\WINDOWS\sllights.exe
2006-11-20 21:19 369,936 --a------ D:\WINDOWS\system32\drivers\slntamr.sys
2006-11-20 21:19 33,028 --a------ D:\WINDOWS\system32\drivers\slwdmsup.sys
2006-11-20 21:19 2,383,460 --a------ D:\WINDOWS\system32\drivers\mtlstrm.sys
2006-11-20 21:19 196,608 --a------ D:\WINDOWS\system32\slextspk.dll
2006-11-20 21:19 175,160 --a------ D:\WINDOWS\system32\drivers\slnthal.sys
2006-11-20 21:19 172,708 --a------ D:\WINDOWS\system32\drivers\mtlmnt5.sys
2006-11-20 21:19 163,840 --a------ D:\WINDOWS\system32\minirec.exe
2006-11-20 21:19 151,552 --a------ D:\WINDOWS\system32\amr_cpl.dll
2006-11-20 21:19 1,438,556 --a------ D:\WINDOWS\system32\drivers\v90drv.sys
2006-11-20 21:18 <DIR> d-------- D:\WINDOWS\setup.pss
2006-11-20 18:49 <DIR> d-------- D:\Program Files\SiteAdvisor
2006-11-20 18:49 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\SiteAdvisor
2006-11-20 18:47 84,744 --a------ D:\WINDOWS\system32\drivers\mfeavfk.sys
2006-11-20 18:47 37,800 --a------ D:\WINDOWS\system32\drivers\mfesmfk.sys
2006-11-20 18:47 33,896 --a------ D:\WINDOWS\system32\drivers\mfebopk.sys
2006-11-20 18:47 31,560 --a------ D:\WINDOWS\system32\drivers\mferkdk.sys
2006-11-20 18:47 161,768 --a------ D:\WINDOWS\system32\drivers\mfehidk.sys
2006-11-20 18:47 104,024 --a------ D:\WINDOWS\system32\drivers\Mpfp.sys
2006-11-20 18:46 <DIR> d-------- D:\Program Files\McAfee.com
2006-11-20 18:46 <DIR> d-------- D:\Program Files\McAfee
2006-11-20 18:46 <DIR> d-------- D:\Program Files\Common Files\McAfee
2006-11-20 18:45 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\McAfee
2006-11-20 16:55 <DIR> d-------- D:\WINDOWS\Intel
2006-11-20 11:02 76,560 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys
2006-11-20 10:57 42,485 --a------ D:\WINDOWS\system32\drivers\cq4.sys
2006-11-19 23:39 83,487 --a------ D:\WINDOWS\system32\test3.exe
2006-11-19 23:39 <DIR> d-------- D:\Program Files\test
2006-11-19 23:38 558,080 --a------ D:\WINDOWS\system32\advapi.dll
2006-11-19 23:31 <DIR> d-------- D:\WINDOWS\Download
2006-11-19 23:30 39,936 --a------ D:\WINDOWS\rxdll.dll
2006-11-19 23:30 25,772 --a------ D:\WINDOWS\RichDll.dll
2006-11-19 23:30 <DIR> d-------- D:\WINDOWS\uninstall
2006-11-19 23:30 <DIR> d-------- D:\WINDOWS\down
2006-11-18 12:03 <DIR> d-------- D:\ppmaterecord
2006-11-18 12:03 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\PPMate
2006-11-17 19:45 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Adobe
2006-11-17 01:23 <DIR> d-------- D:\Program Files\Sign Recognition Test CDROM
2006-11-06 20:23 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\My Games
2006-11-06 20:21 <DIR> d---s---- D:\Program Files\Xfire
2006-11-06 20:21 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Xfire
2006-11-06 19:23 44,032 --a------ D:\WINDOWS\system32\msxml3r.dll
2006-11-06 19:23 1,129,472 --a------ D:\WINDOWS\system32\msxml3.dll
2006-11-06 18:16 <DIR> d-------- D:\Program Files\Firaxis Games
2006-11-06 18:08 <DIR> d-------- D:\Program Files\PowerISO
2006-11-06 17:59 577,536 ---h----- D:\WINDOWS\system32\bqzkkteezqn.exe
2006-11-06 17:57 577,536 ---h----- D:\WINDOWS\system32\sgldxwmikif.exe
2006-11-06 17:45 577,536 ---h----- D:\WINDOWS\system32\xgmusmximki.exe
2006-11-06 17:44 577,536 ---h----- D:\WINDOWS\system32\winupdaters.exe
2006-11-06 17:44 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\TEMP
2006-11-03 14:11 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Sports Interactive
2006-10-31 12:56 <DIR> d-------- D:\Program Files\Sports Interactive
2006-10-31 05:42 503,808 --a------ D:\WINDOWS\system32\xreglib.dll
2006-10-30 23:22 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Bitdefender
2006-10-30 23:11 <DIR> d-------- D:\Program Files\Softwin
2006-10-30 23:11 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\BitDefender
2006-10-30 23:10 <DIR> d-------- D:\Program Files\Common Files\Softwin
2006-10-30 23:09 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2006-10-30 23:06 684,032 --a------ D:\WINDOWS\system32\libeay32.dll
2006-10-30 23:06 155,648 --a------ D:\WINDOWS\system32\ssleay32.dll
2006-10-29 19:47 <DIR> d-------- D:\Program Files\PCPitstop
2006-10-29 06:24 <DIR> d-------- D:\Program Files\TVAnts
2006-10-29 06:23 <DIR> d-------- D:\Program Files\PPStream
2006-10-29 06:23 <DIR> d-------- D:\Program Files\PPMate
2006-10-29 06:23 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\ppstream

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-11-17 01:22 737280 --a------ D:\WINDOWS\iun6002.exe
2006-10-18 08:39 2139086 --a------ D:\WINDOWS\soft.exe
2006-10-03 21:53 -------- d-------- D:\Program Files\LitexMedia
2006-09-21 20:39 98304 --a------ D:\WINDOWS\system32\CmdLineExt.dll
2006-09-21 01:50 0 --a------ D:\Documents and Settings\Nic\Application Data\dm.ini
2006-09-16 10:16 115159 --a------ D:\WINDOWS\EliottEU2.exe

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Registry Cleaner"="\"D:\\Program Files\\TPT Registry_Cleaner (Trial)\\regclean.exe\""
"BitComet"="\"D:\\Program Files\\BitLord\\BitLord.exe\""
"wao.exe"="D:\\WINDOWS\\System32\\wao.exe D:\\WINDOWS\\System32\\drivers\\cq4.sys Rundll32"
"Dseh"="\"D:\\WINDOWS\\WNSXS~1\\userinit.exe\" -vt ndrv"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"QKeys"="\"D:\\Program Files\\QKeys\\QKeys.EXE\""
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="\"D:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SunJavaUpdateSched"="\"D:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
@=""
"SCDEmuApp.exe"="\"D:\\Program Files\\PowerISO\\SCDEmuApp.exe\""
"SoundMan"="SOUNDMAN.EXE"
"WinampAgent"="\"D:\\Program Files\\Winamp3\\winampa.exe\""
"SiteAdvisor"="D:\\Program Files\\SiteAdvisor\\4608\\SiteAdv.exe"
"NeroFilterCheck"="D:\\WINDOWS\\system32\\NeroCheck.exe"
"Microsoft WindowsUpdaters"="WINUPDATER.EXE"
"iTunesHelper"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AdaptecDirectCD"="\"D:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"Acrobat Assistant 7.0"="\"D:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"1f"="D:\\WINDOWS\\System32\\rundll32.exe r1ft7.dll Rundll32"
"wl"="D:\\WINDOWS\\Download\\svhost32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e4,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,4d,00,00,00,00,00,00,00,2b,05,00,00,fe,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,4d,00,00,00,00,00,00,00,2b,05,00,00,fe,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"NiceMs"="D:\\Program Files\\Internet Explorer\\PLUGINS\\temp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

Contents of the 'Scheduled Tasks' folder
D:\WINDOWS\tasks\McQcTask.job
D:\WINDOWS\tasks\McDefragTask.job

Completion time: 06-11-25 16:11:12.59
D:\ComboFix.txt ... 06-11-25 16:11

This is the SREng.com log file

2006-11-25,16:18:53

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 1 (Build 2600)
- Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Registry Cleaner><"D:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe"> [N/A]
<BitComet><"D:\Program Files\BitLord\BitLord.exe"> [www.BitLord.com]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<NiceMs><D:\Program Files\Internet Explorer\PLUGINS\temp.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<QKeys><"D:\Program Files\QKeys\QKeys.EXE"> [Taiwan]
<ATIModeChange><Ati2mdxx.exe> [(Verified)ATI Technologies, Inc.]
<ATIPTA><"D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"> [ATI Technologies, Inc.]
<SunJavaUpdateSched><"D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"> [Sun Microsystems, Inc.]
<QuickTime Task><"D:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<SCDEmuApp.exe><"D:\Program Files\PowerISO\SCDEmuApp.exe"> [PowerISO Computing, Inc.]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<WinampAgent><"D:\Program Files\Winamp3\winampa.exe"> [N/A]
<SiteAdvisor><D:\Program Files\SiteAdvisor\4608\SiteAdv.exe> [(Verified)McAfee, Inc.]
<NeroFilterCheck><D:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<Microsoft WindowsUpdaters><WINUPDATER.EXE> [N/A]
<iTunesHelper><"D:\Program Files\iTunes\iTunesHelper.exe"> [Apple Computer, Inc.]
<AdaptecDirectCD><"D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"> [Roxio]
<Acrobat Assistant 7.0><"D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"> [Adobe Systems Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><D:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
<WinlogonNotify: WRNotifier><WRLogonNTF.dll> [N/A]

==================================
Startup Folders
[Photo Loader supervisory]
<D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk --> D:\PROGRA~1\CASIO\PHOTOL~1\Plauto.exe [CASIO COMPUTER CO.,LTD.]><N>
[Adobe Acrobat Speed Launcher]
<D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk --> D:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [N/A]><N>

==================================
Services
[Adobe LM Service / Adobe LM Service]
<"D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Application Management / AppMgmt]
<D:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Ati HotKey Poller / Ati HotKey Poller]
<D:\WINDOWS\System32\Ati2evxx.exe><N/A>
[McAfee E-mail Proxy / Emproxy]
<D:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe><McAfee, Inc.>
[InstallDriver Table Manager / IDriverT]
<"D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPodService / iPodService]
<D:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[McAfee HackerWatch Service / McAfee HackerWatch Service]
<"D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"><McAfee, Inc.>
[McAfee Log Manager / McLogManagerService]
<D:\PROGRA~1\McAfee\MSC\mclogsrv.exe><McAfee, Inc.>
[McAfee Update Manager / mcmispupdmgr]
<D:\PROGRA~1\McAfee\MSC\mcupdmgr.exe><McAfee, Inc.>
[McAfee Network Agent / McNASvc]
<"d:\program files\common files\mcafee\mna\mcnasvc.exe"><McAfee, Inc.>
[McAfee Scanner / McODS]
<D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe><McAfee, Inc.>
[McAfee Protection Manager / mcpromgr]
<D:\PROGRA~1\McAfee\MSC\mcpromgr.exe><McAfee, Inc.>
[McAfee Redirector Service / McRedirector]
<d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe><McAfee, Inc.>
[McAfee Real-time Scanner / McShield]
<D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe><McAfee, Inc.>
[McAfee SystemGuards / McSysmon]
<D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe><McAfee, Inc.>
[McAfee Task Scheduler / mctskshd.exe]
<D:\PROGRA~1\McAfee\MSC\mctskshd.exe><McAfee, Inc.>
[McAfee User Manager / mcusrmgr]
<D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe><McAfee, Inc.>
[McAfee Personal Firewall Service / MpfService]
<"D:\Program Files\McAfee\MPF\MPFSrv.exe"><McAfee, Inc.>
[SiteAdvisor Service / SiteAdvisor Service]
<D:\Program Files\SiteAdvisor\4608\SAService.exe><N/A>
[Ulead Burning Helper / UleadBurningHelper]
<D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>

==================================
Drivers
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag]
<System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[bdfdll / bdfdll]
<\??\D:\Program Files\Softwin\BitDefender10\bdfdll.sys><N/A>
[BDFSDRV / BDFSDRV]
<\??\D:\??\D:\Program Files\Softwin\BitDefender10\bdfsdrv.sys><N/A>
[Cdr4_xp / Cdr4_xp]
<D:\WINDOWS\SYSTEM32\DRIVERS\Cdr4_xp.SYS><Roxio>
[Cdralw2k / Cdralw2k]
<D:\WINDOWS\SYSTEM32\DRIVERS\Cdralw2k.SYS><Roxio>
[cdudf_xp / cdudf_xp]
<D:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.SYS><Roxio>
[d347bus / d347bus]
<\SystemRoot\System32\DRIVERS\d347bus.sys><>
[d347prt / d347prt]
<\SystemRoot\System32\Drivers\d347prt.sys><>
[Dual-Mode DSC(2770) / DCamUSBSQTECH]
<System32\Drivers\SQcaptur.sys><Service & Quality Technology.>
[dvd_2K / dvd_2K]
<D:\WINDOWS\SYSTEM32\DRIVERS\dvd_2K.SYS><Roxio>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
<System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB]
<System32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[GEAR CDRom Filter / GEARAspiWDM]
<SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[McAfee Inc. / mfeavfk]
<system32\drivers\mfeavfk.sys><McAfee, Inc.>
[McAfee Inc. / mfebopk]
<system32\drivers\mfebopk.sys><McAfee, Inc.>
[McAfee Inc. / mfehidk]
<system32\drivers\mfehidk.sys><McAfee, Inc.>
[McAfee Inc. / mferkdk]
<system32\drivers\mferkdk.sys><McAfee, Inc.>
[McAfee Inc. / mfesmfk]
<system32\drivers\mfesmfk.sys><McAfee, Inc.>
[mmc_2K / mmc_2K]
<D:\WINDOWS\SYSTEM32\DRIVERS\mmc_2K.SYS><Roxio>
[MP3Driver / MP3Driver]
<D:\WINDOWS\SYSTEM32\DRIVERS\MP3Driver.SYS><N/A>
[MPFP / MPFP]
<System32\Drivers\Mpfp.sys><McAfee, Inc.>
[Mtlmnt5 / Mtlmnt5]
<System32\DRIVERS\Mtlmnt5.sys><>
[Mtlstrm / Mtlstrm]
<System32\DRIVERS\Mtlstrm.sys><>
[NSC Infrared Device Driver / NSCIRDA]
<System32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[NtMtlFax / NtMtlFax]
<System32\DRIVERS\NtMtlFax.sys><>
[NTSIM / NTSIM]
<\??\D:\WINDOWS\System32\ntsim.sys><VIA Technologies, Inc.>
[Direct Parallel Link Driver / Ptilink]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[pwd_2k / pwd_2k]
<D:\WINDOWS\SYSTEM32\DRIVERS\pwd_2k.SYS><Roxio>
[SCDEmu / SCDEmu]
<D:\WINDOWS\SYSTEM32\DRIVERS\SCDEmu.SYS><PowerISO Computing, Inc.>
[Secdrv / Secdrv]
<System32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel]
<\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[SmartLink AMR_PCI Driver / Slntamr]
<System32\DRIVERS\slntamr.sys><>
[SlNtHal / SlNtHal]
<System32\DRIVERS\Slnthal.sys><>
[SlWdmSup / SlWdmSup]
<System32\DRIVERS\SlWdmSup.sys><Vireo Software>
[tmcomm / tmcomm]
<\??\D:\WINDOWS\System32\drivers\tmcomm.sys><Trend Micro Inc.>
[UdfReadr_xp / UdfReadr_xp]
<D:\WINDOWS\SYSTEM32\DRIVERS\UdfReadr_xp.SYS><Roxio>
[V90drv / V90drv]
<System32\DRIVERS\v90drv.sys><>
[VIA AGP Filter / viaagp1]
<\SystemRoot\System32\DRIVERS\viaagp1.sys><N/A>
[VIA USB Host Controller Lower Filter / vulfnths]
<\SystemRoot\System32\Drivers\vulfnth.sys><VIA Technologies, Inc.>
[VIA USB Roothub Lower Filter / vulfntrs]
<\SystemRoot\System32\Drivers\vulfntr.sys><VIA Technologies, Inc.>

==================================
Browser Add-ons
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
{089FD14D-132B-48FC-8861-0048AE113215} <D:\Program Files\SiteAdvisor\4608\SiteAdv.dll, McAfee, Inc.>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\Spybot - Search & Destroy\SDHelper.dll, Safer Networking Limited>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[scriptproxy]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} <d:\program files\mcafee\virusscan\scriptsn.dll, McAfee, Inc.>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <d:\program files\google\googletoolbar3.dll, Google Inc.>
[Adobe PDF Conversion Toolbar Helper]
{AE7CD045-E861-484f-8273-0445EE161910} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[Java Plug-in 1.5.0_09]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <d:\program files\google\googletoolbar3.dll, Google Inc.>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[McAfee SiteAdvisor]
{0BF43445-2F28-4351-9252-17FE6E806AA0} <D:\Program Files\SiteAdvisor\4608\SiteAdv.dll, McAfee, Inc.>
[&Radio]
{8E718888-423F-11D2-876E-00A0C9082467} <D:\WINDOWS\System32\msdxm.ocx, N/A>
[Java Plug-in 1.5.0_09]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[ActiveScan Installer Class]
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <D:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[Update Class]
{9F1C11AA-197B-4942-BA54-47A8489BB47F} <D:\WINDOWS\System32\iuctl.dll, Microsoft Corporation>
[Java Plug-in 1.5.0_02]
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_09]
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_09]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll, Sun Microsystems, Inc.>
[Convert link target to Adobe PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert link target to existing PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert selected links to Adobe PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[Convert selected links to existing PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[Convert selection to Adobe PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert selection to existing PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert to Adobe PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert to existing PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>

==================================
Running Processes
[PID: 636][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 700][\??\D:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 724][\??\D:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 772][D:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 784][D:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 956][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1020][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1220][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1296][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1368][D:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]
[D:\WINDOWS\System32\drivers\cq4.sys] [N/A, N/A]
[D:\Program Files\Internet Explorer\PLUGINS\sb.dll] [N/A, N/A]
[PID: 1544][D:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[D:\WINDOWS\System32\AdobePDF.dll] [Adobe Systems Incorporated., 7.0.0.00]
[D:\Program Files\Adobe\Acrobat 7.0\Distillr\adistres.dll] [Adobe Systems Incorporated., 7.0.7.2006011200]
[PID: 1640][D:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1652][D:\WINDOWS\System32\Ati2evxx.exe] [N/A, N/A]
[PID: 1692][D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe] [McAfee, Inc., 8.0.163.0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\common files\mcafee\hackerwatch\hwapips.dll] [McAfee, Inc., 8.0.163.0]
[PID: 1752][D:\PROGRA~1\McAfee\MSC\mclogsrv.exe] [McAfee, Inc., 7,1,131,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcdbmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll] [McAfee, Inc., 7,1,114,0]
[PID: 1796][D:\PROGRA~1\McAfee\MSC\mcupdmgr.exe] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll] [McAfee, Inc., 7,1,114,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,1,128,0]
[PID: 1872][d:\program files\common files\mcafee\mna\mcnasvc.exe] [McAfee, Inc., 1,1,110,0]
[D:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll] [McAfee, Inc., 7,1,114,0]
[d:\program files\mcafee\msc\mcnmcsrv.dll] [McAfee, Inc., 1,1,108,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\common files\mcafee\mna\mcnasvcps.dll] [McAfee, Inc., 1,1,110,0]
[d:\program files\mcafee\msc\mcnmcsps.dll] [McAfee, Inc., 1,1,108,0]
[d:\program files\mcafee\msc\mcregobj\7,1,128,0\mcregobj.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcmismgr.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\common files\mcafee\mna\mcuj.dll] [McAfee, Inc., 1,1,110,0]
[D:\PROGRA~1\McAfee\MSC\McNmcRes.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcLoR.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcCoR.dll] [McAfee, Inc., 1,1,108,0]
[PID: 1892][D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe] [McAfee, Inc., 11,0,201,0]
[d:\program files\mcafee\virusscan\mcodsax.dll] [McAfee, Inc., 11,0,201,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[PID: 1908][D:\PROGRA~1\McAfee\MSC\mcpromgr.exe] [McAfee, Inc., 7,1,131,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll] [McAfee, Inc., 7,1,114,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee.com\agent\mcagntps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcmscver.dll] [McAfee, Inc., 7,1,128,0]
[d:\PROGRA~1\mcafee\VIRUSS~1\mvsap.dll] [McAfee, Inc., 11,0,201,0]
[d:\program files\mcafee\mpf\mc\mpfmisp.dll] [McAfee, Inc., 8.0.198.0]
[D:\Program Files\McAfee\MPF\L10N.DLL] [McAfee Security, 8.0.198.0]
[D:\Program Files\SiteAdvisor\4608\SiteAdv.dll] [McAfee, Inc., 2.1.1.35]
[d:\program files\mcafee\virusscan\mcvspp.dll] [McAfee, Inc., 11,0,201,0]
[d:\program files\mcafee\msc\mcprotpv.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcnmcprv.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcRes.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcLoR.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcCoR.dll] [McAfee, Inc., 1,1,108,0]
[d:\program files\common files\mcafee\mna\mcnasvcps.dll] [McAfee, Inc., 1,1,110,0]
[d:\program files\mcafee\msc\mcnmcsps.dll] [McAfee, Inc., 1,1,108,0]
[d:\program files\mcafee\virusscan\mvscfg.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\naiannps.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\mcodsax.dll] [McAfee, Inc., 11,0,201,0]
[d:\program files\mcafee\msc\mcregobj\7,1,128,0\mcregobj.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\mpf\mc\mpfp.dll] [McAfee, Inc., 8.0.198.0]
[D:\PROGRA~1\McAfee\MSC\McProHlp.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\virusscan\mvsver.dll] [McAfee, Inc., 11,0,281,0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[d:\PROGRA~1\COMMON~1\mcafee\emproxy\empxyver.dll] [McAfee, Inc., 11,0,169,0]
[d:\program files\common files\mcafee\redirsvc\redirver.dll] [McAfee, Inc., 1,0,198,0]
[d:\program files\mcafee\msc\mcnmcver.dll] [McAfee, Inc., 1,1,108,0]
[d:\program files\mcafee\mqc\qcmisp.dll] [McAfee, Inc., 7,1,123,0]
[d:\program files\mcafee\mqc\QcLite.dll] [McAfee, Inc., 7,1,123,0]
[PID: 1984][d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe] [McAfee, Inc., 1,0,198,0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\common files\mcafee\hackerwatch\hwapips.dll] [McAfee, Inc., 8.0.163.0]
[PID: 1996][D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\LockDown.dll] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\mytilus.dll] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\mytilus2.dll] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\RES00\McShield.dll] [McAfee, Inc., 13.2.0.175]
[D:\PROGRA~1\McAfee\VIRUSS~1\FTL.Dll] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\naiann.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\virusscan\mcvsps.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\naiannps.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\mvscfg.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\mcvsqt.dll] [McAfee, Inc., 11,0,281,0]
[D:\PROGRA~1\McAfee\VIRUSS~1\McQtLib.dll] [McAfee, Inc., 11,0,281,0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[D:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll] [McAfee, Inc., 11,0,209,0]
[D:\Program Files\McAfee\VirusScan\mcscan32.dll] [McAfee, Inc., 5.1.00]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfebopa.dll] [McAfee, Inc., 13.2.0.159]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll] [McAfee, Inc., 13.2.0.159]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfeavfa.dll] [McAfee, Inc., 13.2.0.159]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[PID: 2040][D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe] [McAfee, Inc., 11,0,281,0]
[D:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll] [McAfee, Inc., 11,0,209,0]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfesmfa.dll] [McAfee, Inc., 13.2.0.159]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll] [McAfee, Inc., 13.2.0.159]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\common files\mcafee\hackerwatch\hwapips.dll] [McAfee, Inc., 8.0.163.0]
[d:\program files\mcafee\virusscan\mvscfg.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\virusscan\mcvsps.dll] [McAfee, Inc., 11,0,281,0]
[PID: 260][D:\PROGRA~1\McAfee\MSC\mctskshd.exe] [McAfee, Inc., 7,1,133,0]
[PID: 496][D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe] [McAfee, Inc., 7,1,131,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll] [McAfee, Inc., 7,1,114,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[PID: 572][D:\Program Files\McAfee\MPF\MPFSrv.exe] [McAfee, Inc., 8.0.198.0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\common files\mcafee\hackerwatch\hwapips.dll] [McAfee, Inc., 8.0.163.0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\mpf\mc\mpfmisp.dll] [McAfee, Inc., 8.0.198.0]
[D:\Program Files\McAfee\MPF\L10N.DLL] [McAfee Security, 8.0.198.0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[PID: 696][D:\WINDOWS\System32\tcpsvcs.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1056][D:\Program Files\SiteAdvisor\4608\SAService.exe] [N/A, N/A]
[PID: 1212][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1960][D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe] [Ulead Systems, Inc., 1, 0, 0, 3]
[PID: 2100][d:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe] [McAfee, Inc., 11,0,205,0]
[D:\PROGRA~1\McAfee\MSC\McAltLib.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\virusscan\mcvsps.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\msc\mcuicfg.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mccfgpv.dll] [McAfee, Inc., 7,1,128,0]
[D:\WINDOWS\System32\drivers\cq4.sys] [N/A, N/A]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]
[PID: 532][D:\WINDOWS\system32\NOTEPAD.EXE] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\WINDOWS\System32\drivers\cq4.sys] [N/A, N/A]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]
[PID: 1156][D:\Program Files\QKeys\QKeys.EXE] [Taiwan, 1, 0, 2, 251]
[PID: 1716][D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5021]
[D:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.ENU] [ATI Technologies, Inc., 6.14.10.5021]
[D:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5021]
[D:\WINDOWS\System32\drivers\cq4.sys] [N/A, N/A]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]
[D:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5021]
[PID: 1576][D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe] [Sun Microsystems, Inc., 5.0.90.3]
[PID: 1964][D:\Program Files\QuickTime\qttask.exe] [Apple Computer, Inc., 7.0.3]
[D:\WINDOWS\System32\drivers\cq4.sys] [N/A, N/A]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]
[PID: 1800][D:\Program Files\PowerISO\SCDEmuApp.exe] [PowerISO Computing, Inc., 2, 6, 1, 1]
[PID: 1784][D:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.0.14]
[PID: 2012][D:\Program Files\SiteAdvisor\4608\SiteAdv.exe] [McAfee, Inc., 1.6.0.23]
[D:\Program Files\SiteAdvisor\4608\SiteAdv.dll] [McAfee, Inc., 2.1.1.35]
[D:\Program Files\SiteAdvisor\4608\SASubMgr.dll] [McAfee, Inc., 2,0,9999,0]
[PID: 2084][D:\Program Files\iTunes\iTunesHelper.exe] [Apple Computer, Inc., 6.0.0.18]
[D:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL] [Apple Computer, Inc., 6.0.0.18]
[D:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Computer, Inc., 6.0.0.18]
[PID: 2232][D:\Program Files\iPod\bin\iPodService.exe] [Apple Computer, Inc., 6.0.0.18]
[D:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL] [Apple Computer, Inc., 6.0.0.18]
[D:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Computer, Inc., 6.0.0.18]
[PID: 2268][D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe] [Roxio, 5.3.4.21]
[D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\CDUDFLIB.dll] [Roxio, 5.3.4.21]
[D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\UDFRWLIB.dll] [Roxio, 5.3.4.21]
[D:\WINDOWS\System32\CDRTC.DLL] [Roxio, 5.3.4.21]
[D:\WINDOWS\System32\cdral.DLL] [Roxio, 5.3.4.21]
[D:\WINDOWS\System32\drivers\cq4.sys] [N/A, N/A]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]
[PID: 2312][D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe] [Adobe Systems Inc., 7.0.7.2006011200]
[PID: 2400][D:\WINDOWS\System32\rundll32.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]
[PID: 2456][D:\Program Files\BitLord\BitLord.exe] [www.BitLord.com, 1.1.]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]
[D:\WINDOWS\System32\drivers\cq4.sys] [N/A, N/A]
[PID: 2412][D:\WINDOWS\System32\wao.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\WINDOWS\System32\drivers\cq4.sys] [N/A, N/A]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]
[PID: 2516][D:\Program Files\CASIO\Photo Loader\Plauto.exe] [CASIO COMPUTER CO.,LTD., 2.3E]
[D:\WINDOWS\System32\drivers\cq4.sys] [N/A, N/A]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]
[PID: 3028][d:\PROGRA~1\mcafee.com\agent\mcagent.exe] [McAfee, Inc., 7,1,133,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[D:\WINDOWS\System32\drivers\cq4.sys] [N/A, N/A]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]
[d:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcregobj\7,1,128,0\mcregobj.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee.com\agent\mcagntps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mccfgpv.dll] [McAfee, Inc., 7,1,128,0]
[PID: 1352][d:\program files\mcafee\msc\mcuimgr.exe] [McAfee, Inc., 7,1,128,0]
[D:\WINDOWS\System32\drivers\cq4.sys] [N/A, N/A]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[D:\Documents and Settings\Nic\Desktop\SREng.com] [Smallfrogs Studio, 2.2.6.605]
[D:\WINDOWS\System32\drivers\cq4.sys] [N/A, N/A]
[D:\WINDOWS\System32\r1ft7.dll] [N/A, N/A]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["D:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================

And this is the HJT log file:

Logfile of HijackThis v1.99.1
Scan saved at 16:20:20, on 25/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\System32\Ati2evxx.exe
D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
D:\PROGRA~1\McAfee\MSC\mclogsrv.exe
D:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
d:\program files\common files\mcafee\mna\mcnasvc.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
D:\PROGRA~1\McAfee\MSC\mcpromgr.exe
d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
D:\PROGRA~1\McAfee\MSC\mctskshd.exe
D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\Program Files\SiteAdvisor\4608\SAService.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\QKeys\QKeys.EXE
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\PowerISO\SCDEmuApp.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\SiteAdvisor\4608\SiteAdv.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\WINDOWS\System32\rundll32.exe
D:\Program Files\BitLord\BitLord.exe
C:\HJT\HijackThis.exe
D:\Program Files\CASIO\Photo Loader\Plauto.exe
d:\PROGRA~1\mcafee.com\agent\mcagent.exe
d:\program files\mcafee\msc\mcuimgr.exe
D:\WINDOWS\System32\cmd.exe
D:\WINDOWS\Logo1_.exe
C:\HJT\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - D:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O2 - BHO: (no name) - {1AAF1095-4979-430F-9E2C-1648BD1BE5A9} - (no file)
O2 - BHO: (no name) - {435911D8-FE66-D5CA-1BB3-A0BFAFF0DAE0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - d:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: (no name) - {7EB20AEA-E550-C5F3-2C50-BECE1B98B8BE} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QKeys] "D:\Program Files\QKeys\QKeys.EXE"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SCDEmuApp.exe] "D:\Program Files\PowerISO\SCDEmuApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [SiteAdvisor] D:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft WindowsUpdaters] WINUPDATER.EXE
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [Registry Cleaner] "D:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe"
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitLord\BitLord.exe"
O4 - Global Startup: Photo Loader supervisory.lnk = D:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.adsextend.net
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - D:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - D:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - d:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - D:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - D:\Program Files\SiteAdvisor\4608\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Ok. Thanks so far! I ran HJT in normal mode after i had done the other 2 scans. My apps are working again... Phew! and about safe mode i will just restart my computer now and watch carefully and record what it says and i will post my findings in the next post ok.

nicdonati · 11-25-2006, 08:41 AM

So i go to the Safe mode option. It then goes to like a DOS like screen and says loading all these files from the System32 folder. Then it comes to loading a file called d347bus.sys and says press esc key if u want to cancel. At this point it doesnt make a difference if u press Esc key or not the next thing that happens the computer just reboots like u just asked it to restart, no error message, blue screen nothing. Then this time when it starts it goes to a screen which says something along the lines of

We apologise for the inconveniance but windows did not start succesfully last time this may be due to some recent software/hardware installation. It then asks if u wanna try and start in normal or safe mode. The same thing happens if u go to Safe mode again.

dorts · 11-25-2006, 08:43 PM

Ok. Great work! Now for round 2.

Before starting, I want some samples from you. I need the following files and folders:

D:\Program Files\Internet Explorer\PLUGINS\sb.dll
D:\WINDOWS\Logo1_.exe
D:\WINDOWS\system32\XpIcfOpt.dll
D:\WINDOWS\system32\interest.exe
D:\WINDOWS\system32\wao.exe
D:\WINDOWS\system32\drivers\cq4.sys
D:\WINDOWS\rxdll.dll
D:\WINDOWS\uninstall
D:\WINDOWS\down

Please zip the files and folders up and send it to my email which I would PM you.
If you don’t know how to zip, follow the instructions here. It is easier to copy/paste them onto the desktop and zipping them altogether.

Downloads and others

Please download ATF Cleaner - http://www.atribune.org/ccount/click.php?id=1

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

Install AVG Anti Spyware
Double-click the icon on Desktop to launch AVG
On the top of the main screen click Shield
Click the word active to change it to inactive
On the top of the main screen click Update.
Then click on Start Update. The update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"

When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

Please download the attached smfix.zip the bottom of this post. Double click on the zip file and then double click on the file named smfix.reg within it. When prompt, click yes to allow it to merge into the registry. This should allow you to boot into safe mode.

Download and KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175) Save it to your desktop. DO NOT run it yet.

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Safe Mode

Restart your computer.
Before the Windows logo appear, tap F8 repeatedly. In some systems, this may be the F5 key.
A menu should appear, select Safe Mode from the menu using your arrow keys and then hit Enter on your keyboard.
This will take a while than usual, so just wait.
After it loads, Login on your usual account.

If you are still unable to boot into safe mode, please continue the fix in normal mode.

Uninstall

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

PPMate
PPStream

Fixes with SREng

Open SREng and click on “Boot Items”(clock). Under the Registry tab, find the following file names and click delete on each of them.

NiceMs
Microsoft WindowsUpdaters

Killbox

Select the following option - delete on Reboot
Use your mouse to select all the filenames listed below & then right-click & select Copy

D:\WINDOWS\system32\schost.exe
D:\WINDOWS\system32\WSD_SOCK32.dll
D:\WINDOWS\SERVICES.EXE
D:\WINDOWS\system32\XpIcfOpt.dll
D:\WINDOWS\system32\interest.exe
D:\WINDOWS\system32\wao.exe
D:\WINDOWS\system32\drivers\cq4.sys
D:\WINDOWS\system32\test3.exe
D:\WINDOWS\rxdll.dll
D:\WINDOWS\RichDll.dll
D:\WINDOWS\system32\bqzkkteezqn.exe
D:\WINDOWS\system32\sgldxwmikif.exe
D:\WINDOWS\system32\xgmusmximki.exe
D:\WINDOWS\system32\winupdaters.exe
D:\WINDOWS\system32\xreglib.dll
D:\WINDOWS\iun6002.exe
D:\WINDOWS\soft.exe
D:\WINDOWS\EliottEU2.exe
D:\Program Files\Internet Explorer\PLUGINS\temp.exe
D:\WINDOWS\System32\r1ft7.dll
D:\Program Files\Internet Explorer\PLUGINS\sb.dll
D:\WINDOWS\Logo1_.exe

* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Click NO at the 'Pending Operations prompt'. (Do not reboot yet)

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.

Folders Deletion

Delete the following Folders indicated in BLUE if they still exist.

D:\Program Files\test
D:\WINDOWS\uninstall
D:\WINDOWS\down
D:\ppmaterecord
D:\Documents and Settings\Nic\Application Data\PPMate
D:\Documents and Settings\Nic\Application Data\PPStream
D:\Program Files\PPMate
D:\Program Files PPStream

ATF Cleaner

Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.

If you use Firefox browser, do this also:

Click Firefox at the top and choose Select All from the list.
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser, do this also:

Click Opera at the top and choose Select All from the list.
Click the Empty Selected button.
NOTE : If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

AVG Anti-Spyware

Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click on the Scan tab
Click Complete System Scan to begin scanning.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

SmitfraudFix - Option #1

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"
and a text file will appear which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

IMPORTANT: Do NOT run option #2 OR any other option until you are directed to do so!

ComboFix

1. Run combofix again by clicking on combofix.exe on your desktop.

2. When finished, it shall produce a log for you. It will be located at D:\combofix.txt. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

You may now reboot back to normal mode

Online Scan

Please perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Logs

Please post the following logs in your next reply...

AVG Anti-Spyware's Log
SmitfraudFix’s log
D:\combofix.txt
Kaspersky’s Online Scan Log
A New SREng Log
A New HijackThis Log

nicdonati · 11-26-2006, 06:07 AM

Hi,

Evereything was going ok I had installed AVG and changed all the settings as instructed. Except when i came to the step of running the scan it kept closing down before the scan finished (i tried several times) eventually it finished the scan and i went to "apply all actions" the program closed with no warning and im not sure if it worked and it closed before i could get the log. So i tried again but it continued to close before the scan finished. So i tried to re-install it except i had to restart the computer ( so i think that killbox.exe already deleted those files) i have just started AVG again and i will continue on but things are going in the same order anymore... Sorry!

nicdonati · 11-26-2006, 06:12 AM

sorry i mean things ARE NOT going to be in the same order anymore.

nicdonati · 11-26-2006, 06:53 AM

ok it seems that AVG didnt work the first time, alkl the files were still infected so i cleaned them etc.. and have the log however a few of the files were in the zip that i made for u i told it to leave them i will delte them after once i have sent it to you. There is also a problem with SmitFraudFix wehn i click on the the cmd file, it says

Fischier Process.Exe absent!
and it then something in french and then it says
Process.exe file missing
Unzip all the archive in a folder

Press any key to Escape

Then it cancels and quits. I unzipped all the files into one place. so i dont know what the problem is. SHall i continue everything else anyway?

nicdonati · 11-26-2006, 07:04 AM

right i cant send you the files either as hotmail and yahoo say that cant send the file because it contains an uncleanable virus and gmail wont send it because it has an exe file.

nicdonati · 11-26-2006, 08:55 AM

Nic - 06-11-26 15

22.90 Service Pack 1
ComboFix 06.11.22W - Running from: "D:\Documents and Settings\Nic\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

D:\WINDOWS\winlogon.exe

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

D:\qoobox\purity\WINDOWS\WNSXS~1
D:\qoobox\purity\WINDOWS\system32\WNSXS~1
D:\qoobox\purity\WINDOWS\WNSXS~1\WNSXS~1
D:\qoobox\purity\Program Files\ASEMBL~1
D:\qoobox\purity\Documents and Settings\Nic\Application Data\CROSOF~1
D:\qoobox\purity\Documents and Settings\Nic\My Documents\YMANTE~1
D:\qoobox\purity\Documents and Settings\Nic\My Documents\CROSOF~1.NET
D:\qoobox\purity\Documents and Settings\Nic\My Documents\SMBOLS~1

((((((((((((((((((((((((((((((( Files Created from 2006-10-26 to 2006-11-26 ))))))))))))))))))))))))))))))))))

2006-11-26 13:25 3,968 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-26 13:25 <DIR> d-------- D:\Program Files\Grisoft
2006-11-26 11:08 13,828 ---h----- D:\KavHelp.dll
2006-11-25 16:09 <DIR> d-------- D:\WINDOWS\erdnt
2006-11-23 16:16 68,608 --a------ D:\WINDOWS\system32\locator.exe
2006-11-23 16:16 67,584 --a------ D:\WINDOWS\system32\magnify.exe
2006-11-23 16:16 544,256 --a------ D:\WINDOWS\system32\crypt32.dll
2006-11-23 16:16 532,480 --a------ D:\WINDOWS\system32\rpcrt4.dll
2006-11-23 16:16 53,760 --a------ D:\WINDOWS\system32\cryptsvc.dll
2006-11-23 16:16 51,200 --a------ D:\WINDOWS\system32\narrator.exe
2006-11-23 16:16 37,888 --a------ D:\WINDOWS\system32\hhsetup.dll
2006-11-23 16:16 316,928 --a------ D:\WINDOWS\system32\zipfldr.dll
2006-11-23 16:16 260,608 --a------ D:\WINDOWS\system32\rpcss.dll
2006-11-23 16:16 238,080 --a------ D:\WINDOWS\system32\newdev.dll
2006-11-23 16:16 226,816 --a------ D:\WINDOWS\system32\srrstr.dll
2006-11-23 16:16 212,480 --a------ D:\WINDOWS\system32\osk.exe
2006-11-23 16:16 179,200 --a------ D:\WINDOWS\system32\accwiz.exe
2006-11-23 16:16 143,872 --a------ D:\WINDOWS\system32\itircl.dll
2006-11-23 16:16 125,440 --a------ D:\WINDOWS\system32\shmedia.dll
2006-11-23 16:16 122,368 --a------ D:\WINDOWS\system32\itss.dll
2006-11-23 16:16 10,752 --a------ D:\WINDOWS\hh.exe
2006-11-23 16:16 1,172,992 --a------ D:\WINDOWS\system32\ole32.dll
2006-11-23 16:12 31,744 --a------ D:\WINDOWS\system32\rundll32.exe
2006-11-23 16:08 <DIR> d--hs---- D:\FOUND.000
2006-11-23 15:47 947,472 --a------ D:\WINDOWS\system32\msjava.dll
2006-11-23 15:47 63,248 --a------ D:\WINDOWS\system32\javaprxy.dll
2006-11-23 15:47 49,424 --a------ D:\WINDOWS\system32\clspack.exe
2006-11-23 15:47 46,352 --a------ D:\WINDOWS\setdebug.exe
2006-11-23 15:47 404,752 --a------ D:\WINDOWS\system32\javart.dll
2006-11-23 15:47 313,856 --a------ D:\WINDOWS\system32\dx3j.dll
2006-11-23 15:47 286,992 --a------ D:\WINDOWS\system32\vmhelper.dll
2006-11-23 15:47 21,264 --a------ D:\WINDOWS\system32\msjdbc10.dll
2006-11-23 15:47 187,152 --a------ D:\WINDOWS\system32\javacypt.dll
2006-11-23 15:47 172,304 --a------ D:\WINDOWS\system32\jview.exe
2006-11-23 15:47 171,792 --a------ D:\WINDOWS\system32\wjview.exe
2006-11-23 15:47 171,280 --a------ D:\WINDOWS\system32\jit.dll
2006-11-23 15:47 154,384 --a------ D:\WINDOWS\system32\msawt.dll
2006-11-23 15:47 15,120 --a------ D:\WINDOWS\system32\jdbgmgr.exe
2006-11-23 15:47 139,536 --a------ D:\WINDOWS\system32\javaee.dll
2006-11-23 15:47 113 --a------ D:\WINDOWS\system32\zonedon.reg
2006-11-23 15:47 113 --a------ D:\WINDOWS\system32\zonedoff.reg
2006-11-23 15:46 528,896 --a------ D:\WINDOWS\system32\user32.dll
2006-11-23 15:46 46,208 --a------ D:\WINDOWS\system32\drivers\raspptp.sys
2006-11-23 15:46 392,576 --a------ D:\WINDOWS\system32\drivers\mrxsmb.sys
2006-11-23 15:46 322,048 --a------ D:\WINDOWS\system32\drivers\srv.sys
2006-11-23 15:46 272,896 --a------ D:\WINDOWS\system32\winsrv.dll
2006-11-23 15:46 1,949,440 --a------ D:\WINDOWS\system32\ntkrnlpa.exe
2006-11-23 15:46 1,925,760 --a------ D:\WINDOWS\system32\ntoskrnl.exe
2006-11-23 15:46 1,694,336 --a------ D:\WINDOWS\system32\win32k.sys
2006-11-23 15:37 32,256 --a------ D:\WINDOWS\system32\msgsvc.dll
2006-11-23 15:36 676,864 --a------ D:\WINDOWS\system32\sxs.dll
2006-11-23 15:35 7,680 --------- D:\WINDOWS\system32\bitsprx2.dll
2006-11-23 15:35 7,168 --------- D:\WINDOWS\system32\bitsprx3.dll
2006-11-23 15:35 593,408 --------- D:\WINDOWS\system32\xpsp2res.dll
2006-11-23 15:35 331,776 --a------ D:\WINDOWS\system32\winhttp.dll
2006-11-23 15:35 260,096 --a------ D:\WINDOWS\system32\mstask.dll
2006-11-23 15:35 172,544 --a------ D:\WINDOWS\system32\schedsvc.dll
2006-11-23 15:35 17,408 --a------ D:\WINDOWS\system32\qmgrprxy.dll
2006-11-23 15:35 158,720 --------- D:\WINDOWS\system32\xpob2res.dll
2006-11-23 15:35 10,752 --a------ D:\WINDOWS\system32\mstinit.exe
2006-11-23 15:35 <DIR> d-------- D:\WINDOWS\system32\bits
2006-11-23 15:05 <DIR> d--h----- D:\WINDOWS\msdownld.tmp
2006-11-23 15:05 <DIR> d-------- D:\WINDOWS\Windows Update Setup Files
2006-11-23 14:20 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2006-11-23 14:11 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Lavasoft
2006-11-21 18:16 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SiteAdvisor
2006-11-21 16:41 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\McAfee
2006-11-21 12:19 <DIR> d-------- D:\Program Files\RegCleaner
2006-11-21 11:49 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Uniblue
2006-11-21 10:49 229,376 -ra------ D:\WINDOWS\system32\atiiiexx.dll
2006-11-21 10:25 <DIR> d-------- D:\WINDOWS\Favorites
2006-11-20 22:45 182,880 --a------ D:\WINDOWS\system32\iuengine.dll
2006-11-20 22:06 <DIR> d-------- D:\WINDOWS\Prefetch
2006-11-20 21:48 99,328 --a------ D:\WINDOWS\system32\irftp.exe
2006-11-20 21:48 78,336 --a------ D:\WINDOWS\system32\irmon.dll
2006-11-20 21:48 7,680 --a------ D:\WINDOWS\system32\wshirda.dll
2006-11-20 21:48 55,296 --a------ D:\WINDOWS\system32\drivers\irda.sys
2006-11-20 21:45 4,096 --a------ D:\WINDOWS\system32\ksuser.dll
2006-11-20 21:43 27,165 --a------ D:\WINDOWS\system32\drivers\fetnd5.sys
2006-11-20 21:32 19,584 --a------ D:\WINDOWS\system32\drivers\rasirda.sys
2006-11-20 21:30 24,661 --a------ D:\WINDOWS\system32\spxcoins.dll
2006-11-20 21:30 13,312 --a------ D:\WINDOWS\system32\irclass.dll
2006-11-20 21:19 73,728 --a------ D:\WINDOWS\smcfg.exe
2006-11-20 21:19 607,732 --a------ D:\WINDOWS\system32\drivers\ntmtlfax.sys
2006-11-20 21:19 45,056 --a------ D:\WINDOWS\system32\slserv.exe
2006-11-20 21:19 45,056 --a------ D:\WINDOWS\system32\coinst.dll
2006-11-20 21:19 42,296 --a------ D:\WINDOWS\system32\winddx.sys
2006-11-20 21:19 413,696 --a------ D:\WINDOWS\sllights.exe
2006-11-20 21:19 369,936 --a------ D:\WINDOWS\system32\drivers\slntamr.sys
2006-11-20 21:19 33,028 --a------ D:\WINDOWS\system32\drivers\slwdmsup.sys
2006-11-20 21:19 2,383,460 --a------ D:\WINDOWS\system32\drivers\mtlstrm.sys
2006-11-20 21:19 196,608 --a------ D:\WINDOWS\system32\slextspk.dll
2006-11-20 21:19 175,160 --a------ D:\WINDOWS\system32\drivers\slnthal.sys
2006-11-20 21:19 172,708 --a------ D:\WINDOWS\system32\drivers\mtlmnt5.sys
2006-11-20 21:19 163,840 --a------ D:\WINDOWS\system32\minirec.exe
2006-11-20 21:19 151,552 --a------ D:\WINDOWS\system32\amr_cpl.dll
2006-11-20 21:19 1,438,556 --a------ D:\WINDOWS\system32\drivers\v90drv.sys
2006-11-20 21:18 <DIR> d-------- D:\WINDOWS\setup.pss
2006-11-20 18:49 <DIR> d-------- D:\Program Files\SiteAdvisor
2006-11-20 18:49 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\SiteAdvisor
2006-11-20 18:47 84,744 --a------ D:\WINDOWS\system32\drivers\mfeavfk.sys
2006-11-20 18:47 37,800 --a------ D:\WINDOWS\system32\drivers\mfesmfk.sys
2006-11-20 18:47 33,896 --a------ D:\WINDOWS\system32\drivers\mfebopk.sys
2006-11-20 18:47 31,560 --a------ D:\WINDOWS\system32\drivers\mferkdk.sys
2006-11-20 18:47 161,768 --a------ D:\WINDOWS\system32\drivers\mfehidk.sys
2006-11-20 18:47 104,024 --a------ D:\WINDOWS\system32\drivers\Mpfp.sys
2006-11-20 18:46 <DIR> d-------- D:\Program Files\McAfee.com
2006-11-20 18:46 <DIR> d-------- D:\Program Files\McAfee
2006-11-20 18:46 <DIR> d-------- D:\Program Files\Common Files\McAfee
2006-11-20 18:45 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\McAfee
2006-11-20 16:55 <DIR> d-------- D:\WINDOWS\Intel
2006-11-20 11:02 76,560 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys
2006-11-19 23:38 558,080 --a------ D:\WINDOWS\system32\advapi.dll
2006-11-19 23:31 <DIR> d-------- D:\WINDOWS\Download
2006-11-17 19:45 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Adobe
2006-11-17 01:23 <DIR> d-------- D:\Program Files\Sign Recognition Test CDROM
2006-11-06 20:23 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\My Games
2006-11-06 20:21 <DIR> d---s---- D:\Program Files\Xfire
2006-11-06 20:21 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Xfire
2006-11-06 19:23 44,032 --a------ D:\WINDOWS\system32\msxml3r.dll
2006-11-06 19:23 1,129,472 --a------ D:\WINDOWS\system32\msxml3.dll
2006-11-06 18:16 <DIR> d-------- D:\Program Files\Firaxis Games
2006-11-06 18:08 <DIR> d-------- D:\Program Files\PowerISO
2006-11-06 17:44 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\TEMP
2006-11-03 14:11 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Sports Interactive
2006-10-31 12:56 <DIR> d-------- D:\Program Files\Sports Interactive
2006-10-30 23:22 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Bitdefender
2006-10-30 23:11 <DIR> d-------- D:\Program Files\Softwin
2006-10-30 23:11 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\BitDefender
2006-10-30 23:10 <DIR> d-------- D:\Program Files\Common Files\Softwin
2006-10-30 23:09 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2006-10-30 23:06 684,032 --a------ D:\WINDOWS\system32\libeay32.dll
2006-10-30 23:06 155,648 --a------ D:\WINDOWS\system32\ssleay32.dll
2006-10-29 19:47 <DIR> d-------- D:\Program Files\PCPitstop
2006-10-29 06:24 <DIR> d-------- D:\Program Files\TVAnts

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-03 21:53 -------- d-------- D:\Program Files\LitexMedia
2006-09-21 20:39 98304 --a------ D:\WINDOWS\system32\CmdLineExt.dll
2006-09-21 01:50 0 --a------ D:\Documents and Settings\Nic\Application Data\dm.ini

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Registry Cleaner"="\"D:\\Program Files\\TPT Registry_Cleaner (Trial)\\regclean.exe\""
"BitComet"="\"D:\\Program Files\\BitLord\\BitLord.exe\""
"wao.exe"="D:\\WINDOWS\\System32\\wao.exe D:\\WINDOWS\\System32\\drivers\\cq4.sys Rundll32"
"Dseh"="\"D:\\WINDOWS\\WNSXS~1\\userinit.exe\" -vt ndrv"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"QKeys"="\"D:\\Program Files\\QKeys\\QKeys.EXE\""
"ATIModeChange"="Ati2mdxx.exe"
"ATIPTA"="\"D:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\""
"SunJavaUpdateSched"="\"D:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
@=""
"SCDEmuApp.exe"="\"D:\\Program Files\\PowerISO\\SCDEmuApp.exe\""
"SoundMan"="SOUNDMAN.EXE"
"WinampAgent"="\"D:\\Program Files\\Winamp3\\winampa.exe\""
"SiteAdvisor"="D:\\Program Files\\SiteAdvisor\\4608\\SiteAdv.exe"
"NeroFilterCheck"="D:\\WINDOWS\\system32\\NeroCheck.exe"
"iTunesHelper"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AdaptecDirectCD"="\"D:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"Acrobat Assistant 7.0"="\"D:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\""
"1f"="D:\\WINDOWS\\System32\\rundll32.exe r1ft7.dll Rundll32"
"wl"="D:\\WINDOWS\\Download\\svhost32.exe"
"!AVG Anti-Spyware"="\"D:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,4d,00,00,00,00,00,00,00,2b,05,00,00,fe,03,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,4d,00,00,00,00,00,00,00,2b,05,00,00,fe,03,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:91,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

Contents of the 'Scheduled Tasks' folder
D:\WINDOWS\tasks\McQcTask.job
D:\WINDOWS\tasks\McDefragTask.job

Completion time: 06-11-26 15:13:07.68
D:\ComboFix2.txt ... 06-11-25 16:11
D:\ComboFix.txt ... 06-11-26 15:13

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 14:41:45 26/11/2006

+ Scan result:

D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005790.sys -> Adware.AdAgent : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006083.exe -> Adware.BHO : Cleaned with backup (quarantined).
D:\Program Files\Yahoo!\YPSR\Quarantine\ppq65.tmp -> Adware.Cdn : Cleaned with backup (quarantined).
D:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp\Cdn\cdnforie.dll -> Adware.Cdn : Cleaned with backup (quarantined).
D:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp\Cdn\imaoe.dll -> Adware.Cdn : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005789.dll -> Adware.WSearch : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005788.EXE -> Downloader.Agent.baw : Cleaned with backup (quarantined).
D:\WINDOWS\notepad.exe.bak -> Dropper.Small.ja : Cleaned with backup (quarantined).
D:\WINDOWS\system32\notepad.exe.bak -> Dropper.Small.ja : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000263.dll -> Logger.Agent.oy : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000358.dll -> Logger.Agent.oy : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000570.dll -> Logger.Agent.oy : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000596.dll -> Logger.Agent.oy : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000608.dll -> Logger.Agent.oy : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000639.dll -> Logger.Agent.oy : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000696.dll -> Logger.Agent.oy : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000829.dll -> Logger.Agent.oy : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000844.dll -> Logger.Agent.oy : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000913.dll -> Logger.Agent.oy : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000929.dll -> Logger.Agent.oy : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000957.dll -> Logger.Agent.oy : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000984.exe -> Logger.Agent.oy : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000985.dll -> Logger.Agent.oy : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004368.dll -> Logger.Agent.oy : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004505.dll -> Logger.Agent.oy : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004518.dll -> Logger.Agent.oy : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005518.dll -> Logger.Agent.oy : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005542.dll -> Logger.Agent.oy : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005779.dll -> Logger.Agent.oy : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005783.exe -> Logger.Agent.oy : Cleaned with backup (quarantined).
D:\KavMonHelp.exe -> Logger.Delf.or : Cleaned with backup (quarantined).
:mozilla.35:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.37:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.41:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.26:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
D:\Program Files\Yahoo!\YPSR\Quarantine\ppq9C.tmp -> TrackingCookie.Atdmt : Cleaned.
:mozilla.27:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.49:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.39:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.40:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.19:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.20:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.21:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.22:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.23:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
D:\Program Files\Yahoo!\YPSR\Quarantine\ppq9D.tmp -> TrackingCookie.Statcounter : Cleaned.
D:\Program Files\Yahoo!\YPSR\Quarantine\ppq9B.tmp -> TrackingCookie.Yieldmanager : Cleaned.
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000264.sys -> Trojan.BCB.m : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000276.sys -> Trojan.BCB.m : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000355.sys -> Trojan.BCB.m : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000572.sys -> Trojan.BCB.m : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000589.dll -> Trojan.BCB.m : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000597.sys -> Trojan.BCB.m : Cleaned with backup (quarantined).
D:\FOUND.000\FILE0000.CHK -> Trojan.BCB.o : Cleaned with backup (quarantined).
D:\FOUND.000\FILE0001.CHK -> Trojan.BCB.o : Cleaned with backup (quarantined).
D:\FOUND.000\FILE0002.CHK -> Trojan.BCB.o : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000609.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000640.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000694.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000828.sys -> Trojan.BCB.o : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000846.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000914.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000930.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000959.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000980.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0001001.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0002000.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0003002.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004370.dll -> Trojan.BCB.o : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004376.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004509.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004523.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004526.DLL -> Trojan.BCB.o : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005521.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000197.exe -> Trojan.Delf.sc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000261.exe -> Trojan.Delf.sc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000674.EXE -> Trojan.Delf.sc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000675.dll -> Trojan.Delf.sc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004143.EXE -> Trojan.Delf.sc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004216.dll -> Trojan.Delf.sc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005555.EXE -> Trojan.Delf.sc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005557.DLL -> Trojan.Delf.sc : Cleaned with backup (quarantined).
D:\Documents and Settings\Nic\Desktop\Zip files.zip/Zip files/rxdll.dll -> Trojan.Nilage.atz : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000586.dll -> Trojan.Nilage.atz : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000595.dll -> Trojan.Nilage.atz : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000606.dll -> Trojan.Nilage.atz : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000638.DLL -> Trojan.Nilage.atz : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006053.dll -> Trojan.Nilage.atz : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006059.dll -> Trojan.Nilage.atz : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006084.dll -> Trojan.Nilage.atz : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000676.exe -> Trojan.OnLineGames.bv : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000677.dll -> Trojan.OnLineGames.bv : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000702.exe -> Trojan.OnLineGames.bv : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005777.dll -> Trojan.OnLineGames.bv : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000679.exe -> Trojan.QQPass.pp : Cleaned with backup (quarantined).
D:\Documents and Settings\Nic\Desktop\Zip files.zip/Zip files/Logo1_.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000195.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000259.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000278.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000280.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000349.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000350.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000354.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000579.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000582.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000668.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000671.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000697.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000705.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000788.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000832.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000852.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000904.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000920.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000934.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000935.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000942.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000961.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000964.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000968.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000988.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000989.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000991.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0001005.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0002006.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0003005.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0003999.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004000.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004002.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004530.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004532.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005525.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005528.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005552.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005554.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005571.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005574.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005755.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005757.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005858.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005860.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005877.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005888.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005922.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005926.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005929.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005987.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005989.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006016.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006042.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006047.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006049.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006055.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006085.dll -> Worm.Viking.cc : Cleaned with backup (quarantined).
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006097.exe -> Worm.Viking.cc : Cleaned with backup (quarantined).

::Report end

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, November 26, 2006 4:29:42 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 26/11/2006
Kaspersky Anti-Virus database records: 245629
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 60471
Number of viruses found: 10
Number of infected objects: 491 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:57:57

Infected Object Name / Virus Name / Last Action
C:\smartdrv.exe Infected: Worm.Win32.Viking.cc skipped
C:\attrib.exe Infected: Worm.Win32.Viking.cc skipped
C:\MVRescue\diskcopy.exe Infected: Worm.Win32.Viking.cc skipped
C:\MVRescue\mvrescue.exe.exe Infected: Worm.Win32.Viking.cc skipped
C:\ghost\ghost.exe Infected: Worm.Win32.Viking.cc skipped
C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005861.exe Infected: Worm.Win32.Viking.cc skipped
C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\change.log Object is locked skipped
C:\NBDriver.exe Infected: Worm.Win32.Viking.cc skipped
C:\Radeon Drivers\Setup.exe Infected: Worm.Win32.Viking.cc skipped
C:\ATI\SUPPORT\wxp-w2k-catalyst-8-082-041130a-019577c\Setup.exe Infected: Worm.Win32.Viking.cc skipped
C:\HJT\HijackThis.exe Infected: Worm.Win32.Viking.cc skipped
C:\cweantest.exe Infected: Worm.Win32.Viking.cc skipped
C:\warn.exe Infected: Worm.Win32.Viking.cc skipped
C:\warn2.exe Infected: Worm.Win32.Viking.cc skipped
C:\KB173333.log Infected: not-a-virus:AdWare.Win32.BHO.bq skipped
C:\Dell\Drivers\R82979\Setup.exe Infected: Worm.Win32.Viking.cc skipped
C:\program files\tshz093.exe Infected: Worm.Win32.Viking.cc skipped
C:\program files\Lavasoft\Ad-Aware SE Personal\Plugins\UNWISE.EXE Infected: Worm.Win32.Viking.cc skipped
C:\program files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE Infected: Worm.Win32.Viking.cc skipped
C:\program files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe Infected: Worm.Win32.Viking.cc skipped
C:\program files\Lavasoft\Ad-Aware SE Personal\unregaaw.exe Infected: Worm.Win32.Viking.cc skipped
C:\Spybot - Search & Destroy\unins000.exe Infected: Worm.Win32.Viking.cc skipped
C:\Spybot - Search & Destroy\blindman.exe Infected: Worm.Win32.Viking.cc skipped
C:\Spybot - Search & Destroy\SpybotSD.exe Infected: Worm.Win32.Viking.cc skipped
C:\Spybot - Search & Destroy\TeaTimer.exe Infected: Worm.Win32.Viking.cc skipped
C:\Spybot - Search & Destroy\Update.exe Infected: Worm.Win32.Viking.cc skipped
D:\i386\win9xupg\twid.exe Infected: Worm.Win32.Viking.cc skipped
D:\i386\win9xmig\mapi\dll\MKNTFRMCACHE.EXE Infected: Worm.Win32.Viking.cc skipped
D:\i386\win9xmig\fax\awdvstub.exe Infected: Worm.Win32.Viking.cc skipped
D:\i386\drw\dwwin.exe Infected: Worm.Win32.Viking.cc skipped
D:\i386\winnt32.exe Infected: Worm.Win32.Viking.cc skipped
D:\i386\winnt.exe Infected: Worm.Win32.Viking.cc skipped
D:\i386\usetup.exe Infected: Worm.Win32.Viking.cc skipped
D:\i386\telnet.exe Infected: Worm.Win32.Viking.cc skipped
D:\i386\sysparse.exe Infected: Worm.Win32.Viking.cc skipped
D:\i386\regedit.exe Infected: Worm.Win32.Viking.cc skipped
D:\i386\ntsd.exe Infected: Worm.Win32.Viking.cc skipped
D:\i386\netsetup.exe Infected: Worm.Win32.Viking.cc skipped
D:\i386\expand.exe Infected: Worm.Win32.Viking.cc skipped
D:\i386\autofmt.exe Infected: Worm.Win32.Viking.cc skipped
D:\i386\autochk.exe Infected: Worm.Win32.Viking.cc skipped
D:\WINDOWS\system32\config\system.LOG Object is locked skipped
D:\WINDOWS\system32\config\software.LOG Object is locked skipped
D:\WINDOWS\system32\config\default.LOG Object is locked skipped
D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
D:\WINDOWS\system32\config\SECURITY Object is locked skipped
D:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
D:\WINDOWS\system32\config\SYSTEM Object is locked skipped
D:\WINDOWS\system32\config\DEFAULT Object is locked skipped
D:\WINDOWS\system32\config\SAM Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
D:\WINDOWS\system32\h323log.txt Object is locked skipped
D:\WINDOWS\Temp\sqlite_FyS79BpcMLShYch Object is locked skipped
D:\WINDOWS\Temp\sqlite_uLNPEUqyj6uk1HN Object is locked skipped
D:\WINDOWS\Temp\sqlite_u6GfvFwtiKNTi5c Object is locked skipped
D:\WINDOWS\Temp\sqlite_HkOuwcDB8mbevIq Object is locked skipped
D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
D:\WINDOWS\Debug\oakley.log Object is locked skipped
D:\WINDOWS\Sti_Trace.log Object is locked skipped
D:\WINDOWS\wiaservc.log Object is locked skipped
D:\WINDOWS\wiadebug.log Object is locked skipped
D:\WINDOWS\SchedLgU.Txt Object is locked skipped
D:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{9D977D42-A1ED-4530-9DBC-23AA7245CE38}.log Object is locked skipped
D:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
D:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
D:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped
D:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
D:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\Nic\NTUSER.DAT Object is locked skipped
D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0320812.dll.bac_a03768 Infected: Trojan-PSW.Win32.Nilage.atz skipped
D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0321805.DLL.bac_a03768 Infected: Trojan-PSW.Win32.Nilage.atz skipped
D:\Documents and Settings\Nic\.housecall6.6\Quarantine\rxdll.dll.bac_a03768 Infected: Trojan-PSW.Win32.Nilage.atz skipped
D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0320818.dll.bac_a03768 Infected: Trojan-PSW.Win32.Agent.dq skipped
D:\Documents and Settings\Nic\ntuser.dat.LOG Object is locked skipped
D:\Documents and Settings\Nic\UserData\index.dat Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\History\History.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\History\History.IE5\MSHist012006112620061127\index.dat Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\_CACHE_MAP_ Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\_CACHE_001_ Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\_CACHE_002_ Object is locked skipped
D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\_CACHE_003_ Object is locked skipped
D:\Documents and Settings\Nic\Desktop\Zip files.zip/Zip files/Logo1_.exe Infected: Worm.Win32.Viking.cc skipped
D:\Documents and Settings\Nic\Desktop\Zip files.zip/Zip files/XpIcfOpt.dll Infected: Trojan-PSW.Win32.Agent.if skipped
D:\Documents and Settings\Nic\Desktop\Zip files.zip/Zip files/rxdll.dll Infected: Trojan-PSW.Win32.Nilage.atz skipped
D:\Documents and Settings\Nic\Desktop\Zip files.zip ZIP: infected - 3 skipped
D:\Documents and Settings\Nic\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\Documents and Settings\Nic\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\Documents and Settings\Nic\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
D:\Documents and Settings\Nic\Cookies\index.dat Object is locked skipped
D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\history.dat Object is locked skipped
D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cert8.db Object is locked skipped
D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\key3.db Object is locked skipped
D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\parent.lock Object is locked skipped
D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\urlclassifier2.sqlite Object is locked skipped
D:\Documents and Settings\Nic\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped
D:\Program Files\ATI Technologies\ATI Control Panel\atiphexx.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\ATI Technologies\ATI Control Panel\Atiiprxx.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\ATI Technologies\ATI Control Panel\atiprbxx.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\AvRack\rtlrack.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\QKeys\DriverInstall.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\MP3Player\MP3Player.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\CyberLink\PowerDVD\dvdrgn.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\CyberLink\PowerDVD\PowerDVD.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\CyberLink\PowerDVD\CLDMA.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\CyberLink\PowerDVD\ddtester.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\CyberLink\PowerDVD\cltest.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\CyberLink\Common\UpdateIPR.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Roxio\Easy CD Creator 5\Easy CD Creator\CDCopier.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Roxio\Easy CD Creator 5\Easy CD Creator\Creatr50.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\MRW\MrfInst.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\udfrchk.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Scandisc.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Winamp\Plugins\Dfx\Apps\askemail.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Winamp\Plugins\Dfx\Apps\record_date.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Winamp\Plugins\Dfx\Apps\step1.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Winamp\Plugins\Dfx\dfxwsettings.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Winamp\Plugins\MPegDancer.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Winamp\Plugins\vis-tx3-readme.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Winamp\AOD\AolOnDesktop.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Winamp\UninstWA.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Winamp\uninstall.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Winamp\uninstall_dfx.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Winamp\winamp.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Winamp\winampa.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\PaperCapture\Server\Roman\capserve.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Preflight\Droplet.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Adobe\Acrobat 7.0\Acrobat\Updater\acroaum.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcrobatInfo.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Adobe\Acrobat 7.0\Designer 7.0\ConvertIFD\ConvertIFD.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Adobe\Acrobat 7.0\Designer 7.0\FormDesigner.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Adobe\Acrobat 7.0\Designer 7.0\ConvertPDF.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Adobe\Acrobat 7.0\Designer 7.0\ConvertIP.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Adobe\Acrobat 7.0\Designer 7.0\ConvertWord.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Adobe\Acrobat 7.0\Distillr\acrodist.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\Acrobat Elements.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\AdobeUpdateManager.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\ahead\CoverDesigner\CoverDes.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\ahead\ImageDrive\ImageDrive.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\ahead\Nero\Uninstall\UNNero.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\ahead\Nero\ORiON\Keygen.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\ahead\Nero\ORiON\mp3pro.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\ahead\Nero\nero.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\ahead\Nero\NeroCmd.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\ahead\Nero\NRESTORE.EXE Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\ahead\Nero Toolkit\CDSpeed.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\ahead\Nero Toolkit\DriveSpeed.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\ahead\Nero Toolkit\InfoTool.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\ahead\Nero Toolkit\hwinfo.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\ahead\Nero Wave Editor\DXEnum.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\ahead\Nero Wave Editor\WaveEdit.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\ahead\Nero SoundTrax\SoundTrax.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\ahead\Nero BackItUp\BackItUp.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\ahead\Nero BackItUp\NBJ.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\ahead\Nero BackItUp\NBR.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\ahead\Nero StartSmart\NeroStartSmart.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\ahead\NeroBurnRights\NeroBurnRights.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Microsoft Office\Office\EXCEL.EXE Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Microsoft Office\Office\WINWORD.EXE Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\directx\DXSETUP.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Data\closedpw.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\CDex_150\CDex.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\CDex_150\uninstall.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\ResDLLs\0009\Welcome\Welcome.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\Tutor\menu.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\EMSVWER.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\dc.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\SECleanup.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\StdDeliv.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\autoduck.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\cfgb2a.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\checkwebsite.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\fmtdump.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\ftla.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\ICLicWiz.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\InsightFixUp.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\MakeVerCurr.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\OpenSave.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\regsvr32.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\Regtlbsr.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\REGTOOL.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\report.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\seACIS.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\SearchDuplicateIDs.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\SECleanupAll.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\seiges.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\seProE.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\SePvAdp.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\seregr.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\seregsvr.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\sestep.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\setools.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\seviewer.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\TRANS2SE.EXE Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\WAITER.EXE Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\Edge.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\SELicWiz.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\IConnect.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\TDMDataMigration.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Program\sfxstub.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\SDK\Samples\Viewing\PrintDFT\PrintDft.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\SDK\Samples\Viewing\PrintPart\PrintPartmine.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\SDK\Tools\reghelp.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Custom\SELibrary\CreateStandardPartsButton\Register_SE-Library.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Custom\SELibrary\SE-Library.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Custom\RevMgrPreProcessor\PreProcess10.1.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Custom\MirAsm\Mirror Assembly.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Custom\Insight\TestInsightSample.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Custom\ARelDoctor\ARelDoctor.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Custom\Batch\Batch.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Custom\BOM\bom.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Custom\ChangeLocale\ChngLcl.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Custom\DynAttrib\DynAtrrib.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Custom\GandT\GandT.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Custom\Hexpro\hexpro.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Custom\Mouse\mouse.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Custom\OpenSave\OpenSave.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Custom\RevManager\AStruct.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Custom\Stock\stock.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Solid Edge V14\Custom\AutoRestore\AutoRecover.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Rainbow Technologies\Sentinel System Driver\SetupSysDriver.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Google\Google Earth\GoogleEarth.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Google\Google Earth\gpsbabel.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\JavaSoft\JRE\1.3.1_04\bin\java.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\JavaSoft\JRE\1.3.1_04\bin\javaw.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\JavaSoft\JRE\1.3.1_04\bin\keytool.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\JavaSoft\JRE\1.3.1_04\bin\policytool.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\JavaSoft\JRE\1.3.1_04\bin\rmid.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\JavaSoft\JRE\1.3.1_04\bin\rmiregistry.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\JavaSoft\JRE\1.3.1_04\bin\tnameserv.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\DivX\DivX Codec\config.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\DivX\DivX Player\DivX Player.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\DivX\DivXCodecUninstall.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\DivX\DivXPlayerUninstall.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\DivX\DivXBundleUninstall.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\AC3Filter\uninstall.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\AC3Filter\dialog_patch.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Matroska Pack\AC3Filter\dialog_patch.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Matroska Pack\Uninstall.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\BitTorrent\uninstall.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\BitTorrent\btdownloadgui.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\BitTorrent\w9xpopen.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Project 3 Interactive\Kult Heretic Kingdoms Demo\kult.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Ubi Soft\Register\register.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Ubi Soft\Register\schedule.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\GordianKnot\VirtualDubMod\AuxSetup.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\GordianKnot\VirtualDubMod\VirtualDubMod.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\GordianKnot\Nandub\Nandub.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\GordianKnot\AviSynth 2.5\Uninstall.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\GordianKnot\DVD2AVI\DVD2AVIdg.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\GordianKnot\VobSub\subresync.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\GordianKnot\VobSub\submux.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\GordianKnot\VobSub\uninstall.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\GordianKnot\GordianKnot.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\GordianKnot\robot4rip.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\GordianKnot\DVDDecrypter.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\GordianKnot\BeSweet.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\GordianKnot\BeSweet_GUI.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\GordianKnot\azidts.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\GordianKnot\ChapterXtractor.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\GordianKnot\vStrip.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\GordianKnot\vStrip_gui.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\GordianKnot\uninst.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\D-Tools\daemon.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\AutoGK\VDubMod\AuxSetup.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\AutoGK\VDubMod\VirtualDubMod.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\AutoGK\BeSweet\BeSweet.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\AutoGK\DGMPGDec\DGFix.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\AutoGK\DGMPGDec\DGIndex.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\AutoGK\DGMPGDec\DGParse.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\AutoGK\DGMPGDec\DGTable.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\AutoGK\AutoGK.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\AutoGK\bbSummary.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\AutoGK\uninst.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\XviD\unins000.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\XviD\MiniCalc.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\XviD\OGMCalc.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\XviD\vidccleaner.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\XviD\StatsReader.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\XviD\AviC.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\j2re1.4.2_06\bin\java.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\j2re1.4.2_06\bin\javaw.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\j2re1.4.2_06\bin\jpicpl32.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\j2re1.4.2_06\bin\jucheck.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\j2re1.4.2_06\bin\keytool.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\j2re1.4.2_06\bin\kinit.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\j2re1.4.2_06\bin\klist.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\j2re1.4.2_06\bin\ktab.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\j2re1.4.2_06\bin\orbd.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\j2re1.4.2_06\bin\policytool.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\j2re1.4.2_06\bin\rmid.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\j2re1.4.2_06\bin\rmiregistry.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\j2re1.4.2_06\bin\servertool.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\j2re1.4.2_06\bin\tnameserv.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\j2re1.4.2_06\javaws\javaws.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_02\bin\java.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_02\bin\javacpl.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_02\bin\javaw.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_02\bin\javaws.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_02\bin\keytool.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_02\bin\kinit.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_02\bin\klist.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_02\bin\ktab.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_02\bin\orbd.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_02\bin\pack200.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_02\bin\policytool.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_02\bin\rmid.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_02\bin\rmiregistry.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_02\bin\servertool.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_02\bin\tnameserv.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_02\bin\unpack200.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_09\bin\java.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_09\bin\javacpl.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_09\bin\javaw.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_09\bin\javaws.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_09\bin\keytool.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_09\bin\kinit.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_09\bin\klist.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_09\bin\ktab.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_09\bin\orbd.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_09\bin\pack200.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_09\bin\policytool.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_09\bin\rmid.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_09\bin\rmiregistry.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_09\bin\servertool.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_09\bin\tnameserv.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Java\jre1.5.0_09\bin\unpack200.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Ningsi Software\MP3 Splitter\unins000.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Ningsi Software\MP3 Splitter\splitter.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\iTunes\iTunes.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Skype\Phone\unins000.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Canon\PhotoStitch\Launcher.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Canon\ZoomBrowser EX\Program\ZoomBrowserImageServer.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Canon\PhotoRecord\Program\PhotoRecord.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Canon\PhotoRecord\OpPrintCom\OpPrintServer.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\QuickTime\QTSystem\QuickTimeUpdateHelper.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\QuickTime\QTSystem\QTPluginInstaller.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\QuickTime\QTInfo.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\QuickTime\QuickTimePlayer.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\QuickTime\PictureViewer.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\CASIO\Photo Loader\Ploader.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Ulead Systems\Ulead Movie Wizard SE VCD\ppp\MGCview.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Ulead Systems\Ulead Movie Wizard SE VCD\vstudio.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Mozilla Firefox\plugins\GetFlash.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\talkback.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Mozilla Firefox\uninstall\uninstall.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Mozilla Firefox\uninstall\uninst.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Mozilla Firefox\updater.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Mozilla Firefox\xpicleanup.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Yahoo!\YPSR\Quarantine\ppq94.tmp\LimeWire 4.0.8\.NetworkShare\LimeWireWin4.12.6.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp\Cdn\cdnuc.exe.Exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp\Cdn\cdnunins.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp\Cdn\cdnrenew.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Yahoo!\YPSR\updates\ypsr_dat_06.09.22.16_setup_.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Yahoo!\YPSR\ypsrru.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Yahoo!\YPSR\ypsrcfg.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Yahoo!\YPSR\dlaunch.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Yahoo!\YPSR\ppclean.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Yahoo!\YPSR\ypsr.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Yahoo!\common\unyt.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Yahoo!\common\unypsr.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\BitLord\Downloads\McAfee VirusScan PLUS 2007 Full\McAfee VirusScan PLUS 2007 Full\en-US\Install.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\BitLord\Downloads\McAfee VirusScan PLUS 2007 Full\McAfee VirusScan PLUS 2007 Full\Autorun.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\BitLord\Downloads\McAfee VirusScan PLUS 2007 Full\McAfee VirusScan PLUS 2007 Full\CDSetup.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\BitLord\uninst.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Heroes of Might and Magic V\bin\UpgradeLauncher.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Heroes of Might and Magic V\bin\H5_MapEditor.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Heroes of Might and Magic V\bin\H5_Game.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Heroes of Might and Magic V\registration\RegistrationReminder.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\directx9\DXSETUP.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\directx9\infinst.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\directx9\ddhelp.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\directx9\dplaysvr.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\directx9\dxdiag.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\directx9\dpvsetup.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\directx9\dxdllreg.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\directx9\dpnsvr.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\directx9\dxdllreg_1.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\TVAnts\UNWISE.EXE Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\TVAnts\Tvants.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\PCPitstop\Exterminate\ppupdstub.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\PCPitstop\Exterminate\ppclean.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Softwin\BitDefender10\bdinitptch.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Softwin\BitDefender10\TaskSys.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Softwin\BitDefender10\bdinit.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Softwin\BitDefender10\regpatch.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Softwin\BitDefender10\runtsys.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Sports Interactive\Football Manager 2007\uninstall\Uninstall FM 2007.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Sports Interactive\Football Manager 2007\fm data editor.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\PowerISO\PowerISO.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\PowerISO\uninstall.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Xfire\Xfire.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Xfire\xfire_exception.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Xfire\xfire_inst.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Xfire\uninst.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Sign Recognition Test CDROM\Data\Question Bank Editor.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Sign Recognition Test CDROM\Runtime\md8rntm.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\Sign Recognition Test CDROM\Start.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\McAfee\VirusScan\mfehidin.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\McAfee\VirusScan\preinst.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\McAfee\VirusScan\mcinsupd.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\McAfee\MPF\MC\MpfAlert.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\SiteAdvisor\4608\Uninstall.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\SiteAdvisor\4608\SAReg.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\SiteAdvisor\4608\SASync.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\RegCleaner\Uninstall.exe Infected: Worm.Win32.Viking.cc skipped
D:\Program Files\RegCleaner\RegCleanr.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000008.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000024.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000026.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000032.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000279.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000316.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000317.EXE Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000318.EXE Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000319.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000339.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000341.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000351.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000352.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000360.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000363.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000580.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000581.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000583.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000585.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000600.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000612.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000664.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000669.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000670.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000787.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000789.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000790.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000858.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000880.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000905.EXE Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000906.EXE Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000937.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000938.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000943.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000965.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000966.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000967.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000969.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000990.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000992.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004001.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004161.EXE Infected: Trojan.Win32.Pakes skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004162.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004531.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004539.dll Infected: Trojan-PSW.Win32.Agent.if skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004540.dll Infected: Trojan-PSW.Win32.Agent.if skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004556.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004558.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004560.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004561.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005527.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005530.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005553.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005572.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005588.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005593.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005607.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005612.EXE Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005613.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005614.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005628.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005639.EXE Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005640.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005646.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005648.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005655.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005698.pif Infected: Trojan-PSW.Win32.WOW.ne skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005756.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005765.com Infected: Trojan-PSW.Win32.WOW.ne skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005767.pif Infected: Trojan-PSW.Win32.WOW.ne skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005770.com Infected: Trojan-PSW.Win32.WOW.ne skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005771.exe Infected: Trojan-PSW.Win32.WOW.ne skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005772.com Infected: Trojan-PSW.Win32.WOW.ne skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005773.com Infected: Trojan-PSW.Win32.WOW.ne skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005775.exe Infected: Trojan-PSW.Win32.WOW.ne skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005776.pif Infected: Trojan-PSW.Win32.WOW.ne skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005778.com Infected: Trojan-PSW.Win32.WOW.ne skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005780.com Infected: Trojan-PSW.Win32.WOW.ne skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005781.com Infected: Trojan-PSW.Win32.WOW.ne skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005782.com Infected: Trojan-PSW.Win32.WOW.ne skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005786.com Infected: Trojan-PSW.Win32.WOW.ne skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005787.pif Infected: Trojan-PSW.Win32.WOW.ne skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005859.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005925.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005928.EXE Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005930.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005931.EXE Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005934.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005937.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005943.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005948.EXE Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005949.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005950.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005952.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005959.EXE Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005960.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005964.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005966.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005971.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005982.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005988.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005999.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006003.exe Infected: Worm.Win32.Viking.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006050.dll Infected: Trojan-PSW.Win32.Agent.if skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006056.dll Infected: Trojan-PSW.Win32.Agent.if skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006076.exe Infected: Trojan.Win32.Pakes skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006077.dll Infected: Trojan-PSW.Win32.Agent.if skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006078.EXE Infected: Trojan-PSW.Win32.WOW.ne skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006079.dll Infected: Trojan-PSW.Win32.Agent.if skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006086.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006087.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006088.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006089.exe Infected: Backdoor.Win32.SpyBoter.cy skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006093.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.EZula.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006093.exe/stream Infected: not-a-virus:AdWare.Win32.EZula.cc skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006093.exe NSIS: infected - 2 skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006123.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\change.log Object is locked skipped
D:\WUTemp\com_microsoft.893803_WindowsInstaller_v31\WindowsInstaller-KB893803-v2-x86.exe Infected: Worm.Win32.Viking.cc skipped
D:\StubInstaller.exe Infected: Worm.Win32.Viking.cc skipped
D:\My Downloads\rp10-bbc-en-setup.exe Infected: Worm.Win32.Viking.cc skipped

Scan process completed.

nicdonati · 11-26-2006, 08:55 AM

2006-11-26,16:36:31

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 1 (Build 2600)
- Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Registry Cleaner><"D:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe"> [N/A]
<BitComet><"D:\Program Files\BitLord\BitLord.exe"> [www.BitLord.com]
<wao.exe><D:\WINDOWS\System32\wao.exe D:\WINDOWS\System32\drivers\cq4.sys Rundll32> [N/A]
<Dseh><"D:\WINDOWS\WNSXS~1\userinit.exe" -vt ndrv> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<QKeys><"D:\Program Files\QKeys\QKeys.EXE"> [Taiwan]
<ATIModeChange><Ati2mdxx.exe> [(Verified)ATI Technologies, Inc.]
<ATIPTA><"D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"> [ATI Technologies, Inc.]
<SunJavaUpdateSched><"D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"> [Sun Microsystems, Inc.]
<QuickTime Task><"D:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<SCDEmuApp.exe><"D:\Program Files\PowerISO\SCDEmuApp.exe"> [PowerISO Computing, Inc.]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<WinampAgent><"D:\Program Files\Winamp3\winampa.exe"> [N/A]
<SiteAdvisor><D:\Program Files\SiteAdvisor\4608\SiteAdv.exe> [(Verified)McAfee, Inc.]
<NeroFilterCheck><D:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<iTunesHelper><"D:\Program Files\iTunes\iTunesHelper.exe"> [Apple Computer, Inc.]
<AdaptecDirectCD><"D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"> [Roxio]
<Acrobat Assistant 7.0><"D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"> [Adobe Systems Inc.]
<1f><D:\WINDOWS\System32\rundll32.exe r1ft7.dll Rundll32> [N/A]
<wl><D:\WINDOWS\Download\svhost32.exe> [N/A]
<!AVG Anti-Spyware><"D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><D:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WRNotifier]
<WinlogonNotify: WRNotifier><WRLogonNTF.dll> [N/A]

==================================
Startup Folders
[Photo Loader supervisory]
<D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photo Loader supervisory.lnk --> D:\PROGRA~1\CASIO\PHOTOL~1\Plauto.exe [CASIO COMPUTER CO.,LTD.]><N>
[Adobe Acrobat Speed Launcher]
<D:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk --> D:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [N/A]><N>

==================================
Services
[Adobe LM Service / Adobe LM Service]
<"D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Application Management / AppMgmt]
<D:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[Ati HotKey Poller / Ati HotKey Poller]
<D:\WINDOWS\System32\Ati2evxx.exe><N/A>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard]
<D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[McAfee E-mail Proxy / Emproxy]
<D:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe><McAfee, Inc.>
[InstallDriver Table Manager / IDriverT]
<"D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPodService / iPodService]
<D:\Program Files\iPod\bin\iPodService.exe><Apple Computer, Inc.>
[McAfee HackerWatch Service / McAfee HackerWatch Service]
<"D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"><McAfee, Inc.>
[McAfee Log Manager / McLogManagerService]
<D:\PROGRA~1\McAfee\MSC\mclogsrv.exe><McAfee, Inc.>
[McAfee Update Manager / mcmispupdmgr]
<D:\PROGRA~1\McAfee\MSC\mcupdmgr.exe><McAfee, Inc.>
[McAfee Network Agent / McNASvc]
<"d:\program files\common files\mcafee\mna\mcnasvc.exe"><McAfee, Inc.>
[McAfee Scanner / McODS]
<D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe><McAfee, Inc.>
[McAfee Protection Manager / mcpromgr]
<D:\PROGRA~1\McAfee\MSC\mcpromgr.exe><McAfee, Inc.>
[McAfee Redirector Service / McRedirector]
<d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe><McAfee, Inc.>
[McAfee Real-time Scanner / McShield]
<D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe><McAfee, Inc.>
[McAfee SystemGuards / McSysmon]
<D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe><McAfee, Inc.>
[McAfee Task Scheduler / mctskshd.exe]
<D:\PROGRA~1\McAfee\MSC\mctskshd.exe><McAfee, Inc.>
[McAfee User Manager / mcusrmgr]
<D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe><McAfee, Inc.>
[McAfee Personal Firewall Service / MpfService]
<"D:\Program Files\McAfee\MPF\MPFSrv.exe"><McAfee, Inc.>
[SiteAdvisor Service / SiteAdvisor Service]
<D:\Program Files\SiteAdvisor\4608\SAService.exe><N/A>
[Ulead Burning Helper / UleadBurningHelper]
<D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe><Ulead Systems, Inc.>

==================================
Drivers
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag]
<System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver]
<\??\D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[bdfdll / bdfdll]
<\??\D:\Program Files\Softwin\BitDefender10\bdfdll.sys><N/A>
[BDFSDRV / BDFSDRV]
<\??\D:\??\D:\Program Files\Softwin\BitDefender10\bdfsdrv.sys><N/A>
[Cdr4_xp / Cdr4_xp]
<D:\WINDOWS\SYSTEM32\DRIVERS\Cdr4_xp.SYS><Roxio>
[Cdralw2k / Cdralw2k]
<D:\WINDOWS\SYSTEM32\DRIVERS\Cdralw2k.SYS><Roxio>
[cdudf_xp / cdudf_xp]
<D:\WINDOWS\SYSTEM32\DRIVERS\cdudf_xp.SYS><Roxio>
[d347bus / d347bus]
<\SystemRoot\System32\DRIVERS\d347bus.sys><>
[d347prt / d347prt]
<\SystemRoot\System32\Drivers\d347prt.sys><>
[Dual-Mode DSC(2770) / DCamUSBSQTECH]
<System32\Drivers\SQcaptur.sys><Service & Quality Technology.>
[dvd_2K / dvd_2K]
<D:\WINDOWS\SYSTEM32\DRIVERS\dvd_2K.SYS><Roxio>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
<System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB]
<System32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[GEAR CDRom Filter / GEARAspiWDM]
<SYSTEM32\DRIVERS\GEARAspiWDM.sys><GEAR Software Inc.>
[McAfee Inc. / mfeavfk]
<system32\drivers\mfeavfk.sys><McAfee, Inc.>
[McAfee Inc. / mfebopk]
<system32\drivers\mfebopk.sys><McAfee, Inc.>
[McAfee Inc. / mfehidk]
<system32\drivers\mfehidk.sys><McAfee, Inc.>
[McAfee Inc. / mferkdk]
<system32\drivers\mferkdk.sys><McAfee, Inc.>
[McAfee Inc. / mfesmfk]
<system32\drivers\mfesmfk.sys><McAfee, Inc.>
[mmc_2K / mmc_2K]
<D:\WINDOWS\SYSTEM32\DRIVERS\mmc_2K.SYS><Roxio>
[MP3Driver / MP3Driver]
<D:\WINDOWS\SYSTEM32\DRIVERS\MP3Driver.SYS><N/A>
[MPFP / MPFP]
<System32\Drivers\Mpfp.sys><McAfee, Inc.>
[Mtlmnt5 / Mtlmnt5]
<System32\DRIVERS\Mtlmnt5.sys><>
[Mtlstrm / Mtlstrm]
<System32\DRIVERS\Mtlstrm.sys><>
[NSC Infrared Device Driver / NSCIRDA]
<System32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[NtMtlFax / NtMtlFax]
<System32\DRIVERS\NtMtlFax.sys><>
[NTSIM / NTSIM]
<\??\D:\WINDOWS\System32\ntsim.sys><VIA Technologies, Inc.>
[Direct Parallel Link Driver / Ptilink]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[pwd_2k / pwd_2k]
<D:\WINDOWS\SYSTEM32\DRIVERS\pwd_2k.SYS><Roxio>
[SCDEmu / SCDEmu]
<D:\WINDOWS\SYSTEM32\DRIVERS\SCDEmu.SYS><PowerISO Computing, Inc.>
[Secdrv / Secdrv]
<System32\DRIVERS\secdrv.sys><N/A>
[Sentinel / Sentinel]
<\SystemRoot\System32\Drivers\SENTINEL.SYS><Rainbow Technologies, Inc.>
[SmartLink AMR_PCI Driver / Slntamr]
<System32\DRIVERS\slntamr.sys><>
[SlNtHal / SlNtHal]
<System32\DRIVERS\Slnthal.sys><>
[SlWdmSup / SlWdmSup]
<System32\DRIVERS\SlWdmSup.sys><Vireo Software>
[tmcomm / tmcomm]
<\??\D:\WINDOWS\System32\drivers\tmcomm.sys><Trend Micro Inc.>
[UdfReadr_xp / UdfReadr_xp]
<D:\WINDOWS\SYSTEM32\DRIVERS\UdfReadr_xp.SYS><Roxio>
[V90drv / V90drv]
<System32\DRIVERS\v90drv.sys><>
[VIA AGP Filter / viaagp1]
<\SystemRoot\System32\DRIVERS\viaagp1.sys><N/A>
[VIA USB Host Controller Lower Filter / vulfnths]
<\SystemRoot\System32\Drivers\vulfnth.sys><VIA Technologies, Inc.>
[VIA USB Roothub Lower Filter / vulfntrs]
<\SystemRoot\System32\Drivers\vulfntr.sys><VIA Technologies, Inc.>

==================================
Browser Add-ons
[Yahoo! Toolbar Helper]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} <D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
{089FD14D-132B-48FC-8861-0048AE113215} <D:\Program Files\SiteAdvisor\4608\SiteAdv.dll, McAfee, Inc.>
[]
{53707962-6F74-2D53-2644-206D7942484F} <C:\Spybot - Search & Destroy\SDHelper.dll, Safer Networking Limited>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[scriptproxy]
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} <d:\program files\mcafee\virusscan\scriptsn.dll, McAfee, Inc.>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <d:\program files\google\googletoolbar3.dll, Google Inc.>
[Adobe PDF Conversion Toolbar Helper]
{AE7CD045-E861-484f-8273-0445EE161910} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[Java Plug-in 1.5.0_09]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <d:\program files\google\googletoolbar3.dll, Google Inc.>
[Yahoo! Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} <D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[McAfee SiteAdvisor]
{0BF43445-2F28-4351-9252-17FE6E806AA0} <D:\Program Files\SiteAdvisor\4608\SiteAdv.dll, McAfee, Inc.>
[&Radio]
{8E718888-423F-11D2-876E-00A0C9082467} <D:\WINDOWS\System32\msdxm.ocx, N/A>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <D:\WINDOWS\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll, Kaspersky Lab>
[Java Plug-in 1.5.0_09]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[ActiveScan Installer Class]
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <D:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[Update Class]
{9F1C11AA-197B-4942-BA54-47A8489BB47F} <D:\WINDOWS\System32\iuctl.dll, Microsoft Corporation>
[Java Plug-in 1.5.0_02]
{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_09]
{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_09]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <D:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll, Sun Microsystems, Inc.>
[Convert link target to Adobe PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert link target to existing PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert selected links to Adobe PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[Convert selected links to existing PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[Convert selection to Adobe PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert selection to existing PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[Convert to Adobe PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[Convert to existing PDF]
<res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>

==================================
Running Processes
[PID: 640][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 704][\??\D:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 728][\??\D:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 772][D:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 784][D:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 980][D:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1080][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1268][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1352][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1564][D:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
[D:\WINDOWS\System32\AdobePDF.dll] [Adobe Systems Incorporated., 7.0.0.00]
[D:\Program Files\Adobe\Acrobat 7.0\Distillr\adistres.dll] [Adobe Systems Incorporated., 7.0.7.2006011200]
[PID: 1736][D:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47]
[D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[PID: 1164][D:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1116][D:\WINDOWS\System32\Ati2evxx.exe] [N/A, N/A]
[PID: 1532][D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe] [McAfee, Inc., 8.0.163.0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\common files\mcafee\hackerwatch\hwapips.dll] [McAfee, Inc., 8.0.163.0]
[PID: 1588][D:\PROGRA~1\McAfee\MSC\mclogsrv.exe] [McAfee, Inc., 7,1,131,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcdbmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll] [McAfee, Inc., 7,1,114,0]
[PID: 1952][D:\PROGRA~1\McAfee\MSC\mcupdmgr.exe] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll] [McAfee, Inc., 7,1,114,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,1,128,0]
[PID: 1972][d:\program files\common files\mcafee\mna\mcnasvc.exe] [McAfee, Inc., 1,1,110,0]
[D:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll] [McAfee, Inc., 7,1,114,0]
[d:\program files\mcafee\msc\mcnmcsrv.dll] [McAfee, Inc., 1,1,108,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\common files\mcafee\mna\mcnasvcps.dll] [McAfee, Inc., 1,1,110,0]
[d:\program files\mcafee\msc\mcnmcsps.dll] [McAfee, Inc., 1,1,108,0]
[d:\program files\mcafee\msc\mcregobj\7,1,128,0\mcregobj.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcmismgr.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\common files\mcafee\mna\mcuj.dll] [McAfee, Inc., 1,1,110,0]
[D:\PROGRA~1\McAfee\MSC\McNmcRes.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcLoR.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcCoR.dll] [McAfee, Inc., 1,1,108,0]
[PID: 2004][D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe] [McAfee, Inc., 11,0,201,0]
[PID: 2040][D:\PROGRA~1\McAfee\MSC\mcpromgr.exe] [McAfee, Inc., 7,1,131,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\COMMON~1\McAfee\MSC\McUtil.dll] [McAfee, Inc., 7,1,114,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee.com\agent\mcagntps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcmscver.dll] [McAfee, Inc., 7,1,128,0]
[d:\PROGRA~1\mcafee\VIRUSS~1\mvsap.dll] [McAfee, Inc., 11,0,201,0]
[d:\program files\mcafee\mpf\mc\mpfmisp.dll] [McAfee, Inc., 8.0.198.0]
[D:\Program Files\McAfee\MPF\L10N.DLL] [McAfee Security, 8.0.198.0]
[D:\Program Files\SiteAdvisor\4608\SiteAdv.dll] [McAfee, Inc., 2.1.1.35]
[d:\program files\mcafee\virusscan\mcvspp.dll] [McAfee, Inc., 11,0,201,0]
[d:\program files\mcafee\msc\mcprotpv.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcnmcprv.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcRes.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcLoR.dll] [McAfee, Inc., 1,1,108,0]
[D:\PROGRA~1\McAfee\MSC\McNmcCoR.dll] [McAfee, Inc., 1,1,108,0]
[d:\program files\common files\mcafee\mna\mcnasvcps.dll] [McAfee, Inc., 1,1,110,0]
[d:\program files\mcafee\msc\mcnmcsps.dll] [McAfee, Inc., 1,1,108,0]
[d:\program files\mcafee\virusscan\mvscfg.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\naiannps.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\mcodsax.dll] [McAfee, Inc., 11,0,201,0]
[d:\program files\mcafee\msc\mcregobj\7,1,128,0\mcregobj.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\mpf\mc\mpfp.dll] [McAfee, Inc., 8.0.198.0]
[D:\PROGRA~1\McAfee\MSC\McProHlp.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\virusscan\mvsver.dll] [McAfee, Inc., 11,0,281,0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[d:\PROGRA~1\COMMON~1\mcafee\emproxy\empxyver.dll] [McAfee, Inc., 11,0,169,0]
[d:\program files\common files\mcafee\redirsvc\redirver.dll] [McAfee, Inc., 1,0,198,0]
[d:\program files\mcafee\msc\mcnmcver.dll] [McAfee, Inc., 1,1,108,0]
[d:\program files\mcafee\mqc\qcmisp.dll] [McAfee, Inc., 7,1,123,0]
[d:\program files\mcafee\mqc\QcLite.dll] [McAfee, Inc., 7,1,123,0]
[PID: 156][d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe] [McAfee, Inc., 1,0,198,0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[PID: 236][D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\LockDown.dll] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\mytilus.dll] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\mytilus2.dll] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\RES00\McShield.dll] [McAfee, Inc., 13.2.0.175]
[D:\PROGRA~1\McAfee\VIRUSS~1\FTL.Dll] [McAfee, Inc., 13.2.0.178]
[D:\PROGRA~1\McAfee\VIRUSS~1\naiann.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\virusscan\mcvsps.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\naiannps.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\mvscfg.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\mcvsqt.dll] [McAfee, Inc., 11,0,281,0]
[D:\PROGRA~1\McAfee\VIRUSS~1\McQtLib.dll] [McAfee, Inc., 11,0,281,0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[D:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll] [McAfee, Inc., 11,0,209,0]
[D:\Program Files\McAfee\VirusScan\mcscan32.dll] [McAfee, Inc., 5.1.00]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfebopa.dll] [McAfee, Inc., 13.2.0.159]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll] [McAfee, Inc., 13.2.0.159]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfeavfa.dll] [McAfee, Inc., 13.2.0.159]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[PID: 240][d:\PROGRA~1\mcafee.com\agent\mcagent.exe] [McAfee, Inc., 7,1,133,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcregobj\7,1,128,0\mcregobj.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee.com\agent\mcagntps.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mccfgpv.dll] [McAfee, Inc., 7,1,128,0]
[PID: 272][D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe] [McAfee, Inc., 11,0,281,0]
[D:\PROGRA~1\McAfee\VIRUSS~1\mvslog.dll] [McAfee, Inc., 11,0,209,0]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfesmfa.dll] [McAfee, Inc., 13.2.0.159]
[D:\PROGRA~1\McAfee\VIRUSS~1\mfehida.dll] [McAfee, Inc., 13.2.0.159]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\common files\mcafee\hackerwatch\hwapips.dll] [McAfee, Inc., 8.0.163.0]
[d:\program files\mcafee\virusscan\mvscfg.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\msc\mcsubmgr\7,1,128,0\mcsubmgr.dll] [McAfee, Inc., 7,1,128,0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\virusscan\mcvsps.dll] [McAfee, Inc., 11,0,281,0]
[d:\program files\mcafee\virusscan\naiannps.dll] [McAfee, Inc., 11,0,281,0]
[PID: 468][D:\PROGRA~1\McAfee\MSC\mctskshd.exe] [McAfee, Inc., 7,1,133,0]
[PID: 520][D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe] [McAfee, Inc., 7,1,131,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\COMMON~1\McAfee\MSC\sqlite3.dll] [McAfee, Inc., 7,1,114,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[PID: 452][D:\Program Files\McAfee\MPF\MPFSrv.exe] [McAfee, Inc., 8.0.198.0]
[d:\PROGRA~1\COMMON~1\mcafee\core\mcevtbrk.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\mpf\mc\mpfmisp.dll] [McAfee, Inc., 8.0.198.0]
[D:\Program Files\McAfee\MPF\L10N.DLL] [McAfee Security, 8.0.198.0]
[d:\program files\common files\mcafee\hackerwatch\hwapips.dll] [McAfee, Inc., 8.0.163.0]
[d:\program files\mcafee\msc\mcmispps.dll] [McAfee, Inc., 7,1,128,0]
[PID: 1100][D:\WINDOWS\System32\tcpsvcs.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1608][D:\Program Files\SiteAdvisor\4608\SAService.exe] [N/A, N/A]
[PID: 2056][D:\Program Files\QKeys\QKeys.EXE] [Taiwan, 1, 0, 2, 251]
[PID: 2120][D:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2232][D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5021]
[D:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.ENU] [ATI Technologies, Inc., 6.14.10.5021]
[D:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5021]
[D:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5021]
[PID: 2268][D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe] [Ulead Systems, Inc., 1, 0, 0, 3]
[PID: 2360][D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe] [Sun Microsystems, Inc., 5.0.90.3]
[PID: 2388][D:\Program Files\QuickTime\qttask.exe] [Apple Computer, Inc., 7.0.3]
[PID: 2420][D:\Program Files\PowerISO\SCDEmuApp.exe] [PowerISO Computing, Inc., 2, 6, 1, 1]
[PID: 2448][D:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.0.14]
[PID: 2516][D:\Program Files\SiteAdvisor\4608\SiteAdv.exe] [McAfee, Inc., 1.6.0.23]
[D:\Program Files\SiteAdvisor\4608\SiteAdv.dll] [McAfee, Inc., 2.1.1.35]
[D:\Program Files\SiteAdvisor\4608\SASubMgr.dll] [McAfee, Inc., 2,0,9999,0]
[PID: 2560][D:\Program Files\iTunes\iTunesHelper.exe] [Apple Computer, Inc., 6.0.0.18]
[D:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL] [Apple Computer, Inc., 6.0.0.18]
[D:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Computer, Inc., 6.0.0.18]
[PID: 2572][D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe] [Roxio, 5.3.4.21]
[D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\CDUDFLIB.dll] [Roxio, 5.3.4.21]
[D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\UDFRWLIB.dll] [Roxio, 5.3.4.21]
[D:\WINDOWS\System32\CDRTC.DLL] [Roxio, 5.3.4.21]
[D:\WINDOWS\System32\cdral.DLL] [Roxio, 5.3.4.21]
[PID: 2580][D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe] [Adobe Systems Inc., 7.0.7.2006011200]
[PID: 2624][D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe] [Anti-Malware Development a.s., 7, 5, 0, 50]
[D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [Anti-Malware Development a.s., 4, 2, 0, 15]
[PID: 2796][D:\Program Files\BitLord\BitLord.exe] [www.BitLord.com, 1.1.]
[PID: 3024][D:\Program Files\CASIO\Photo Loader\Plauto.exe] [CASIO COMPUTER CO.,LTD., 2.3E]
[PID: 3340][D:\Program Files\iPod\bin\iPodService.exe] [Apple Computer, Inc., 6.0.0.18]
[D:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL] [Apple Computer, Inc., 6.0.0.18]
[D:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Computer, Inc., 6.0.0.18]
[PID: 1936][d:\program files\mcafee\msc\mcuimgr.exe] [McAfee, Inc., 7,1,128,0]
[d:\program files\common files\mcafee\core\mccoreps.dll] [McAfee, Inc., 2,1,103,0]
[d:\program files\mcafee\msc\mcshllps.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\McLocRes.dll] [McAfee, Inc., 7,1,128,0]
[D:\PROGRA~1\McAfee\MSC\Mccobres.dll] [McAfee, Inc., 7,1,128,0]
[PID: 2732][D:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.8.1: 2006101023]
[D:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0]
[D:\Program Files\Mozilla Firefox\nspr4.dll] [Netscape Communications Corporation, 4.6.3]
[D:\Program Files\Mozilla Firefox\xpcom_core.dll] [Mozilla Foundation, 1.8.1: 2006101023]
[D:\Program Files\Mozilla Firefox\plc4.dll] [Netscape Communications Corporation, 4.6.3]
[D:\Program Files\Mozilla Firefox\plds4.dll] [Netscape Communications Corporation, 4.6.3]
[D:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.11.3 Basic ECC]
[D:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.11.3 Basic ECC]
[D:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.11.3 Basic ECC]
[D:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.11.3 Basic ECC]
[D:\Program Files\Mozilla Firefox\xpcom_compat.dll] [Mozilla Foundation, 1.8.1: 2006101023]
[D:\Program Files\Mozilla Firefox\components\myspell.dll] [Mozilla Foundation, 1.8.1: 2006101023]
[D:\Program Files\Mozilla Firefox\components\jar50.dll] [Mozilla Foundation, 1.8.1: 2006101023]
[D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll] [N/A, N/A]
[D:\Program Files\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.8.1: 2006101023]
[D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll] [N/A, N/A]
[D:\Program Files\Mozilla Firefox\components\spellchk.dll] [Mozilla Foundation, 1.8.1: 2006101023]
[D:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.11.3 Basic ECC]
[D:\Program Files\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.62]
[D:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll] [N/A, N/A]
[PID: 3872][D:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 4060][D:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[D:\WINDOWS\System32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[D:\Documents and Settings\Nic\Desktop\SREng.com] [Smallfrogs Studio, 2.2.6.605]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["D:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================

Logfile of HijackThis v1.99.1
Scan saved at 16:39:10, on 26/11/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\Ati2evxx.exe
D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
D:\PROGRA~1\McAfee\MSC\mclogsrv.exe
D:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
d:\program files\common files\mcafee\mna\mcnasvc.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
D:\PROGRA~1\McAfee\MSC\mcpromgr.exe
d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
d:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
D:\PROGRA~1\McAfee\MSC\mctskshd.exe
D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
D:\Program Files\McAfee\MPF\MPFSrv.exe
D:\WINDOWS\System32\tcpsvcs.exe
D:\Program Files\SiteAdvisor\4608\SAService.exe
D:\Program Files\QKeys\QKeys.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\PowerISO\SCDEmuApp.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\SiteAdvisor\4608\SiteAdv.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\BitLord\BitLord.exe
D:\Program Files\CASIO\Photo Loader\Plauto.exe
D:\Program Files\iPod\bin\iPodService.exe
d:\program files\mcafee\msc\mcuimgr.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\notepad.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\System32\cmd.exe
D:\WINDOWS\Logo1_.exe
C:\HJT\HijackThis.exe
d:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - D:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O2 - BHO: (no name) - {1AAF1095-4979-430F-9E2C-1648BD1BE5A9} - (no file)
O2 - BHO: (no name) - {435911D8-FE66-D5CA-1BB3-A0BFAFF0DAE0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - d:\program files\mcafee\virusscan\scriptsn.dll
O2 - BHO: (no name) - {7EB20AEA-E550-C5F3-2C50-BECE1B98B8BE} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QKeys] "D:\Program Files\QKeys\QKeys.EXE"
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SCDEmuApp.exe] "D:\Program Files\PowerISO\SCDEmuApp.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [SiteAdvisor] D:\Program Files\SiteAdvisor\4608\SiteAdv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [1f] D:\WINDOWS\System32\rundll32.exe r1ft7.dll Rundll32
O4 - HKLM\..\Run: [wl] D:\WINDOWS\Download\svhost32.exe
O4 - HKLM\..\Run: [load] D:\WINDOWS\uninstall\rundl132.exe
O4 - HKCU\..\Run: [Registry Cleaner] "D:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe"
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitLord\BitLord.exe"
O4 - HKCU\..\Run: [wao.exe] D:\WINDOWS\System32\wao.exe D:\WINDOWS\System32\drivers\cq4.sys Rundll32
O4 - HKCU\..\Run: [Dseh] "D:\WINDOWS\WNSXS~1\userinit.exe" -vt ndrv
O4 - Global Startup: Photo Loader supervisory.lnk = D:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.adsextend.net
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - D:\Program Files\SiteAdvisor\4608\SiteAdv.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - D:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - d:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - D:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: SiteAdvisor Service - Unknown owner - D:\Program Files\SiteAdvisor\4608\SAService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

As you can see i havent managed to get SmitFraudFix working so i just skipped it. Also i ahve been unable to send thos files to your email as i sadi above.

dorts · 11-26-2006, 07:53 PM

Nicdonati, if you look at the Kaspersky Online Scan log, you should be able to see many of your programs are being flagged as infected. Why? It is because you are infected by Viking Worm. Viking will infect many executables and when you click on the infected executables, it will trigger a reinfection. We would usually recommend a reformat, but since this worm hasn't infect the OS core files, I would like to clean this up instead of a reformat. If you see any folder where's there's a _desktop.ini, there's a possibility the exes are infected. So for now, I want you NOT to use the machine at all except when you need to follow my instructions. It is very important that you work quickly and swiftly as this worm may spread to other executables. You will need to reinstall the programs that are infected after the clean up.

I want you to do these three scan one after the other and remember to follow the order of the scans. Dr.Web first, followed by Bitdefender, and lastly, Kaspersky. Finish all three scans before posting their logs.
-------------------------------------

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and click Start to run the express scan
This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, mark the drives that you want to scan.
Select all drives. A red dot shows which drives have been chosen.
Click the green arrow at the right, and the scan will start.
Click 'Yes to all' if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found:
If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:

This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
Save the report to your desktop. The report will be called DrWeb.csv
Close Dr.Web Cureit.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

-------------------------------------

Please perform an online scan using Internet Explorer at this website - http://www.bitdefender.com/scan8/ie.html
Once finished, click on the Details button to view the results. To the upper right of the results you will see an option saying "Click here to export the scan results", please do so and save them to your desktop. Post the log of the scan results

-------------------------------------

Please perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

nicdonati · 11-27-2006, 02:44 AM

sorry but the computer crashed during the DrWeb complete scan so the log may not be completely accurate, i sahll continue regardless
Just as a side not i am getting this message when the computer starts up

Error loading r1ft7.dll, the specified module could not be found.

dorts · 11-27-2006, 02:46 AM

Please continue, we'll address that later.

nicdonati · 11-27-2006, 04:43 AM

ok im running the bitdefender scan currently i will post the results as soon as possible.

nicdonati · 11-27-2006, 06:27 AM

A0006246.exe;C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006247.exe;C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006248.exe;C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006249.exe;C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006250.EXE;C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006251.exe;C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006252.exe;C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006253.EXE;C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006254.exe;C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006255.exe;C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006256.exe;C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006257.exe;C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006258.exe;C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
restart.exe;D:\Documents and Settings\Nic\Desktop\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
mcinst.exe;D:\Program Files\Common Files\McAfee\Installer;Probably BACKDOOR.Trojan;Incurable.Moved.;
DXSETUP.exe;D:\Program Files\directx;Win32.HLLW.Gavir.54;Cured.;
closedpw.exe;D:\Program Files\Data;Win32.HLLW.Gavir.54;Cured.;
CDex.exe;D:\Program Files\CDex_150;Win32.HLLW.Gavir.54;Cured.;
uninstall.exe;D:\Program Files\CDex_150;Win32.HLLW.Gavir.54;Cured.;
EMSVWER.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
dc.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
SECleanup.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
StdDeliv.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
autoduck.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
cfgb2a.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
checkwebsite.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
fmtdump.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
ftla.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
ICLicWiz.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
InsightFixUp.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
MakeVerCurr.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
OpenSave.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
regsvr32.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
Regtlbsr.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
REGTOOL.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
report.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
seACIS.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
SearchDuplicateIDs.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
SECleanupAll.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
seiges.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
seProE.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
SePvAdp.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
seregr.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
seregsvr.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
sestep.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
setools.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
seviewer.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
TRANS2SE.EXE;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
WAITER.EXE;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
Edge.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
SELicWiz.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
IConnect.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
TDMDataMigration.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
sfxstub.exe;D:\Program Files\Solid Edge V14\Program;Win32.HLLW.Gavir.54;Cured.;
Welcome.exe;D:\Program Files\Solid Edge V14\Program\ResDLLs\0009\Welcome;Win32.HLLW.Gavir.54;Cured.;
menu.exe;D:\Program Files\Solid Edge V14\Program\Tutor;Win32.HLLW.Gavir.54;Cured.;
PrintDft.exe;D:\Program Files\Solid Edge V14\SDK\Samples\Viewing\PrintDFT;Win32.HLLW.Gavir.54;Cured.;
PrintPartmine.exe;D:\Program Files\Solid Edge V14\SDK\Samples\Viewing\PrintPart;Win32.HLLW.Gavir.54;Cured.;
reghelp.exe;D:\Program Files\Solid Edge V14\SDK\Tools;Win32.HLLW.Gavir.54;Cured.;
SE-Library.exe;D:\Program Files\Solid Edge V14\Custom\SELibrary;Win32.HLLW.Gavir.54;Cured.;
Register_SE-Library.exe;D:\Program Files\Solid Edge V14\Custom\SELibrary\CreateStandardPartsButton;Win32.HLLW.Gavir.54;Cured.;
PreProcess10.1.exe;D:\Program Files\Solid Edge V14\Custom\RevMgrPreProcessor;Win32.HLLW.Gavir.54;Cured.;
Mirror Assembly.exe;D:\Program Files\Solid Edge V14\Custom\MirAsm;Win32.HLLW.Gavir.54;Cured.;
TestInsightSample.exe;D:\Program Files\Solid Edge V14\Custom\Insight;Win32.HLLW.Gavir.54;Cured.;
ARelDoctor.exe;D:\Program Files\Solid Edge V14\Custom\ARelDoctor;Win32.HLLW.Gavir.54;Cured.;
Batch.exe;D:\Program Files\Solid Edge V14\Custom\Batch;Win32.HLLW.Gavir.54;Cured.;
bom.exe;D:\Program Files\Solid Edge V14\Custom\BOM;Win32.HLLW.Gavir.54;Cured.;
ChngLcl.exe;D:\Program Files\Solid Edge V14\Custom\ChangeLocale;Win32.HLLW.Gavir.54;Cured.;
DynAtrrib.exe;D:\Program Files\Solid Edge V14\Custom\DynAttrib;Win32.HLLW.Gavir.54;Cured.;
GandT.exe;D:\Program Files\Solid Edge V14\Custom\GandT;Win32.HLLW.Gavir.54;Cured.;
hexpro.exe;D:\Program Files\Solid Edge V14\Custom\Hexpro;Win32.HLLW.Gavir.54;Cured.;
mouse.exe;D:\Program Files\Solid Edge V14\Custom\Mouse;Win32.HLLW.Gavir.54;Cured.;
OpenSave.exe;D:\Program Files\Solid Edge V14\Custom\OpenSave;Win32.HLLW.Gavir.54;Cured.;
AStruct.exe;D:\Program Files\Solid Edge V14\Custom\RevManager;Win32.HLLW.Gavir.54;Cured.;
stock.exe;D:\Program Files\Solid Edge V14\Custom\Stock;Win32.HLLW.Gavir.54;Cured.;
AutoRecover.exe;D:\Program Files\Solid Edge V14\Custom\AutoRestore;Win32.HLLW.Gavir.54;Cured.;
SetupSysDriver.exe;D:\Program Files\Rainbow Technologies\Sentinel System Driver;Win32.HLLW.Gavir.54;Cured.;
GoogleEarth.exe;D:\Program Files\Google\Google Earth;Win32.HLLW.Gavir.54;Cured.;
gpsbabel.exe;D:\Program Files\Google\Google Earth;Win32.HLLW.Gavir.54;Cured.;
GoogleToolbarNotifier.exe;D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008;Win32.HLLW.Gavir.54;Cured.;
java.exe;D:\Program Files\JavaSoft\JRE\1.3.1_04\bin;Win32.HLLW.Gavir.54;Cured.;
javaw.exe;D:\Program Files\JavaSoft\JRE\1.3.1_04\bin;Win32.HLLW.Gavir.54;Cured.;
keytool.exe;D:\Program Files\JavaSoft\JRE\1.3.1_04\bin;Win32.HLLW.Gavir.54;Cured.;
policytool.exe;D:\Program Files\JavaSoft\JRE\1.3.1_04\bin;Win32.HLLW.Gavir.54;Cured.;
rmid.exe;D:\Program Files\JavaSoft\JRE\1.3.1_04\bin;Win32.HLLW.Gavir.54;Cured.;
rmiregistry.exe;D:\Program Files\JavaSoft\JRE\1.3.1_04\bin;Win32.HLLW.Gavir.54;Cured.;
tnameserv.exe;D:\Program Files\JavaSoft\JRE\1.3.1_04\bin;Win32.HLLW.Gavir.54;Cured.;
DivXCodecUninstall.exe;D:\Program Files\DivX;Win32.HLLW.Gavir.54;Cured.;
DivXPlayerUninstall.exe;D:\Program Files\DivX;Win32.HLLW.Gavir.54;Cured.;
DivXBundleUninstall.exe;D:\Program Files\DivX;Win32.HLLW.Gavir.54;Cured.;
config.exe;D:\Program Files\DivX\DivX Codec;Win32.HLLW.Gavir.54;Cured.;
DivX Player.exe;D:\Program Files\DivX\DivX Player;Win32.HLLW.Gavir.54;Cured.;
uninstall.exe;D:\Program Files\AC3Filter;Win32.HLLW.Gavir.54;Cured.;
dialog_patch.exe;D:\Program Files\AC3Filter;Win32.HLLW.Gavir.54;Cured.;
Uninstall.exe;D:\Program Files\Matroska Pack;Win32.HLLW.Gavir.54;Cured.;
dialog_patch.exe;D:\Program Files\Matroska Pack\AC3Filter;Win32.HLLW.Gavir.54;Cured.;
uninstall.exe;D:\Program Files\BitTorrent;Win32.HLLW.Gavir.54;Cured.;
btdownloadgui.exe;D:\Program Files\BitTorrent;Win32.HLLW.Gavir.54;Cured.;
w9xpopen.exe;D:\Program Files\BitTorrent;Win32.HLLW.Gavir.54;Cured.;
kult.exe;D:\Program Files\Project 3 Interactive\Kult Heretic Kingdoms Demo;Win32.HLLW.Gavir.54;Cured.;
register.exe;D:\Program Files\Ubi Soft\Register;Win32.HLLW.Gavir.54;Cured.;
schedule.exe;D:\Program Files\Ubi Soft\Register;Win32.HLLW.Gavir.54;Cured.;
GordianKnot.exe;D:\Program Files\GordianKnot;Win32.HLLW.Gavir.54;Cured.;
robot4rip.exe;D:\Program Files\GordianKnot;Win32.HLLW.Gavir.54;Cured.;
DVDDecrypter.exe;D:\Program Files\GordianKnot;Win32.HLLW.Gavir.54;Cured.;
BeSweet.exe;D:\Program Files\GordianKnot;Win32.HLLW.Gavir.54;Cured.;
BeSweet_GUI.exe;D:\Program Files\GordianKnot;Win32.HLLW.Gavir.54;Cured.;
azidts.exe;D:\Program Files\GordianKnot;Win32.HLLW.Gavir.54;Cured.;
ChapterXtractor.exe;D:\Program Files\GordianKnot;Win32.HLLW.Gavir.54;Cured.;
vStrip.exe;D:\Program Files\GordianKnot;Win32.HLLW.Gavir.54;Cured.;
vStrip_gui.exe;D:\Program Files\GordianKnot;Win32.HLLW.Gavir.54;Cured.;
uninst.exe;D:\Program Files\GordianKnot;Win32.HLLW.Gavir.54;Cured.;
AuxSetup.exe;D:\Program Files\GordianKnot\VirtualDubMod;Win32.HLLW.Gavir.54;Cured.;
VirtualDubMod.exe;D:\Program Files\GordianKnot\VirtualDubMod;Win32.HLLW.Gavir.54;Cured.;
Nandub.exe;D:\Program Files\GordianKnot\Nandub;Win32.HLLW.Gavir.54;Cured.;
Uninstall.exe;D:\Program Files\GordianKnot\AviSynth 2.5;Win32.HLLW.Gavir.54;Cured.;
DVD2AVIdg.exe;D:\Program Files\GordianKnot\DVD2AVI;Win32.HLLW.Gavir.54;Cured.;
subresync.exe;D:\Program Files\GordianKnot\VobSub;Win32.HLLW.Gavir.54;Cured.;
submux.exe;D:\Program Files\GordianKnot\VobSub;Win32.HLLW.Gavir.54;Cured.;
uninstall.exe;D:\Program Files\GordianKnot\VobSub;Win32.HLLW.Gavir.54;Cured.;
daemon.exe;D:\Program Files\D-Tools;Win32.HLLW.Gavir.54;Cured.;
AutoGK.exe;D:\Program Files\AutoGK;Win32.HLLW.Gavir.54;Cured.;
bbSummary.exe;D:\Program Files\AutoGK;Win32.HLLW.Gavir.54;Cured.;
uninst.exe;D:\Program Files\AutoGK;Win32.HLLW.Gavir.54;Cured.;
AuxSetup.exe;D:\Program Files\AutoGK\VDubMod;Win32.HLLW.Gavir.54;Cured.;
VirtualDubMod.exe;D:\Program Files\AutoGK\VDubMod;Win32.HLLW.Gavir.54;Cured.;
BeSweet.exe;D:\Program Files\AutoGK\BeSweet;Win32.HLLW.Gavir.54;Cured.;
DGFix.exe;D:\Program Files\AutoGK\DGMPGDec;Win32.HLLW.Gavir.54;Cured.;
DGIndex.exe;D:\Program Files\AutoGK\DGMPGDec;Win32.HLLW.Gavir.54;Cured.;
DGParse.exe;D:\Program Files\AutoGK\DGMPGDec;Win32.HLLW.Gavir.54;Cured.;
DGTable.exe;D:\Program Files\AutoGK\DGMPGDec;Win32.HLLW.Gavir.54;Cured.;
unins000.exe;D:\Program Files\XviD;Win32.HLLW.Gavir.54;Cured.;
MiniCalc.exe;D:\Program Files\XviD;Win32.HLLW.Gavir.54;Cured.;
OGMCalc.exe;D:\Program Files\XviD;Win32.HLLW.Gavir.54;Cured.;
vidccleaner.exe;D:\Program Files\XviD;Win32.HLLW.Gavir.54;Cured.;
StatsReader.exe;D:\Program Files\XviD;Win32.HLLW.Gavir.54;Cured.;
AviC.exe;D:\Program Files\XviD;Win32.HLLW.Gavir.54;Cured.;
java.exe;D:\Program Files\Java\j2re1.4.2_06\bin;Win32.HLLW.Gavir.54;Cured.;
javaw.exe;D:\Program Files\Java\j2re1.4.2_06\bin;Win32.HLLW.Gavir.54;Cured.;
jpicpl32.exe;D:\Program Files\Java\j2re1.4.2_06\bin;Win32.HLLW.Gavir.54;Cured.;
jucheck.exe;D:\Program Files\Java\j2re1.4.2_06\bin;Win32.HLLW.Gavir.54;Cured.;
jusched.exe;D:\Program Files\Java\j2re1.4.2_06\bin;Win32.HLLW.Gavir.54;Cured.;
keytool.exe;D:\Program Files\Java\j2re1.4.2_06\bin;Win32.HLLW.Gavir.54;Cured.;
kinit.exe;D:\Program Files\Java\j2re1.4.2_06\bin;Win32.HLLW.Gavir.54;Cured.;
klist.exe;D:\Program Files\Java\j2re1.4.2_06\bin;Win32.HLLW.Gavir.54;Cured.;
ktab.exe;D:\Program Files\Java\j2re1.4.2_06\bin;Win32.HLLW.Gavir.54;Cured.;
orbd.exe;D:\Program Files\Java\j2re1.4.2_06\bin;Win32.HLLW.Gavir.54;Cured.;
policytool.exe;D:\Program Files\Java\j2re1.4.2_06\bin;Win32.HLLW.Gavir.54;Cured.;
rmid.exe;D:\Program Files\Java\j2re1.4.2_06\bin;Win32.HLLW.Gavir.54;Cured.;
rmiregistry.exe;D:\Program Files\Java\j2re1.4.2_06\bin;Win32.HLLW.Gavir.54;Cured.;
servertool.exe;D:\Program Files\Java\j2re1.4.2_06\bin;Win32.HLLW.Gavir.54;Cured.;
tnameserv.exe;D:\Program Files\Java\j2re1.4.2_06\bin;Win32.HLLW.Gavir.54;Cured.;
javaws.exe;D:\Program Files\Java\j2re1.4.2_06\javaws;Win32.HLLW.Gavir.54;Cured.;
java.exe;D:\Program Files\Java\jre1.5.0_02\bin;Win32.HLLW.Gavir.54;Cured.;
javacpl.exe;D:\Program Files\Java\jre1.5.0_02\bin;Win32.HLLW.Gavir.54;Cured.;
javaw.exe;D:\Program Files\Java\jre1.5.0_02\bin;Win32.HLLW.Gavir.54;Cured.;
javaws.exe;D:\Program Files\Java\jre1.5.0_02\bin;Win32.HLLW.Gavir.54;Cured.;
jucheck.exe;D:\Program Files\Java\jre1.5.0_02\bin;Win32.HLLW.Gavir.54;Cured.;
jusched.exe;D:\Program Files\Java\jre1.5.0_02\bin;Win32.HLLW.Gavir.54;Cured.;
keytool.exe;D:\Program Files\Java\jre1.5.0_02\bin;Win32.HLLW.Gavir.54;Cured.;
kinit.exe;D:\Program Files\Java\jre1.5.0_02\bin;Win32.HLLW.Gavir.54;Cured.;
klist.exe;D:\Program Files\Java\jre1.5.0_02\bin;Win32.HLLW.Gavir.54;Cured.;
ktab.exe;D:\Program Files\Java\jre1.5.0_02\bin;Win32.HLLW.Gavir.54;Cured.;
orbd.exe;D:\Program Files\Java\jre1.5.0_02\bin;Win32.HLLW.Gavir.54;Cured.;
pack200.exe;D:\Program Files\Java\jre1.5.0_02\bin;Win32.HLLW.Gavir.54;Cured.;
policytool.exe;D:\Program Files\Java\jre1.5.0_02\bin;Win32.HLLW.Gavir.54;Cured.;
rmid.exe;D:\Program Files\Java\jre1.5.0_02\bin;Win32.HLLW.Gavir.54;Cured.;
rmiregistry.exe;D:\Program Files\Java\jre1.5.0_02\bin;Win32.HLLW.Gavir.54;Cured.;
servertool.exe;D:\Program Files\Java\jre1.5.0_02\bin;Win32.HLLW.Gavir.54;Cured.;
tnameserv.exe;D:\Program Files\Java\jre1.5.0_02\bin;Win32.HLLW.Gavir.54;Cured.;
unpack200.exe;D:\Program Files\Java\jre1.5.0_02\bin;Win32.HLLW.Gavir.54;Cured.;
java.exe;D:\Program Files\Java\jre1.5.0_09\bin;Win32.HLLW.Gavir.54;Cured.;
javacpl.exe;D:\Program Files\Java\jre1.5.0_09\bin;Win32.HLLW.Gavir.54;Cured.;
javaw.exe;D:\Program Files\Java\jre1.5.0_09\bin;Win32.HLLW.Gavir.54;Cured.;
javaws.exe;D:\Program Files\Java\jre1.5.0_09\bin;Win32.HLLW.Gavir.54;Cured.;
jucheck.exe;D:\Program Files\Java\jre1.5.0_09\bin;Win32.HLLW.Gavir.54;Cured.;
keytool.exe;D:\Program Files\Java\jre1.5.0_09\bin;Win32.HLLW.Gavir.54;Cured.;
kinit.exe;D:\Program Files\Java\jre1.5.0_09\bin;Win32.HLLW.Gavir.54;Cured.;
klist.exe;D:\Program Files\Java\jre1.5.0_09\bin;Win32.HLLW.Gavir.54;Cured.;
ktab.exe;D:\Program Files\Java\jre1.5.0_09\bin;Win32.HLLW.Gavir.54;Cured.;
orbd.exe;D:\Program Files\Java\jre1.5.0_09\bin;Win32.HLLW.Gavir.54;Cured.;
pack200.exe;D:\Program Files\Java\jre1.5.0_09\bin;Win32.HLLW.Gavir.54;Cured.;
policytool.exe;D:\Program Files\Java\jre1.5.0_09\bin;Win32.HLLW.Gavir.54;Cured.;
rmid.exe;D:\Program Files\Java\jre1.5.0_09\bin;Win32.HLLW.Gavir.54;Cured.;
rmiregistry.exe;D:\Program Files\Java\jre1.5.0_09\bin;Win32.HLLW.Gavir.54;Cured.;
servertool.exe;D:\Program Files\Java\jre1.5.0_09\bin;Win32.HLLW.Gavir.54;Cured.;
tnameserv.exe;D:\Program Files\Java\jre1.5.0_09\bin;Win32.HLLW.Gavir.54;Cured.;
unpack200.exe;D:\Program Files\Java\jre1.5.0_09\bin;Win32.HLLW.Gavir.54;Cured.;
unins000.exe;D:\Program Files\Ningsi Software\MP3 Splitter;Win32.HLLW.Gavir.54;Cured.;
splitter.exe;D:\Program Files\Ningsi Software\MP3 Splitter;Win32.HLLW.Gavir.54;Cured.;
iTunes.exe;D:\Program Files\iTunes;Win32.HLLW.Gavir.54;Cured.;
unins000.exe;D:\Program Files\Skype\Phone;Win32.HLLW.Gavir.54;Cured.;
Launcher.exe;D:\Program Files\Canon\PhotoStitch;Win32.HLLW.Gavir.54;Cured.;
ZoomBrowser.exe;D:\Program Files\Canon\ZoomBrowser EX\Program;Win32.HLLW.Gavir.54;Cured.;
ZoomBrowserImageServer.exe;D:\Program Files\Canon\ZoomBrowser EX\Program;Win32.HLLW.Gavir.54;Cured.;
PhotoRecord.exe;D:\Program Files\Canon\PhotoRecord\Program;Win32.HLLW.Gavir.54;Cured.;
OpPrintServer.exe;D:\Program Files\Canon\PhotoRecord\OpPrintCom;Win32.HLLW.Gavir.54;Cured.;
QTInfo.exe;D:\Program Files\QuickTime;Win32.HLLW.Gavir.54;Cured.;
QuickTimePlayer.exe;D:\Program Files\QuickTime;Win32.HLLW.Gavir.54;Cured.;
PictureViewer.exe;D:\Program Files\QuickTime;Win32.HLLW.Gavir.54;Cured.;
QuickTimeUpdateHelper.exe;D:\Program Files\QuickTime\QTSystem;Win32.HLLW.Gavir.54;Cured.;
QTPluginInstaller.exe;D:\Program Files\QuickTime\QTSystem;Win32.HLLW.Gavir.54;Cured.;
Ploader.exe;D:\Program Files\CASIO\Photo Loader;Win32.HLLW.Gavir.54;Cured.;
vstudio.exe;D:\Program Files\Ulead Systems\Ulead Movie Wizard SE VCD;Win32.HLLW.Gavir.54;Cured.;
MGCview.exe;D:\Program Files\Ulead Systems\Ulead Movie Wizard SE VCD\ppp;Win32.HLLW.Gavir.54;Cured.;
updater.exe;D:\Program Files\Mozilla Firefox;Win32.HLLW.Gavir.54;Cured.;
xpicleanup.exe;D:\Program Files\Mozilla Firefox;Win32.HLLW.Gavir.54;Cured.;
GetFlash.exe;D:\Program Files\Mozilla Firefox\plugins;Win32.HLLW.Gavir.54;Cured.;
talkback.exe;D:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components;Win32.HLLW.Gavir.54;Cured.;
uninstall.exe;D:\Program Files\Mozilla Firefox\uninstall;Win32.HLLW.Gavir.54;Cured.;
uninst.exe;D:\Program Files\Mozilla Firefox\uninstall;Win32.HLLW.Gavir.54;Cured.;
ypsrru.exe;D:\Program Files\Yahoo!\YPSR;Win32.HLLW.Gavir.54;Cured.;
ypsrcfg.exe;D:\Program Files\Yahoo!\YPSR;Win32.HLLW.Gavir.54;Cured.;
dlaunch.exe;D:\Program Files\Yahoo!\YPSR;Win32.HLLW.Gavir.54;Cured.;
ppclean.exe;D:\Program Files\Yahoo!\YPSR;Win32.HLLW.Gavir.54;Cured.;
ypsr.exe;D:\Program Files\Yahoo!\YPSR;Win32.HLLW.Gavir.54;Cured.;
LimeWireWin4.12.6.exe;D:\Program Files\Yahoo!\YPSR\Quarantine\ppq94.tmp\LimeWire 4.0.8\.NetworkShare;Win32.HLLW.Gavir.54;Cured.;
cdnuc.exe.Exe;D:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp\Cdn;Win32.HLLW.Gavir.54;Cured.;
cdnunins.exe;D:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp\Cdn;Win32.HLLW.Gavir.54;Cured.;
cdnunins.exe;D:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp\Cdn;Adware.Cdn;Incurable.Moved.;
cdnrenew.exe;D:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp\Cdn;Win32.HLLW.Gavir.54;Cured.;
ypsr_dat_06.09.22.16_setup_.exe;D:\Program Files\Yahoo!\YPSR\updates;Win32.HLLW.Gavir.54;Cured.;
unyt.exe;D:\Program Files\Yahoo!\common;Win32.HLLW.Gavir.54;Cured.;
unypsr.exe;D:\Program Files\Yahoo!\common;Win32.HLLW.Gavir.54;Cured.;
uninst.exe;D:\Program Files\BitLord;Win32.HLLW.Gavir.54;Cured.;
Autorun.exe;D:\Program Files\BitLord\Downloads\McAfee VirusScan PLUS 2007 Full\McAfee VirusScan PLUS 2007 Full;Win32.HLLW.Gavir.54;Cured.;
CDSetup.exe;D:\Program Files\BitLord\Downloads\McAfee VirusScan PLUS 2007 Full\McAfee VirusScan PLUS 2007 Full;Win32.HLLW.Gavir.54;Cured.;
Install.exe;D:\Program Files\BitLord\Downloads\McAfee VirusScan PLUS 2007 Full\McAfee VirusScan PLUS 2007 Full\en-US;Win32.HLLW.Gavir.54;Cured.;
mcinst.exe;D:\Program Files\BitLord\Downloads\McAfee VirusScan PLUS 2007 Full\McAfee VirusScan PLUS 2007 Full\en-US\Apps\VSO;Probably BACKDOOR.Trojan;Incurable.Moved.;
mcinst.exe;D:\Program Files\BitLord\Downloads\McAfee VirusScan PLUS 2007 Full\McAfee VirusScan PLUS 2007 Full\en-US\Apps\MSC;Probably BACKDOOR.Trojan;Incurable.Moved.;
mcinst.exe;D:\Program Files\BitLord\Downloads\McAfee VirusScan PLUS 2007 Full\McAfee VirusScan PLUS 2007 Full\en-US\Apps\MSAD;Probably BACKDOOR.Trojan;Incurable.Moved.;
mcinst.exe;D:\Program Files\BitLord\Downloads\McAfee VirusScan PLUS 2007 Full\McAfee VirusScan PLUS 2007 Full\en-US\Apps\MPF;Probably BACKDOOR.Trojan;Incurable.Moved.;
UpgradeLauncher.exe;D:\Program Files\Heroes of Might and Magic V\bin;Win32.HLLW.Gavir.54;Cured.;
H5_MapEditor.exe;D:\Program Files\Heroes of Might and Magic V\bin;Win32.HLLW.Gavir.54;Cured.;
H5_Game.exe;D:\Program Files\Heroes of Might and Magic V\bin;Win32.HLLW.Gavir.54;Cured.;
RegistrationReminder.exe;D:\Program Files\Heroes of Might and Magic V\registration;Win32.HLLW.Gavir.54;Cured.;
DXSETUP.exe;D:\Program Files\directx9;Win32.HLLW.Gavir.54;Cured.;
infinst.exe;D:\Program Files\directx9;Win32.HLLW.Gavir.54;Cured.;
ddhelp.exe;D:\Program Files\directx9;Win32.HLLW.Gavir.54;Cured.;
dplaysvr.exe;D:\Program Files\directx9;Win32.HLLW.Gavir.54;Cured.;
dxdiag.exe;D:\Program Files\directx9;Win32.HLLW.Gavir.54;Cured.;
dpvsetup.exe;D:\Program Files\directx9;Win32.HLLW.Gavir.54;Cured.;
dxdllreg.exe;D:\Program Files\directx9;Win32.HLLW.Gavir.54;Cured.;
dpnsvr.exe;D:\Program Files\directx9;Win32.HLLW.Gavir.54;Cured.;
dxdllreg_1.exe;D:\Program Files\directx9;Win32.HLLW.Gavir.54;Cured.;
UNWISE.EXE;D:\Program Files\TVAnts;Win32.HLLW.Gavir.54;Cured.;
Tvants.exe;D:\Program Files\TVAnts;Win32.HLLW.Gavir.54;Cured.;
ppupdstub.exe;D:\Program Files\PCPitstop\Exterminate;Win32.HLLW.Gavir.54;Cured.;
ppclean.exe;D:\Program Files\PCPitstop\Exterminate;Win32.HLLW.Gavir.54;Cured.;
bdinitptch.exe;D:\Program Files\Softwin\BitDefender10;Win32.HLLW.Gavir.54;Cured.;
TaskSys.exe;D:\Program Files\Softwin\BitDefender10;Win32.HLLW.Gavir.54;Cured.;
bdinit.exe;D:\Program Files\Softwin\BitDefender10;Win32.HLLW.Gavir.54;Cured.;
regpatch.exe;D:\Program Files\Softwin\BitDefender10;Win32.HLLW.Gavir.54;Cured.;
runtsys.exe;D:\Program Files\Softwin\BitDefender10;Win32.HLLW.Gavir.54;Cured.;
fm data editor.exe;D:\Program Files\Sports Interactive\Football Manager 2007;Win32.HLLW.Gavir.54;Cured.;
Uninstall FM 2007.exe;D:\Program Files\Sports Interactive\Football Manager 2007\uninstall;Win32.HLLW.Gavir.54;Cured.;
PowerISO.exe;D:\Program Files\PowerISO;Win32.HLLW.Gavir.54;Cured.;
uninstall.exe;D:\Program Files\PowerISO;Win32.HLLW.Gavir.54;Cured.;
Xfire.exe;D:\Program Files\Xfire;Win32.HLLW.Gavir.54;Cured.;
xfire_exception.exe;D:\Program Files\Xfire;Win32.HLLW.Gavir.54;Cured.;
xfire_inst.exe;D:\Program Files\Xfire;Win32.HLLW.Gavir.54;Cured.;
uninst.exe;D:\Program Files\Xfire;Win32.HLLW.Gavir.54;Cured.;
Start.exe;D:\Program Files\Sign Recognition Test CDROM;Win32.HLLW.Gavir.54;Cured.;
Question Bank Editor.exe;D:\Program Files\Sign Recognition Test CDROM\Data;Win32.HLLW.Gavir.54;Cured.;
md8rntm.exe;D:\Program Files\Sign Recognition Test CDROM\Runtime;Win32.HLLW.Gavir.54;Cured.;
mfehidin.exe;D:\Program Files\McAfee\VirusScan;Win32.HLLW.Gavir.54;Cured.;
preinst.exe;D:\Program Files\McAfee\VirusScan;Win32.HLLW.Gavir.54;Cured.;
mcinsupd.exe;D:\Program Files\McAfee\VirusScan;Win32.HLLW.Gavir.54;Cured.;
MpfMISP.dll;D:\Program Files\McAfee\MPF\MC;Probably DLOADER.Trojan;Incurable.Will be moved after reboot.;
MpfAlert.exe;D:\Program Files\McAfee\MPF\MC;Win32.HLLW.Gavir.54;Cured.;
Uninstall.exe;D:\Program Files\SiteAdvisor\4608;Win32.HLLW.Gavir.54;Cured.;
SAReg.exe;D:\Program Files\SiteAdvisor\4608;Win32.HLLW.Gavir.54;Cured.;
SASync.exe;D:\Program Files\SiteAdvisor\4608;Win32.HLLW.Gavir.54;Cured.;
Uninstall.exe;D:\Program Files\RegCleaner;Win32.HLLW.Gavir.54;Cured.;
RegCleanr.exe;D:\Program Files\RegCleaner;Win32.HLLW.Gavir.54;Cured.;
A0000008.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0;Win32.HLLW.Gavir.54;Cured.;
A0000024.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0;Win32.HLLW.Gavir.54;Cured.;
A0000026.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0;Win32.HLLW.Gavir.54;Cured.;
A0000032.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0;Win32.HLLW.Gavir.54;Cured.;
A0000279.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000316.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000317.EXE;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000318.EXE;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000319.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000339.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000341.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000351.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000352.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000360.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000363.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000580.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000581.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000583.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000585.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000600.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000612.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000664.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000669.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000670.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000787.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000789.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000790.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000858.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000880.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000905.EXE;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000906.EXE;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000937.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000938.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000943.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000965.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000966.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000967.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000969.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000990.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0000992.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0001999.sys;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Trojan.Vanti;Deleted.;
A0002999.sys;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Trojan.Vanti;Deleted.;
A0004001.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0004162.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0004367.sys;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Trojan.Vanti;Deleted.;
A0004531.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0004556.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0004558.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0004560.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0004561.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005527.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005530.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005545.SYS;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Trojan.DownLoader.15199;Deleted.;
A0005553.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005572.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005588.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005593.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005607.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005612.EXE;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005613.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005614.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005628.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005635.EXE;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Probably DLOADER.Trojan;Incurable.Moved.;
A0005639.EXE;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005640.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005646.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005648.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005655.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005696.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Probably BACKDOOR.Trojan;Incurable.Moved.;
A0005698.pif;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Modification of BackDoor.Generic.1413;Moved.;
A0005717.EXE;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Probably DLOADER.Trojan;Incurable.Moved.;
A0006259.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005756.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006260.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005765.com;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Modification of BackDoor.Generic.1413;Moved.;
A0005767.pif;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Modification of BackDoor.Generic.1413;Moved.;
A0005770.com;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Modification of BackDoor.Generic.1413;Moved.;
A0005771.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Modification of BackDoor.Generic.1413;Moved.;
A0005772.com;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Modification of BackDoor.Generic.1413;Moved.;
A0005773.com;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Modification of BackDoor.Generic.1413;Moved.;
A0005775.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Modification of BackDoor.Generic.1413;Moved.;
A0005776.pif;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Modification of BackDoor.Generic.1413;Moved.;
A0006261.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005778.com;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Modification of BackDoor.Generic.1413;Moved.;
A0006262.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005780.com;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Modification of BackDoor.Generic.1413;Moved.;
A0005781.com;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Modification of BackDoor.Generic.1413;Moved.;
A0005782.com;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Modification of BackDoor.Generic.1413;Moved.;
A0006263.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005786.com;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Modification of BackDoor.Generic.1413;Moved.;
A0005787.pif;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Modification of BackDoor.Generic.1413;Moved.;
A0006264.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006265.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006266.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006267.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005854.SYS;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Trojan.DownLoader.15199;Deleted.;
A0006268.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005859.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006269.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006270.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005869.SYS;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Trojan.DownLoader.15199;Deleted.;
A0006271.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006272.EXE;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005885.SYS;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Trojan.DownLoader.15199;Deleted.;
A0006273.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006274.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005921.SYS;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Trojan.DownLoader.15199;Deleted.;
A0006275.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Incurable.Moved.;
A0005925.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006276.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005928.EXE;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006277.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005930.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005931.EXE;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005934.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005937.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005943.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005948.EXE;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005949.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005950.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005952.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005955.EXE;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Probably DLOADER.Trojan;Incurable.Moved.;
A0005959.EXE;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005960.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005964.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005966.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005971.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005981.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Probably BACKDOOR.Trojan;Incurable.Moved.;
A0005982.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006278.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006279.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005988.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006280.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0005999.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006003.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006281.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006011.SYS;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Trojan.DownLoader.15199;Deleted.;
A0006282.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006283.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006036.SYS;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Trojan.DownLoader.15199;Deleted.;
A0006284.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006285.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006286.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006052.sys;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Trojan.DownLoader.15199;Deleted.;
A0006287.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006288.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006058.sys;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Trojan.DownLoader.15199;Deleted.;
A0006289.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006290.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006078.EXE;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Modification of BackDoor.Generic.1413;Moved.;
A0006082.sys;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Trojan.DownLoader.15199;Deleted.;
A0006291.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006292.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006293.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006095.dll;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Trojan.DownLoader.15199;Deleted.;
A0006294.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006295.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006296.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006119.dll;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Adware.Cdn;Incurable.Moved.;
A0006120.dll;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Adware.Cdn;Incurable.Moved.;
A0006124.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Tool.ShutDown.11;Incurable.Moved.;
A0006297.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006298.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006299.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006300.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006301.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006302.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006303.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006304.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006305.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006306.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006307.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006308.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006309.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006310.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006311.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006312.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006313.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006314.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006315.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006316.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006317.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006318.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006319.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006320.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006321.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006322.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006323.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006324.EXE;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006325.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006326.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006327.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006328.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006329.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006330.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006331.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006332.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006333.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006334.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006335.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006336.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006337.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006338.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006339.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006340.EXE;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0006341.EXE;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007225.EXE;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Probably DLOADER.Trojan;Incurable.Moved.;
A0007236.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007237.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007238.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007239.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007240.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007241.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007242.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007243.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007244.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007245.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007246.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007247.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007248.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007249.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007250.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007251.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007252.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007253.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007254.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007255.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007256.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007257.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007258.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007259.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007260.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007261.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007262.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007263.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007264.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007265.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007266.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007267.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007268.EXE;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007269.EXE;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007270.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007271.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007272.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007273.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007274.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007275.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007276.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007277.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007278.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007279.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007280.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007281.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007282.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007283.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007284.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007285.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007286.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007287.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007288.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007289.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007290.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007291.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007292.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007293.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007294.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007295.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007296.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007297.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007298.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007299.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007300.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007301.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007302.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007303.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007304.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007305.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007306.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007307.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007308.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007309.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007310.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007311.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007312.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007313.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007314.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007315.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007316.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007317.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007318.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007319.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007320.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007321.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007322.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007323.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007324.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007325.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007326.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007327.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007328.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007329.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007330.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007331.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007332.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007333.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007334.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007335.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007336.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007337.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007338.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007339.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007340.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007341.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007342.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007343.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007344.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007345.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007346.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007347.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007348.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007349.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007350.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007351.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007352.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007353.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007354.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007355.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007356.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007357.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007358.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007359.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007360.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007361.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007362.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007363.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007364.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007365.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007366.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007367.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007368.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007369.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007370.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007371.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007372.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007373.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007374.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007375.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007376.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007377.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007378.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007379.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007380.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007381.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007382.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007383.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007384.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007385.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007386.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007387.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007388.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007389.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007390.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007391.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007392.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007393.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007394.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007395.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007396.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007397.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007398.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007399.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007400.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007401.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007402.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007403.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007404.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007405.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007406.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007407.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007408.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007409.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007410.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007411.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007412.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007413.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007414.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007415.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007416.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007417.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007418.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007419.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007420.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007421.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007422.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007423.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007424.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007425.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007426.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007427.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007428.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007429.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007430.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007431.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007432.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007433.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007434.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007435.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007436.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007437.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007438.Exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007439.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007439.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Adware.Cdn;Incurable.Moved.;
A0007440.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007441.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007442.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007443.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007444.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007445.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007446.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007447.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007448.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007449.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007450.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007451.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007452.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007453.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007454.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007455.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007456.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007457.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007458.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007459.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007460.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007461.EXE;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007462.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007463.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007464.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007465.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007466.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007467.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007468.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007469.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007470.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007471.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007472.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007473.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007474.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007475.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007476.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007477.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007478.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007479.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007480.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007481.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007482.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007483.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007484.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007485.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007486.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007487.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007488.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
A0007489.exe;D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1;Win32.HLLW.Gavir.54;Cured.;
WindowsInstaller-KB893803-v2-x86.exe;D:\WUTemp\com_microsoft.893803_WindowsInstaller_v31;Win32.HLLW.Gavir.54;Cured.;
rp10-bbc-en-setup.exe;D:\My Downloads;Win32.HLLW.Gavir.54;Cured.;

11-23-2006, 08:50 AM	#1 (permalink)
nicdonati Registered User Join Date: Nov 2006 Posts: 100 OS: XP	Suspected Virus/trojan/worm Hi, My computer is on the verge of dying, the problme started after using a p2p programme called Tvants or ppmate (im not sure which) it started off with chinese pop ups for example www.netv3g.net and has got worse and worse. My computer keeps freezing on startup with just the background picture (no icons or taskbar and the mouse cant move) This time i have managed to get it to start in normtabilised a little bit alltho the pop up keeps coming up in IE (even tho i use Mozilla) and lots of applications said they couldnt run cos they werent win32 apps. I have run McAfee and it said it found a problem with IEXPL0RE.exe and SVCHOST.exe. However it couldnt remove them and they are sitll running on my process. I tried to turn it off in Msconfig with no luck (i turned it off but it still loaded anyway) and so i have put it back to normal like u advise here is the HJT file Logfile of HijackThis v1.99.1 Scan saved at 16:41:16, on 23/11/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\QKeys\QKeys.EXE D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe D:\Program Files\QuickTime\qttask.exe D:\Program Files\PowerISO\SCDEmuApp.exe D:\WINDOWS\IEXPL0RE.exe D:\WINDOWS\SOUNDMAN.EXE D:\WINDOWS\System32\sexmple.exe D:\Program Files\SiteAdvisor\4608\SiteAdv.exe D:\Program Files\iTunes\iTunesHelper.exe D:\WINDOWS\System32\Ati2evxx.exe D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe D:\Program Files\BitLord\BitLord.exe C:\HJT\HijackThis.exe D:\PROGRA~1\McAfee\MSC\mclogsrv.exe D:\Program Files\CASIO\Photo Loader\Plauto.exe D:\PROGRA~1\McAfee\MSC\mcupdmgr.exe d:\program files\common files\mcafee\mna\mcnasvc.exe D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe D:\PROGRA~1\McAfee\MSC\mcpromgr.exe d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe d:\PROGRA~1\mcafee.com\agent\mcagent.exe D:\PROGRA~1\McAfee\MSC\mctskshd.exe D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe D:\Program Files\McAfee\MPF\MPFSrv.exe D:\WINDOWS\System32\tcpsvcs.exe D:\Program Files\SiteAdvisor\4608\SAService.exe D:\WINDOWS\system32\slserv.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe d:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe D:\Program Files\iPod\bin\iPodService.exe D:\WINDOWS\System32\imapi.exe D:\DOCUME~1\Nic\LOCALS~1\Temp\svc1F0.tmp D:\DOCUME~1\Nic\LOCALS~1\Temp\mhsystem.exe D:\DOCUME~1\Nic\LOCALS~1\Temp\ztsystem.exe d:\program files\mcafee\msc\mcuimgr.exe D:\WINDOWS\explorer.exe C:\HJT\HijackThis.exe D:\Program Files\Internet Explorer\iexplore.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/ O1 - Hosts: 61.141.31.11 www.kzdh.com O1 - Hosts: 61.141.31.11 www.7255.com O1 - Hosts: 61.141.31.11 www.7322.com O1 - Hosts: 61.141.31.11 www.7939.com O1 - Hosts: 61.141.31.11 www.piaoxue.com O1 - Hosts: 61.141.31.11 www.feixu.net O1 - Hosts: 61.141.31.11 www.6781.com O1 - Hosts: 61.141.31.11 www.7b.com.cn O1 - Hosts: 61.141.31.11 7b.com.cn O1 - Hosts: 61.141.31.11 www.918188.com O1 - Hosts: 61.141.31.11 hao.allxue.com O1 - Hosts: 61.141.31.11 good.allxue.com O1 - Hosts: 61.141.31.11 baby.allxue.com O1 - Hosts: 61.141.31.11 www.allxue.com O1 - Hosts: 61.141.31.11 about.lank.la O1 - Hosts: 61.141.31.11 www.x114x.com O1 - Hosts: 61.141.31.11 www.37ss.com O1 - Hosts: 61.141.31.11 www.7k.cc O1 - Hosts: 61.141.31.11 www.73ss.com O1 - Hosts: 125.91.14.230 www.hao123.com O1 - Hosts: 61.141.31.11 www.81915.com O1 - Hosts: 61.141.31.11 222.88.90.22 O1 - Hosts: 61.141.31.11 www.9991.com O1 - Hosts: 61.141.31.11 www.my123.com O1 - Hosts: 61.141.31.11 www.haokan123.com O1 - Hosts: 61.141.31.11 www.5566.net O1 - Hosts: 61.141.31.11 www.gjj.cc O1 - Hosts: 61.141.31.11 www.2345.com O1 - Hosts: 61.141.31.11 dl.hao318.com O1 - Hosts: 61.141.31.11 www.123wa.com O1 - Hosts: 61.141.31.11 www.ku886.com O1 - Hosts: 61.141.31.11 www.5icrack.com O1 - Hosts: 61.141.31.11 www.jjol.cn O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - D:\Program Files\SiteAdvisor\4608\SiteAdv.dll O2 - BHO: (no name) - {1AAF1095-4979-430F-9E2C-1648BD1BE5A9} - (no file) O2 - BHO: CNNIC ÍøÂç¹¤¾ßDrag - {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} - (no file) O2 - BHO: (no name) - {435911D8-FE66-D5CA-1BB3-A0BFAFF0DAE0} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - d:\program files\mcafee\virusscan\scriptsn.dll O2 - BHO: (no name) - {7EB20AEA-E550-C5F3-2C50-BECE1B98B8BE} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar3.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar3.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - D:\Program Files\SiteAdvisor\4608\SiteAdv.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [QKeys] "D:\Program Files\QKeys\QKeys.EXE" O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] "D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SCDEmuApp.exe] "D:\Program Files\PowerISO\SCDEmuApp.exe" O4 - HKLM\..\Run: [WinStar] D:\WINDOWS\IEXPL0RE.exe O4 - HKLM\..\Run: [r] D:\WINDOWS\down\rundll32.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [load] D:\WINDOWS\uninstall\rundl132.exe O4 - HKLM\..\Run: [WindowsStar] D:\WINDOWS\System32\sexmple.exe O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe" O4 - HKLM\..\Run: [SiteAdvisor] D:\Program Files\SiteAdvisor\4608\SiteAdv.exe O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Microsoft WindowsUpdaters] WINUPDATER.EXE O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "D:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKCU\..\Run: [Registry Cleaner] "D:\Program Files\TPT Registry_Cleaner (Trial)\regclean.exe" O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitLord\BitLord.exe" O4 - Global Startup: Photo Loader supervisory.lnk = D:\Program Files\CASIO\Photo Loader\Plauto.exe O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ? O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\aelupsvc32.dll O10 - Unknown file in Winsock LSP: d:\windows\system32\aelupsvc32.dll O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O15 - Trusted Zone: .adgate.info O15 - Trusted Zone: .adsextend.net O15 - Trusted Zone: .dollarrevenue.com O15 - Trusted Zone: .imagesrvr.com O15 - Trusted Zone: .matcash.com O15 - Trusted Zone: .media-motor.com O15 - Trusted Zone: .mediatickets.net O15 - Trusted Zone: .snipernet.biz O15 - Trusted Zone: .systemdoctor.com O15 - Trusted Zone: .winantivirus.com O15 - Trusted Zone: .adgate.info (HKLM) O15 - Trusted Zone: .adsextend.net (HKLM) O15 - Trusted Zone: .dollarrevenue.com (HKLM) O15 - Trusted Zone: .elitemediagroup.net (HKLM) O15 - Trusted Zone: .imagesrvr.com (HKLM) O15 - Trusted Zone: .matcash.com (HKLM) O15 - Trusted Zone: .media-motor.com (HKLM) O15 - Trusted Zone: .mediatickets.net (HKLM) O15 - Trusted Zone: .snipernet.biz (HKLM) O15 - Trusted Zone: .systemdoctor.com (HKLM) O15 - Trusted Zone: *.winantivirus.com (HKLM) O16 - DPF: {11111111-1111-1111-1111-511111113458} - file://c:\x.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - D:\Program Files\SiteAdvisor\4608\SiteAdv.dll O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - D:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - D:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mclogsrv.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - d:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - d:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - D:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mctskshd.exe O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - D:\PROGRA~1\McAfee\MSC\mcusrmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - D:\Program Files\McAfee\MPF\MPFSrv.exe O23 - Service: SiteAdvisor Service - Unknown owner - D:\Program Files\SiteAdvisor\4608\SAService.exe O23 - Service: SmartLinkService (SLService) - - D:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - D:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

11-24-2006, 09:42 AM	#2 (permalink)
dorts Analyst, Security Team Join Date: Mar 2006 Location: Singapore Posts: 1,599 OS: Windows XP SP2 My System	Hello and welcome to TSF Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. Please stay with me until your system has been declared clean. IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER. You have a very nasty chinese infection and this will take a while to clean. So please hang in there. Please refrain from using the Internet and disconnect it when not in use. Connect to the Internet. Downloads Please download combofix from this link and save it on your desktop. DO NOT run it yet. Please download System Repair Engineer and save it to your desktop. Extract the contents of the archive onto your desktop. Disconnect from the Interent. Safe Mode Restart your computer. Before the Windows logo appear, tap F8 repeatedly. In some systems, this may be the F5 key. A menu should appear, select Safe Mode from the menu using your arrow keys and then hit Enter on your keyboard. This will take a while than usual, so just wait. After it loads, Login on your usual account. ComboFix 1. Run combofix by clicking on combofix.exe on your desktop. 3. When finished, it shall produce a log for you. It will be located at D:\combofix.txt Post that log in your next reply. Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall. You may now reboot back to normal mode SREng Please start the program by clicking on SREng.exe Click on Smart Scan (magnifying glass icon) Click on Scan at the bottom right and the program will start scanning your system. Once it is done, a new window will open. Click on Save Reports and save the log on your desktop with the default file name, SREngLOG.log. You may now exit the program. Please post the contents of SREngLOG.log in your next reply. Connect back to the Internet. Logs Please post the following logs in your next reply... D:\combofix.txt SREngLOG.log A New HijackThis Log __________________ If you think TSF have helped you, please kindly donate to TSF and help keep this site free to all.

11-25-2006, 06:41 AM	#6 (permalink)
dorts Analyst, Security Team Join Date: Mar 2006 Location: Singapore Posts: 1,599 OS: Windows XP SP2 My System	Follow the instructions as above and you should be able to run programs. __________________ If you think TSF have helped you, please kindly donate to TSF and help keep this site free to all.

11-26-2006, 08:55 AM	#14 (permalink)
nicdonati Registered User Join Date: Nov 2006 Posts: 100 OS: XP	Nic - 06-11-26 1522.90 Service Pack 1 ComboFix 06.11.22W - Running from: "D:\Documents and Settings\Nic\Desktop" (((((((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) D:\WINDOWS\winlogon.exe ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Folders Quarantined: D:\qoobox\purity\WINDOWS\WNSXS~1 D:\qoobox\purity\WINDOWS\system32\WNSXS~1 D:\qoobox\purity\WINDOWS\WNSXS~1\WNSXS~1 D:\qoobox\purity\Program Files\ASEMBL~1 D:\qoobox\purity\Documents and Settings\Nic\Application Data\CROSOF~1 D:\qoobox\purity\Documents and Settings\Nic\My Documents\YMANTE~1 D:\qoobox\purity\Documents and Settings\Nic\My Documents\CROSOF~1.NET D:\qoobox\purity\Documents and Settings\Nic\My Documents\SMBOLS~1 ((((((((((((((((((((((((((((((( Files Created from 2006-10-26 to 2006-11-26 )))))))))))))))))))))))))))))))))) 2006-11-26 13:25 3,968 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys 2006-11-26 13:25 <DIR> d-------- D:\Program Files\Grisoft 2006-11-26 11:08 13,828 ---h----- D:\KavHelp.dll 2006-11-25 16:09 <DIR> d-------- D:\WINDOWS\erdnt 2006-11-23 16:16 68,608 --a------ D:\WINDOWS\system32\locator.exe 2006-11-23 16:16 67,584 --a------ D:\WINDOWS\system32\magnify.exe 2006-11-23 16:16 544,256 --a------ D:\WINDOWS\system32\crypt32.dll 2006-11-23 16:16 532,480 --a------ D:\WINDOWS\system32\rpcrt4.dll 2006-11-23 16:16 53,760 --a------ D:\WINDOWS\system32\cryptsvc.dll 2006-11-23 16:16 51,200 --a------ D:\WINDOWS\system32\narrator.exe 2006-11-23 16:16 37,888 --a------ D:\WINDOWS\system32\hhsetup.dll 2006-11-23 16:16 316,928 --a------ D:\WINDOWS\system32\zipfldr.dll 2006-11-23 16:16 260,608 --a------ D:\WINDOWS\system32\rpcss.dll 2006-11-23 16:16 238,080 --a------ D:\WINDOWS\system32\newdev.dll 2006-11-23 16:16 226,816 --a------ D:\WINDOWS\system32\srrstr.dll 2006-11-23 16:16 212,480 --a------ D:\WINDOWS\system32\osk.exe 2006-11-23 16:16 179,200 --a------ D:\WINDOWS\system32\accwiz.exe 2006-11-23 16:16 143,872 --a------ D:\WINDOWS\system32\itircl.dll 2006-11-23 16:16 125,440 --a------ D:\WINDOWS\system32\shmedia.dll 2006-11-23 16:16 122,368 --a------ D:\WINDOWS\system32\itss.dll 2006-11-23 16:16 10,752 --a------ D:\WINDOWS\hh.exe 2006-11-23 16:16 1,172,992 --a------ D:\WINDOWS\system32\ole32.dll 2006-11-23 16:12 31,744 --a------ D:\WINDOWS\system32\rundll32.exe 2006-11-23 16:08 <DIR> d--hs---- D:\FOUND.000 2006-11-23 15:47 947,472 --a------ D:\WINDOWS\system32\msjava.dll 2006-11-23 15:47 63,248 --a------ D:\WINDOWS\system32\javaprxy.dll 2006-11-23 15:47 49,424 --a------ D:\WINDOWS\system32\clspack.exe 2006-11-23 15:47 46,352 --a------ D:\WINDOWS\setdebug.exe 2006-11-23 15:47 404,752 --a------ D:\WINDOWS\system32\javart.dll 2006-11-23 15:47 313,856 --a------ D:\WINDOWS\system32\dx3j.dll 2006-11-23 15:47 286,992 --a------ D:\WINDOWS\system32\vmhelper.dll 2006-11-23 15:47 21,264 --a------ D:\WINDOWS\system32\msjdbc10.dll 2006-11-23 15:47 187,152 --a------ D:\WINDOWS\system32\javacypt.dll 2006-11-23 15:47 172,304 --a------ D:\WINDOWS\system32\jview.exe 2006-11-23 15:47 171,792 --a------ D:\WINDOWS\system32\wjview.exe 2006-11-23 15:47 171,280 --a------ D:\WINDOWS\system32\jit.dll 2006-11-23 15:47 154,384 --a------ D:\WINDOWS\system32\msawt.dll 2006-11-23 15:47 15,120 --a------ D:\WINDOWS\system32\jdbgmgr.exe 2006-11-23 15:47 139,536 --a------ D:\WINDOWS\system32\javaee.dll 2006-11-23 15:47 113 --a------ D:\WINDOWS\system32\zonedon.reg 2006-11-23 15:47 113 --a------ D:\WINDOWS\system32\zonedoff.reg 2006-11-23 15:46 528,896 --a------ D:\WINDOWS\system32\user32.dll 2006-11-23 15:46 46,208 --a------ D:\WINDOWS\system32\drivers\raspptp.sys 2006-11-23 15:46 392,576 --a------ D:\WINDOWS\system32\drivers\mrxsmb.sys 2006-11-23 15:46 322,048 --a------ D:\WINDOWS\system32\drivers\srv.sys 2006-11-23 15:46 272,896 --a------ D:\WINDOWS\system32\winsrv.dll 2006-11-23 15:46 1,949,440 --a------ D:\WINDOWS\system32\ntkrnlpa.exe 2006-11-23 15:46 1,925,760 --a------ D:\WINDOWS\system32\ntoskrnl.exe 2006-11-23 15:46 1,694,336 --a------ D:\WINDOWS\system32\win32k.sys 2006-11-23 15:37 32,256 --a------ D:\WINDOWS\system32\msgsvc.dll 2006-11-23 15:36 676,864 --a------ D:\WINDOWS\system32\sxs.dll 2006-11-23 15:35 7,680 --------- D:\WINDOWS\system32\bitsprx2.dll 2006-11-23 15:35 7,168 --------- D:\WINDOWS\system32\bitsprx3.dll 2006-11-23 15:35 593,408 --------- D:\WINDOWS\system32\xpsp2res.dll 2006-11-23 15:35 331,776 --a------ D:\WINDOWS\system32\winhttp.dll 2006-11-23 15:35 260,096 --a------ D:\WINDOWS\system32\mstask.dll 2006-11-23 15:35 172,544 --a------ D:\WINDOWS\system32\schedsvc.dll 2006-11-23 15:35 17,408 --a------ D:\WINDOWS\system32\qmgrprxy.dll 2006-11-23 15:35 158,720 --------- D:\WINDOWS\system32\xpob2res.dll 2006-11-23 15:35 10,752 --a------ D:\WINDOWS\system32\mstinit.exe 2006-11-23 15:35 <DIR> d-------- D:\WINDOWS\system32\bits 2006-11-23 15:05 <DIR> d--h----- D:\WINDOWS\msdownld.tmp 2006-11-23 15:05 <DIR> d-------- D:\WINDOWS\Windows Update Setup Files 2006-11-23 14:20 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2006-11-23 14:11 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Lavasoft 2006-11-21 18:16 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SiteAdvisor 2006-11-21 16:41 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\McAfee 2006-11-21 12:19 <DIR> d-------- D:\Program Files\RegCleaner 2006-11-21 11:49 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Uniblue 2006-11-21 10:49 229,376 -ra------ D:\WINDOWS\system32\atiiiexx.dll 2006-11-21 10:25 <DIR> d-------- D:\WINDOWS\Favorites 2006-11-20 22:45 182,880 --a------ D:\WINDOWS\system32\iuengine.dll 2006-11-20 22:06 <DIR> d-------- D:\WINDOWS\Prefetch 2006-11-20 21:48 99,328 --a------ D:\WINDOWS\system32\irftp.exe 2006-11-20 21:48 78,336 --a------ D:\WINDOWS\system32\irmon.dll 2006-11-20 21:48 7,680 --a------ D:\WINDOWS\system32\wshirda.dll 2006-11-20 21:48 55,296 --a------ D:\WINDOWS\system32\drivers\irda.sys 2006-11-20 21:45 4,096 --a------ D:\WINDOWS\system32\ksuser.dll 2006-11-20 21:43 27,165 --a------ D:\WINDOWS\system32\drivers\fetnd5.sys 2006-11-20 21:32 19,584 --a------ D:\WINDOWS\system32\drivers\rasirda.sys 2006-11-20 21:30 24,661 --a------ D:\WINDOWS\system32\spxcoins.dll 2006-11-20 21:30 13,312 --a------ D:\WINDOWS\system32\irclass.dll 2006-11-20 21:19 73,728 --a------ D:\WINDOWS\smcfg.exe 2006-11-20 21:19 607,732 --a------ D:\WINDOWS\system32\drivers\ntmtlfax.sys 2006-11-20 21:19 45,056 --a------ D:\WINDOWS\system32\slserv.exe 2006-11-20 21:19 45,056 --a------ D:\WINDOWS\system32\coinst.dll 2006-11-20 21:19 42,296 --a------ D:\WINDOWS\system32\winddx.sys 2006-11-20 21:19 413,696 --a------ D:\WINDOWS\sllights.exe 2006-11-20 21:19 369,936 --a------ D:\WINDOWS\system32\drivers\slntamr.sys 2006-11-20 21:19 33,028 --a------ D:\WINDOWS\system32\drivers\slwdmsup.sys 2006-11-20 21:19 2,383,460 --a------ D:\WINDOWS\system32\drivers\mtlstrm.sys 2006-11-20 21:19 196,608 --a------ D:\WINDOWS\system32\slextspk.dll 2006-11-20 21:19 175,160 --a------ D:\WINDOWS\system32\drivers\slnthal.sys 2006-11-20 21:19 172,708 --a------ D:\WINDOWS\system32\drivers\mtlmnt5.sys 2006-11-20 21:19 163,840 --a------ D:\WINDOWS\system32\minirec.exe 2006-11-20 21:19 151,552 --a------ D:\WINDOWS\system32\amr_cpl.dll 2006-11-20 21:19 1,438,556 --a------ D:\WINDOWS\system32\drivers\v90drv.sys 2006-11-20 21:18 <DIR> d-------- D:\WINDOWS\setup.pss 2006-11-20 18:49 <DIR> d-------- D:\Program Files\SiteAdvisor 2006-11-20 18:49 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\SiteAdvisor 2006-11-20 18:47 84,744 --a------ D:\WINDOWS\system32\drivers\mfeavfk.sys 2006-11-20 18:47 37,800 --a------ D:\WINDOWS\system32\drivers\mfesmfk.sys 2006-11-20 18:47 33,896 --a------ D:\WINDOWS\system32\drivers\mfebopk.sys 2006-11-20 18:47 31,560 --a------ D:\WINDOWS\system32\drivers\mferkdk.sys 2006-11-20 18:47 161,768 --a------ D:\WINDOWS\system32\drivers\mfehidk.sys 2006-11-20 18:47 104,024 --a------ D:\WINDOWS\system32\drivers\Mpfp.sys 2006-11-20 18:46 <DIR> d-------- D:\Program Files\McAfee.com 2006-11-20 18:46 <DIR> d-------- D:\Program Files\McAfee 2006-11-20 18:46 <DIR> d-------- D:\Program Files\Common Files\McAfee 2006-11-20 18:45 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\McAfee 2006-11-20 16:55 <DIR> d-------- D:\WINDOWS\Intel 2006-11-20 11:02 76,560 --a------ D:\WINDOWS\system32\drivers\tmcomm.sys 2006-11-19 23:38 558,080 --a------ D:\WINDOWS\system32\advapi.dll 2006-11-19 23:31 <DIR> d-------- D:\WINDOWS\Download 2006-11-17 19:45 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Adobe 2006-11-17 01:23 <DIR> d-------- D:\Program Files\Sign Recognition Test CDROM 2006-11-06 20:23 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\My Games 2006-11-06 20:21 <DIR> d---s---- D:\Program Files\Xfire 2006-11-06 20:21 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Xfire 2006-11-06 19:23 44,032 --a------ D:\WINDOWS\system32\msxml3r.dll 2006-11-06 19:23 1,129,472 --a------ D:\WINDOWS\system32\msxml3.dll 2006-11-06 18:16 <DIR> d-------- D:\Program Files\Firaxis Games 2006-11-06 18:08 <DIR> d-------- D:\Program Files\PowerISO 2006-11-06 17:44 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\TEMP 2006-11-03 14:11 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Sports Interactive 2006-10-31 12:56 <DIR> d-------- D:\Program Files\Sports Interactive 2006-10-30 23:22 <DIR> d-------- D:\Documents and Settings\Nic\Application Data\Bitdefender 2006-10-30 23:11 <DIR> d-------- D:\Program Files\Softwin 2006-10-30 23:11 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\BitDefender 2006-10-30 23:10 <DIR> d-------- D:\Program Files\Common Files\Softwin 2006-10-30 23:09 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2006-10-30 23:06 684,032 --a------ D:\WINDOWS\system32\libeay32.dll 2006-10-30 23:06 155,648 --a------ D:\WINDOWS\system32\ssleay32.dll 2006-10-29 19:47 <DIR> d-------- D:\Program Files\PCPitstop 2006-10-29 06:24 <DIR> d-------- D:\Program Files\TVAnts (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2006-10-03 21:53 -------- d-------- D:\Program Files\LitexMedia 2006-09-21 20:39 98304 --a------ D:\WINDOWS\system32\CmdLineExt.dll 2006-09-21 01:50 0 --a------ D:\Documents and Settings\Nic\Application Data\dm.ini (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries are not shown [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "Registry Cleaner"="\"D:\\Program Files\\TPT Registry_Cleaner (Trial)\\regclean.exe\"" "BitComet"="\"D:\\Program Files\\BitLord\\BitLord.exe\"" "wao.exe"="D:\\WINDOWS\\System32\\wao.exe D:\\WINDOWS\\System32\\drivers\\cq4.sys Rundll32" "Dseh"="\"D:\\WINDOWS\\WNSXS~1\\userinit.exe\" -vt ndrv" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "QKeys"="\"D:\\Program Files\\QKeys\\QKeys.EXE\"" "ATIModeChange"="Ati2mdxx.exe" "ATIPTA"="\"D:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe\"" "SunJavaUpdateSched"="\"D:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\"" "QuickTime Task"="\"D:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" @="" "SCDEmuApp.exe"="\"D:\\Program Files\\PowerISO\\SCDEmuApp.exe\"" "SoundMan"="SOUNDMAN.EXE" "WinampAgent"="\"D:\\Program Files\\Winamp3\\winampa.exe\"" "SiteAdvisor"="D:\\Program Files\\SiteAdvisor\\4608\\SiteAdv.exe" "NeroFilterCheck"="D:\\WINDOWS\\system32\\NeroCheck.exe" "iTunesHelper"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\"" "AdaptecDirectCD"="\"D:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\"" "Acrobat Assistant 7.0"="\"D:\\Program Files\\Adobe\\Acrobat 7.0\\Distillr\\Acrotray.exe\"" "1f"="D:\\WINDOWS\\System32\\rundll32.exe r1ft7.dll Rundll32" "wl"="D:\\WINDOWS\\Download\\svhost32.exe" "!AVG Anti-Spyware"="\"D:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI] "NoChange"="1" "Installed"="1" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS] "Installed"="1" [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components] "DeskHtmlVersion"=dword:00000110 "DeskHtmlMinorVersion"=dword:00000005 "Settings"=dword:00000001 "GeneralFlags"=dword:00000005 [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" "Flags"=dword:00000002 "Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,00,03,00,00,00,\ 00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00 "CurrentState"=hex:04,00,00,40 "OriginalStateInfo"=hex:18,00,00,00,4d,00,00,00,00,00,00,00,2b,05,00,00,fe,03,\ 00,00,04,00,00,40 "RestoredStateInfo"=hex:18,00,00,00,4d,00,00,00,00,00,00,00,2b,05,00,00,fe,03,\ 00,00,01,00,00,00 [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="D:\\WINDOWS\\System32\\CTFMON.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"="" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=hex:91,00,00,00 [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"=dword:00000091 "CDRAutoRun"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload] "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}" "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}" "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}" [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 Contents of the 'Scheduled Tasks' folder D:\WINDOWS\tasks\McQcTask.job D:\WINDOWS\tasks\McDefragTask.job Completion time: 06-11-26 15:13:07.68 D:\ComboFix2.txt ... 06-11-25 16:11 D:\ComboFix.txt ... 06-11-26 15:13 --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 14:41:45 26/11/2006 + Scan result: D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005790.sys -> Adware.AdAgent : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006083.exe -> Adware.BHO : Cleaned with backup (quarantined). D:\Program Files\Yahoo!\YPSR\Quarantine\ppq65.tmp -> Adware.Cdn : Cleaned with backup (quarantined). D:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp\Cdn\cdnforie.dll -> Adware.Cdn : Cleaned with backup (quarantined). D:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp\Cdn\imaoe.dll -> Adware.Cdn : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005789.dll -> Adware.WSearch : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005788.EXE -> Downloader.Agent.baw : Cleaned with backup (quarantined). D:\WINDOWS\notepad.exe.bak -> Dropper.Small.ja : Cleaned with backup (quarantined). D:\WINDOWS\system32\notepad.exe.bak -> Dropper.Small.ja : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000263.dll -> Logger.Agent.oy : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000358.dll -> Logger.Agent.oy : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000570.dll -> Logger.Agent.oy : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000596.dll -> Logger.Agent.oy : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000608.dll -> Logger.Agent.oy : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000639.dll -> Logger.Agent.oy : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000696.dll -> Logger.Agent.oy : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000829.dll -> Logger.Agent.oy : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000844.dll -> Logger.Agent.oy : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000913.dll -> Logger.Agent.oy : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000929.dll -> Logger.Agent.oy : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000957.dll -> Logger.Agent.oy : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000984.exe -> Logger.Agent.oy : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000985.dll -> Logger.Agent.oy : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004368.dll -> Logger.Agent.oy : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004505.dll -> Logger.Agent.oy : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004518.dll -> Logger.Agent.oy : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005518.dll -> Logger.Agent.oy : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005542.dll -> Logger.Agent.oy : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005779.dll -> Logger.Agent.oy : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005783.exe -> Logger.Agent.oy : Cleaned with backup (quarantined). D:\KavMonHelp.exe -> Logger.Delf.or : Cleaned with backup (quarantined). :mozilla.35:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.37:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.41:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.42:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.43:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.45:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Adviva : Cleaned. :mozilla.26:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. D:\Program Files\Yahoo!\YPSR\Quarantine\ppq9C.tmp -> TrackingCookie.Atdmt : Cleaned. :mozilla.27:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.49:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.39:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.40:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned. :mozilla.19:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.20:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.21:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.22:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.23:D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. D:\Program Files\Yahoo!\YPSR\Quarantine\ppq9D.tmp -> TrackingCookie.Statcounter : Cleaned. D:\Program Files\Yahoo!\YPSR\Quarantine\ppq9B.tmp -> TrackingCookie.Yieldmanager : Cleaned. D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000264.sys -> Trojan.BCB.m : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000276.sys -> Trojan.BCB.m : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000355.sys -> Trojan.BCB.m : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000572.sys -> Trojan.BCB.m : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000589.dll -> Trojan.BCB.m : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000597.sys -> Trojan.BCB.m : Cleaned with backup (quarantined). D:\FOUND.000\FILE0000.CHK -> Trojan.BCB.o : Cleaned with backup (quarantined). D:\FOUND.000\FILE0001.CHK -> Trojan.BCB.o : Cleaned with backup (quarantined). D:\FOUND.000\FILE0002.CHK -> Trojan.BCB.o : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000609.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000640.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000694.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000828.sys -> Trojan.BCB.o : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000846.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000914.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000930.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000959.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000980.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0001001.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0002000.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0003002.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004370.dll -> Trojan.BCB.o : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004376.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004509.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004523.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004526.DLL -> Trojan.BCB.o : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005521.SYS -> Trojan.BCB.o : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000197.exe -> Trojan.Delf.sc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000261.exe -> Trojan.Delf.sc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000674.EXE -> Trojan.Delf.sc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000675.dll -> Trojan.Delf.sc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004143.EXE -> Trojan.Delf.sc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004216.dll -> Trojan.Delf.sc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005555.EXE -> Trojan.Delf.sc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005557.DLL -> Trojan.Delf.sc : Cleaned with backup (quarantined). D:\Documents and Settings\Nic\Desktop\Zip files.zip/Zip files/rxdll.dll -> Trojan.Nilage.atz : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000586.dll -> Trojan.Nilage.atz : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000595.dll -> Trojan.Nilage.atz : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000606.dll -> Trojan.Nilage.atz : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000638.DLL -> Trojan.Nilage.atz : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006053.dll -> Trojan.Nilage.atz : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006059.dll -> Trojan.Nilage.atz : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006084.dll -> Trojan.Nilage.atz : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000676.exe -> Trojan.OnLineGames.bv : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000677.dll -> Trojan.OnLineGames.bv : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000702.exe -> Trojan.OnLineGames.bv : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005777.dll -> Trojan.OnLineGames.bv : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000679.exe -> Trojan.QQPass.pp : Cleaned with backup (quarantined). D:\Documents and Settings\Nic\Desktop\Zip files.zip/Zip files/Logo1_.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000195.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000259.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000278.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000280.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000349.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000350.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000354.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000579.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000582.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000668.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000671.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000697.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000705.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000788.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000832.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000852.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000904.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000920.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000934.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000935.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000942.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000961.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000964.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000968.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000988.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000989.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000991.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0001005.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0002006.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0003005.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0003999.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004000.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004002.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004530.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004532.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005525.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005528.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005552.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005554.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005571.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005574.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005755.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005757.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005858.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005860.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005877.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005888.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005922.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005926.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005929.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005987.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005989.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006016.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006042.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006047.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006049.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006055.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006085.dll -> Worm.Viking.cc : Cleaned with backup (quarantined). D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006097.exe -> Worm.Viking.cc : Cleaned with backup (quarantined). ::Report end ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, November 26, 2006 4:29:42 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 26/11/2006 Kaspersky Anti-Virus database records: 245629 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ Scan Statistics: Total number of scanned objects: 60471 Number of viruses found: 10 Number of infected objects: 491 / 0 Number of suspicious objects: 0 Duration of the scan process: 00:57:57 Infected Object Name / Virus Name / Last Action C:\smartdrv.exe Infected: Worm.Win32.Viking.cc skipped C:\attrib.exe Infected: Worm.Win32.Viking.cc skipped C:\MVRescue\diskcopy.exe Infected: Worm.Win32.Viking.cc skipped C:\MVRescue\mvrescue.exe.exe Infected: Worm.Win32.Viking.cc skipped C:\ghost\ghost.exe Infected: Worm.Win32.Viking.cc skipped C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005861.exe Infected: Worm.Win32.Viking.cc skipped C:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\change.log Object is locked skipped C:\NBDriver.exe Infected: Worm.Win32.Viking.cc skipped C:\Radeon Drivers\Setup.exe Infected: Worm.Win32.Viking.cc skipped C:\ATI\SUPPORT\wxp-w2k-catalyst-8-082-041130a-019577c\Setup.exe Infected: Worm.Win32.Viking.cc skipped C:\HJT\HijackThis.exe Infected: Worm.Win32.Viking.cc skipped C:\cweantest.exe Infected: Worm.Win32.Viking.cc skipped C:\warn.exe Infected: Worm.Win32.Viking.cc skipped C:\warn2.exe Infected: Worm.Win32.Viking.cc skipped C:\KB173333.log Infected: not-a-virus:AdWare.Win32.BHO.bq skipped C:\Dell\Drivers\R82979\Setup.exe Infected: Worm.Win32.Viking.cc skipped C:\program files\tshz093.exe Infected: Worm.Win32.Viking.cc skipped C:\program files\Lavasoft\Ad-Aware SE Personal\Plugins\UNWISE.EXE Infected: Worm.Win32.Viking.cc skipped C:\program files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE Infected: Worm.Win32.Viking.cc skipped C:\program files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe Infected: Worm.Win32.Viking.cc skipped C:\program files\Lavasoft\Ad-Aware SE Personal\unregaaw.exe Infected: Worm.Win32.Viking.cc skipped C:\Spybot - Search & Destroy\unins000.exe Infected: Worm.Win32.Viking.cc skipped C:\Spybot - Search & Destroy\blindman.exe Infected: Worm.Win32.Viking.cc skipped C:\Spybot - Search & Destroy\SpybotSD.exe Infected: Worm.Win32.Viking.cc skipped C:\Spybot - Search & Destroy\TeaTimer.exe Infected: Worm.Win32.Viking.cc skipped C:\Spybot - Search & Destroy\Update.exe Infected: Worm.Win32.Viking.cc skipped D:\i386\win9xupg\twid.exe Infected: Worm.Win32.Viking.cc skipped D:\i386\win9xmig\mapi\dll\MKNTFRMCACHE.EXE Infected: Worm.Win32.Viking.cc skipped D:\i386\win9xmig\fax\awdvstub.exe Infected: Worm.Win32.Viking.cc skipped D:\i386\drw\dwwin.exe Infected: Worm.Win32.Viking.cc skipped D:\i386\winnt32.exe Infected: Worm.Win32.Viking.cc skipped D:\i386\winnt.exe Infected: Worm.Win32.Viking.cc skipped D:\i386\usetup.exe Infected: Worm.Win32.Viking.cc skipped D:\i386\telnet.exe Infected: Worm.Win32.Viking.cc skipped D:\i386\sysparse.exe Infected: Worm.Win32.Viking.cc skipped D:\i386\regedit.exe Infected: Worm.Win32.Viking.cc skipped D:\i386\ntsd.exe Infected: Worm.Win32.Viking.cc skipped D:\i386\netsetup.exe Infected: Worm.Win32.Viking.cc skipped D:\i386\expand.exe Infected: Worm.Win32.Viking.cc skipped D:\i386\autofmt.exe Infected: Worm.Win32.Viking.cc skipped D:\i386\autochk.exe Infected: Worm.Win32.Viking.cc skipped D:\WINDOWS\system32\config\system.LOG Object is locked skipped D:\WINDOWS\system32\config\software.LOG Object is locked skipped D:\WINDOWS\system32\config\default.LOG Object is locked skipped D:\WINDOWS\system32\config\SAM.LOG Object is locked skipped D:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped D:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped D:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped D:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped D:\WINDOWS\system32\config\SECURITY Object is locked skipped D:\WINDOWS\system32\config\SOFTWARE Object is locked skipped D:\WINDOWS\system32\config\SYSTEM Object is locked skipped D:\WINDOWS\system32\config\DEFAULT Object is locked skipped D:\WINDOWS\system32\config\SAM Object is locked skipped D:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped D:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped D:\WINDOWS\system32\h323log.txt Object is locked skipped D:\WINDOWS\Temp\sqlite_FyS79BpcMLShYch Object is locked skipped D:\WINDOWS\Temp\sqlite_uLNPEUqyj6uk1HN Object is locked skipped D:\WINDOWS\Temp\sqlite_u6GfvFwtiKNTi5c Object is locked skipped D:\WINDOWS\Temp\sqlite_HkOuwcDB8mbevIq Object is locked skipped D:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped D:\WINDOWS\Debug\oakley.log Object is locked skipped D:\WINDOWS\Sti_Trace.log Object is locked skipped D:\WINDOWS\wiaservc.log Object is locked skipped D:\WINDOWS\wiadebug.log Object is locked skipped D:\WINDOWS\SchedLgU.Txt Object is locked skipped D:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\{9D977D42-A1ED-4530-9DBC-23AA7245CE38}.log Object is locked skipped D:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped D:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped D:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Data\TFR1.tmp Object is locked skipped D:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped D:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped D:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped D:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped D:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped D:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped D:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped D:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped D:\Documents and Settings\Nic\NTUSER.DAT Object is locked skipped D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0320812.dll.bac_a03768 Infected: Trojan-PSW.Win32.Nilage.atz skipped D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0321805.DLL.bac_a03768 Infected: Trojan-PSW.Win32.Nilage.atz skipped D:\Documents and Settings\Nic\.housecall6.6\Quarantine\rxdll.dll.bac_a03768 Infected: Trojan-PSW.Win32.Nilage.atz skipped D:\Documents and Settings\Nic\.housecall6.6\Quarantine\A0320818.dll.bac_a03768 Infected: Trojan-PSW.Win32.Agent.dq skipped D:\Documents and Settings\Nic\ntuser.dat.LOG Object is locked skipped D:\Documents and Settings\Nic\UserData\index.dat Object is locked skipped D:\Documents and Settings\Nic\Local Settings\History\History.IE5\index.dat Object is locked skipped D:\Documents and Settings\Nic\Local Settings\History\History.IE5\MSHist012006112620061127\index.dat Object is locked skipped D:\Documents and Settings\Nic\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped D:\Documents and Settings\Nic\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped D:\Documents and Settings\Nic\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\_CACHE_MAP_ Object is locked skipped D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\_CACHE_001_ Object is locked skipped D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\_CACHE_002_ Object is locked skipped D:\Documents and Settings\Nic\Local Settings\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\Cache\_CACHE_003_ Object is locked skipped D:\Documents and Settings\Nic\Desktop\Zip files.zip/Zip files/Logo1_.exe Infected: Worm.Win32.Viking.cc skipped D:\Documents and Settings\Nic\Desktop\Zip files.zip/Zip files/XpIcfOpt.dll Infected: Trojan-PSW.Win32.Agent.if skipped D:\Documents and Settings\Nic\Desktop\Zip files.zip/Zip files/rxdll.dll Infected: Trojan-PSW.Win32.Nilage.atz skipped D:\Documents and Settings\Nic\Desktop\Zip files.zip ZIP: infected - 3 skipped D:\Documents and Settings\Nic\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped D:\Documents and Settings\Nic\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped D:\Documents and Settings\Nic\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped D:\Documents and Settings\Nic\Cookies\index.dat Object is locked skipped D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\history.dat Object is locked skipped D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\cert8.db Object is locked skipped D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\key3.db Object is locked skipped D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\parent.lock Object is locked skipped D:\Documents and Settings\Nic\Application Data\Mozilla\Firefox\Profiles\1xntlqvq.default\urlclassifier2.sqlite Object is locked skipped D:\Documents and Settings\Nic\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped D:\Program Files\ATI Technologies\ATI Control Panel\atiphexx.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\ATI Technologies\ATI Control Panel\Atiiprxx.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\ATI Technologies\ATI Control Panel\atiprbxx.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\AvRack\rtlrack.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\QKeys\DriverInstall.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\MP3Player\MP3Player.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\CyberLink\PowerDVD\dvdrgn.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\CyberLink\PowerDVD\PowerDVD.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\CyberLink\PowerDVD\CLDMA.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\CyberLink\PowerDVD\ddtester.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\CyberLink\PowerDVD\cltest.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\CyberLink\Common\UpdateIPR.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Roxio\Easy CD Creator 5\Easy CD Creator\CDCopier.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Roxio\Easy CD Creator 5\Easy CD Creator\Creatr50.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\MRW\MrfInst.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\udfrchk.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Scandisc.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Winamp\Plugins\Dfx\Apps\askemail.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Winamp\Plugins\Dfx\Apps\record_date.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Winamp\Plugins\Dfx\Apps\step1.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Winamp\Plugins\Dfx\dfxwsettings.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Winamp\Plugins\MPegDancer.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Winamp\Plugins\vis-tx3-readme.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Winamp\AOD\AolOnDesktop.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Winamp\UninstWA.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Winamp\uninstall.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Winamp\uninstall_dfx.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Winamp\winamp.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Winamp\winampa.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\PaperCapture\Server\Roman\capserve.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Preflight\Droplet.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Adobe\Acrobat 7.0\Acrobat\Updater\acroaum.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcrobatInfo.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Adobe\Acrobat 7.0\Designer 7.0\ConvertIFD\ConvertIFD.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Adobe\Acrobat 7.0\Designer 7.0\FormDesigner.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Adobe\Acrobat 7.0\Designer 7.0\ConvertPDF.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Adobe\Acrobat 7.0\Designer 7.0\ConvertIP.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Adobe\Acrobat 7.0\Designer 7.0\ConvertWord.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Adobe\Acrobat 7.0\Distillr\acrodist.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\Acrobat Elements.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\AdobeUpdateManager.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\ahead\CoverDesigner\CoverDes.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\ahead\ImageDrive\ImageDrive.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\ahead\Nero\Uninstall\UNNero.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\ahead\Nero\ORiON\Keygen.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\ahead\Nero\ORiON\mp3pro.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\ahead\Nero\nero.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\ahead\Nero\NeroCmd.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\ahead\Nero\NRESTORE.EXE Infected: Worm.Win32.Viking.cc skipped D:\Program Files\ahead\Nero Toolkit\CDSpeed.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\ahead\Nero Toolkit\DriveSpeed.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\ahead\Nero Toolkit\InfoTool.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\ahead\Nero Toolkit\hwinfo.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\ahead\Nero Wave Editor\DXEnum.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\ahead\Nero Wave Editor\WaveEdit.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\ahead\Nero SoundTrax\SoundTrax.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\ahead\Nero BackItUp\BackItUp.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\ahead\Nero BackItUp\NBJ.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\ahead\Nero BackItUp\NBR.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\ahead\Nero StartSmart\NeroStartSmart.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\ahead\NeroBurnRights\NeroBurnRights.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Microsoft Office\Office\EXCEL.EXE Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Microsoft Office\Office\WINWORD.EXE Infected: Worm.Win32.Viking.cc skipped D:\Program Files\directx\DXSETUP.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Data\closedpw.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\CDex_150\CDex.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\CDex_150\uninstall.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\ResDLLs\0009\Welcome\Welcome.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\Tutor\menu.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\EMSVWER.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\dc.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\SECleanup.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\StdDeliv.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\autoduck.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\cfgb2a.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\checkwebsite.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\fmtdump.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\ftla.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\ICLicWiz.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\InsightFixUp.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\MakeVerCurr.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\OpenSave.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\regsvr32.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\Regtlbsr.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\REGTOOL.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\report.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\seACIS.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\SearchDuplicateIDs.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\SECleanupAll.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\seiges.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\seProE.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\SePvAdp.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\seregr.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\seregsvr.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\sestep.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\setools.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\seviewer.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\TRANS2SE.EXE Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\WAITER.EXE Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\Edge.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\SELicWiz.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\IConnect.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\TDMDataMigration.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Program\sfxstub.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\SDK\Samples\Viewing\PrintDFT\PrintDft.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\SDK\Samples\Viewing\PrintPart\PrintPartmine.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\SDK\Tools\reghelp.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Custom\SELibrary\CreateStandardPartsButton\Register_SE-Library.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Custom\SELibrary\SE-Library.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Custom\RevMgrPreProcessor\PreProcess10.1.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Custom\MirAsm\Mirror Assembly.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Custom\Insight\TestInsightSample.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Custom\ARelDoctor\ARelDoctor.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Custom\Batch\Batch.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Custom\BOM\bom.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Custom\ChangeLocale\ChngLcl.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Custom\DynAttrib\DynAtrrib.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Custom\GandT\GandT.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Custom\Hexpro\hexpro.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Custom\Mouse\mouse.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Custom\OpenSave\OpenSave.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Custom\RevManager\AStruct.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Custom\Stock\stock.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Solid Edge V14\Custom\AutoRestore\AutoRecover.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Rainbow Technologies\Sentinel System Driver\SetupSysDriver.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Google\Google Earth\GoogleEarth.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Google\Google Earth\gpsbabel.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\JavaSoft\JRE\1.3.1_04\bin\java.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\JavaSoft\JRE\1.3.1_04\bin\javaw.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\JavaSoft\JRE\1.3.1_04\bin\keytool.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\JavaSoft\JRE\1.3.1_04\bin\policytool.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\JavaSoft\JRE\1.3.1_04\bin\rmid.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\JavaSoft\JRE\1.3.1_04\bin\rmiregistry.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\JavaSoft\JRE\1.3.1_04\bin\tnameserv.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\DivX\DivX Codec\config.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\DivX\DivX Player\DivX Player.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\DivX\DivXCodecUninstall.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\DivX\DivXPlayerUninstall.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\DivX\DivXBundleUninstall.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\AC3Filter\uninstall.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\AC3Filter\dialog_patch.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Matroska Pack\AC3Filter\dialog_patch.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Matroska Pack\Uninstall.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\BitTorrent\uninstall.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\BitTorrent\btdownloadgui.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\BitTorrent\w9xpopen.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Project 3 Interactive\Kult Heretic Kingdoms Demo\kult.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Ubi Soft\Register\register.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Ubi Soft\Register\schedule.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\GordianKnot\VirtualDubMod\AuxSetup.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\GordianKnot\VirtualDubMod\VirtualDubMod.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\GordianKnot\Nandub\Nandub.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\GordianKnot\AviSynth 2.5\Uninstall.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\GordianKnot\DVD2AVI\DVD2AVIdg.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\GordianKnot\VobSub\subresync.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\GordianKnot\VobSub\submux.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\GordianKnot\VobSub\uninstall.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\GordianKnot\GordianKnot.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\GordianKnot\robot4rip.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\GordianKnot\DVDDecrypter.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\GordianKnot\BeSweet.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\GordianKnot\BeSweet_GUI.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\GordianKnot\azidts.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\GordianKnot\ChapterXtractor.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\GordianKnot\vStrip.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\GordianKnot\vStrip_gui.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\GordianKnot\uninst.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\D-Tools\daemon.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\AutoGK\VDubMod\AuxSetup.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\AutoGK\VDubMod\VirtualDubMod.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\AutoGK\BeSweet\BeSweet.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\AutoGK\DGMPGDec\DGFix.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\AutoGK\DGMPGDec\DGIndex.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\AutoGK\DGMPGDec\DGParse.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\AutoGK\DGMPGDec\DGTable.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\AutoGK\AutoGK.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\AutoGK\bbSummary.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\AutoGK\uninst.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\XviD\unins000.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\XviD\MiniCalc.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\XviD\OGMCalc.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\XviD\vidccleaner.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\XviD\StatsReader.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\XviD\AviC.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\j2re1.4.2_06\bin\java.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\j2re1.4.2_06\bin\javaw.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\j2re1.4.2_06\bin\jpicpl32.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\j2re1.4.2_06\bin\jucheck.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\j2re1.4.2_06\bin\keytool.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\j2re1.4.2_06\bin\kinit.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\j2re1.4.2_06\bin\klist.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\j2re1.4.2_06\bin\ktab.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\j2re1.4.2_06\bin\orbd.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\j2re1.4.2_06\bin\policytool.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\j2re1.4.2_06\bin\rmid.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\j2re1.4.2_06\bin\rmiregistry.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\j2re1.4.2_06\bin\servertool.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\j2re1.4.2_06\bin\tnameserv.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\j2re1.4.2_06\javaws\javaws.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_02\bin\java.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_02\bin\javacpl.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_02\bin\javaw.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_02\bin\javaws.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_02\bin\jucheck.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_02\bin\jusched.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_02\bin\keytool.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_02\bin\kinit.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_02\bin\klist.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_02\bin\ktab.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_02\bin\orbd.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_02\bin\pack200.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_02\bin\policytool.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_02\bin\rmid.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_02\bin\rmiregistry.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_02\bin\servertool.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_02\bin\tnameserv.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_02\bin\unpack200.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_09\bin\java.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_09\bin\javacpl.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_09\bin\javaw.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_09\bin\javaws.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_09\bin\keytool.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_09\bin\kinit.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_09\bin\klist.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_09\bin\ktab.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_09\bin\orbd.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_09\bin\pack200.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_09\bin\policytool.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_09\bin\rmid.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_09\bin\rmiregistry.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_09\bin\servertool.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_09\bin\tnameserv.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Java\jre1.5.0_09\bin\unpack200.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Ningsi Software\MP3 Splitter\unins000.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Ningsi Software\MP3 Splitter\splitter.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\iTunes\iTunes.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Skype\Phone\unins000.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Canon\PhotoStitch\Launcher.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Canon\ZoomBrowser EX\Program\ZoomBrowserImageServer.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Canon\PhotoRecord\Program\PhotoRecord.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Canon\PhotoRecord\OpPrintCom\OpPrintServer.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\QuickTime\QTSystem\QuickTimeUpdateHelper.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\QuickTime\QTSystem\QTPluginInstaller.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\QuickTime\QTInfo.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\QuickTime\QuickTimePlayer.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\QuickTime\PictureViewer.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\CASIO\Photo Loader\Ploader.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Ulead Systems\Ulead Movie Wizard SE VCD\ppp\MGCview.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Ulead Systems\Ulead Movie Wizard SE VCD\vstudio.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Mozilla Firefox\plugins\GetFlash.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org\components\talkback.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Mozilla Firefox\uninstall\uninstall.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Mozilla Firefox\uninstall\uninst.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Mozilla Firefox\updater.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Mozilla Firefox\xpicleanup.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Yahoo!\YPSR\Quarantine\ppq94.tmp\LimeWire 4.0.8\.NetworkShare\LimeWireWin4.12.6.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp\Cdn\cdnuc.exe.Exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp\Cdn\cdnunins.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp\Cdn\cdnrenew.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Yahoo!\YPSR\updates\ypsr_dat_06.09.22.16_setup_.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Yahoo!\YPSR\ypsrru.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Yahoo!\YPSR\ypsrcfg.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Yahoo!\YPSR\dlaunch.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Yahoo!\YPSR\ppclean.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Yahoo!\YPSR\ypsr.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Yahoo!\common\unyt.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Yahoo!\common\unypsr.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\BitLord\Downloads\McAfee VirusScan PLUS 2007 Full\McAfee VirusScan PLUS 2007 Full\en-US\Install.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\BitLord\Downloads\McAfee VirusScan PLUS 2007 Full\McAfee VirusScan PLUS 2007 Full\Autorun.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\BitLord\Downloads\McAfee VirusScan PLUS 2007 Full\McAfee VirusScan PLUS 2007 Full\CDSetup.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\BitLord\uninst.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Heroes of Might and Magic V\bin\UpgradeLauncher.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Heroes of Might and Magic V\bin\H5_MapEditor.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Heroes of Might and Magic V\bin\H5_Game.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Heroes of Might and Magic V\registration\RegistrationReminder.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\directx9\DXSETUP.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\directx9\infinst.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\directx9\ddhelp.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\directx9\dplaysvr.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\directx9\dxdiag.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\directx9\dpvsetup.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\directx9\dxdllreg.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\directx9\dpnsvr.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\directx9\dxdllreg_1.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\TVAnts\UNWISE.EXE Infected: Worm.Win32.Viking.cc skipped D:\Program Files\TVAnts\Tvants.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\PCPitstop\Exterminate\ppupdstub.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\PCPitstop\Exterminate\ppclean.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Softwin\BitDefender10\bdinitptch.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Softwin\BitDefender10\TaskSys.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Softwin\BitDefender10\bdinit.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Softwin\BitDefender10\regpatch.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Softwin\BitDefender10\runtsys.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Sports Interactive\Football Manager 2007\uninstall\Uninstall FM 2007.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Sports Interactive\Football Manager 2007\fm data editor.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\PowerISO\PowerISO.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\PowerISO\uninstall.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Xfire\Xfire.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Xfire\xfire_exception.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Xfire\xfire_inst.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Xfire\uninst.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Sign Recognition Test CDROM\Data\Question Bank Editor.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Sign Recognition Test CDROM\Runtime\md8rntm.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\Sign Recognition Test CDROM\Start.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\McAfee\VirusScan\mfehidin.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\McAfee\VirusScan\preinst.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\McAfee\VirusScan\mcinsupd.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\McAfee\MPF\MC\MpfAlert.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\SiteAdvisor\4608\Uninstall.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\SiteAdvisor\4608\SAReg.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\SiteAdvisor\4608\SASync.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\RegCleaner\Uninstall.exe Infected: Worm.Win32.Viking.cc skipped D:\Program Files\RegCleaner\RegCleanr.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000008.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000024.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000026.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP0\A0000032.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000279.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000316.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000317.EXE Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000318.EXE Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000319.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000339.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000341.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000351.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000352.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000360.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000363.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000580.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000581.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000583.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000585.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000600.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000612.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000664.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000669.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000670.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000787.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000789.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000790.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000858.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000880.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000905.EXE Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000906.EXE Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000937.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000938.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000943.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000965.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000966.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000967.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000969.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000990.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0000992.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004001.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004161.EXE Infected: Trojan.Win32.Pakes skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004162.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004531.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004539.dll Infected: Trojan-PSW.Win32.Agent.if skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004540.dll Infected: Trojan-PSW.Win32.Agent.if skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004556.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004558.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004560.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0004561.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005527.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005530.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005553.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005572.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005588.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005593.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005607.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005612.EXE Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005613.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005614.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005628.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005639.EXE Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005640.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005646.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005648.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005655.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005698.pif Infected: Trojan-PSW.Win32.WOW.ne skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005756.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005765.com Infected: Trojan-PSW.Win32.WOW.ne skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005767.pif Infected: Trojan-PSW.Win32.WOW.ne skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005770.com Infected: Trojan-PSW.Win32.WOW.ne skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005771.exe Infected: Trojan-PSW.Win32.WOW.ne skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005772.com Infected: Trojan-PSW.Win32.WOW.ne skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005773.com Infected: Trojan-PSW.Win32.WOW.ne skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005775.exe Infected: Trojan-PSW.Win32.WOW.ne skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005776.pif Infected: Trojan-PSW.Win32.WOW.ne skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005778.com Infected: Trojan-PSW.Win32.WOW.ne skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005780.com Infected: Trojan-PSW.Win32.WOW.ne skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005781.com Infected: Trojan-PSW.Win32.WOW.ne skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005782.com Infected: Trojan-PSW.Win32.WOW.ne skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005786.com Infected: Trojan-PSW.Win32.WOW.ne skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005787.pif Infected: Trojan-PSW.Win32.WOW.ne skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005859.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005925.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005928.EXE Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005930.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005931.EXE Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005934.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005937.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005943.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005948.EXE Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005949.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005950.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005952.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005959.EXE Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005960.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005964.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005966.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005971.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005982.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005988.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0005999.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006003.exe Infected: Worm.Win32.Viking.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006050.dll Infected: Trojan-PSW.Win32.Agent.if skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006056.dll Infected: Trojan-PSW.Win32.Agent.if skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006076.exe Infected: Trojan.Win32.Pakes skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006077.dll Infected: Trojan-PSW.Win32.Agent.if skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006078.EXE Infected: Trojan-PSW.Win32.WOW.ne skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006079.dll Infected: Trojan-PSW.Win32.Agent.if skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006086.exe Infected: Backdoor.Win32.SpyBoter.cy skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006087.exe Infected: Backdoor.Win32.SpyBoter.cy skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006088.exe Infected: Backdoor.Win32.SpyBoter.cy skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006089.exe Infected: Backdoor.Win32.SpyBoter.cy skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006093.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.EZula.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006093.exe/stream Infected: not-a-virus:AdWare.Win32.EZula.cc skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006093.exe NSIS: infected - 2 skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\A0006123.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped D:\System Volume Information\_restore{F32C1F1B-D5D5-4378-B2AC-765353F4E308}\RP1\change.log Object is locked skipped D:\WUTemp\com_microsoft.893803_WindowsInstaller_v31\WindowsInstaller-KB893803-v2-x86.exe Infected: Worm.Win32.Viking.cc skipped D:\StubInstaller.exe Infected: Worm.Win32.Viking.cc skipped D:\My Downloads\rp10-bbc-en-setup.exe Infected: Worm.Win32.Viking.cc skipped Scan process completed.

11-26-2006, 07:53 PM	#16 (permalink)
dorts Analyst, Security Team Join Date: Mar 2006 Location: Singapore Posts: 1,599 OS: Windows XP SP2 My System	Nicdonati, if you look at the Kaspersky Online Scan log, you should be able to see many of your programs are being flagged as infected. Why? It is because you are infected by Viking Worm. Viking will infect many executables and when you click on the infected executables, it will trigger a reinfection. We would usually recommend a reformat, but since this worm hasn't infect the OS core files, I would like to clean this up instead of a reformat. If you see any folder where's there's a _desktop.ini, there's a possibility the exes are infected. So for now, I want you NOT to use the machine at all except when you need to follow my instructions. It is very important that you work quickly and swiftly as this worm may spread to other executables. You will need to reinstall the programs that are infected after the clean up. I want you to do these three scan one after the other and remember to follow the order of the scans. Dr.Web first, followed by Bitdefender, and lastly, Kaspersky. Finish all three scans before posting their logs. ------------------------------------- Download Dr.Web CureIt to the desktop: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe Doubleclick the drweb-cureit.exe file and click Start to run the express scan This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan. Once the short scan has finished, mark the drives that you want to scan. Select all drives. A red dot shows which drives have been chosen. Click the green arrow at the right, and the scan will start. Click 'Yes to all' if it asks if you want to cure/move the file. When the scan has finished, look if you can click next icon next to the files found: If so, click it and then click the next icon right below and select Move incurable as you'll see in next image: This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples) After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list Save the report to your desktop. The report will be called DrWeb.csv Close Dr.Web Cureit. Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot. After reboot, post the contents of the log from Dr.Web you saved previously in your next reply. ------------------------------------- Please perform an online scan using Internet Explorer at this website - http://www.bitdefender.com/scan8/ie.html Once finished, click on the Details button to view the results. To the upper right of the results you will see an option saying "Click here to export the scan results", please do so and save them to your desktop. Post the log of the scan results ------------------------------------- Please perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan __________________ If you think TSF have helped you, please kindly donate to TSF and help keep this site free to all.

11-25-2006, 06:09 AM	#3 (permalink)
nicdonati Registered User Join Date: Nov 2006 Posts: 100 OS: XP	things have gone from bad to worse! I cant open ANY application because i get this message. This file does not have a program associated with it performing this action. Create an association in the Folder Options contol panel. I dont know what that means!! Or how to fix it i went to Folder Options but i dont know what to do. Also Safe mode didnt work the computer started running then it just switched off and started again. This happened several times so i tried usingthe Directory Service Restore Mode (which also says its opening in Safe Mode) and it says Safe Mode in all 4 corners.

11-25-2006, 06:37 AM	#5 (permalink)
nicdonati Registered User Join Date: Nov 2006 Posts: 100 OS: XP	I did manage to get thos programmes though. As although my internet browser wouldnt open as i had the above message i found a shortcut for website. When i opened that it opened mozilla. However wehn i try and open any program from it shortcut or from its source it gives that message.

11-25-2006, 08:41 AM	#8 (permalink)
nicdonati Registered User Join Date: Nov 2006 Posts: 100 OS: XP	So i go to the Safe mode option. It then goes to like a DOS like screen and says loading all these files from the System32 folder. Then it comes to loading a file called d347bus.sys and says press esc key if u want to cancel. At this point it doesnt make a difference if u press Esc key or not the next thing that happens the computer just reboots like u just asked it to restart, no error message, blue screen nothing. Then this time when it starts it goes to a screen which says something along the lines of We apologise for the inconveniance but windows did not start succesfully last time this may be due to some recent software/hardware installation. It then asks if u wanna try and start in normal or safe mode. The same thing happens if u go to Safe mode again.

11-26-2006, 06:07 AM	#10 (permalink)
nicdonati Registered User Join Date: Nov 2006 Posts: 100 OS: XP	Hi, Evereything was going ok I had installed AVG and changed all the settings as instructed. Except when i came to the step of running the scan it kept closing down before the scan finished (i tried several times) eventually it finished the scan and i went to "apply all actions" the program closed with no warning and im not sure if it worked and it closed before i could get the log. So i tried again but it continued to close before the scan finished. So i tried to re-install it except i had to restart the computer ( so i think that killbox.exe already deleted those files) i have just started AVG again and i will continue on but things are going in the same order anymore... Sorry!

11-26-2006, 06:12 AM	#11 (permalink)
nicdonati Registered User Join Date: Nov 2006 Posts: 100 OS: XP	sorry i mean things ARE NOT going to be in the same order anymore.

11-26-2006, 06:53 AM	#12 (permalink)
nicdonati Registered User Join Date: Nov 2006 Posts: 100 OS: XP	ok it seems that AVG didnt work the first time, alkl the files were still infected so i cleaned them etc.. and have the log however a few of the files were in the zip that i made for u i told it to leave them i will delte them after once i have sent it to you. There is also a problem with SmitFraudFix wehn i click on the the cmd file, it says Fischier Process.Exe absent! and it then something in french and then it says Process.exe file missing Unzip all the archive in a folder Press any key to Escape Then it cancels and quits. I unzipped all the files into one place. so i dont know what the problem is. SHall i continue everything else anyway?

11-26-2006, 07:04 AM	#13 (permalink)
nicdonati Registered User Join Date: Nov 2006 Posts: 100 OS: XP	right i cant send you the files either as hotmail and yahoo say that cant send the file because it contains an uncleanable virus and gmail wont send it because it has an exe file.

11-27-2006, 02:44 AM	#17 (permalink)
nicdonati Registered User Join Date: Nov 2006 Posts: 100 OS: XP	sorry but the computer crashed during the DrWeb complete scan so the log may not be completely accurate, i sahll continue regardless Just as a side not i am getting this message when the computer starts up Error loading r1ft7.dll, the specified module could not be found.

11-27-2006, 02:46 AM	#18 (permalink)
dorts Analyst, Security Team Join Date: Mar 2006 Location: Singapore Posts: 1,599 OS: Windows XP SP2 My System	Please continue, we'll address that later. __________________ If you think TSF have helped you, please kindly donate to TSF and help keep this site free to all.

11-27-2006, 04:43 AM	#19 (permalink)
nicdonati Registered User Join Date: Nov 2006 Posts: 100 OS: XP	ok im running the bitdefender scan currently i will post the results as soon as possible.