Run DLL as an App is taking over my Computer!!! HELP!

[DFDUBB]

This is a great way to start my first post here in this forum! I've been having problems slowly come to light with my computer over the past couple of months. I would get these random Run DLL as an App has encountered an Error when I would try to open cetain programs. This problem is coupled with a pop-up that from Intenet Explorer (which i dont use) saying that the page is unavailable would you like to work offline when i would minimize this window, I would get a barrage of IE icons tiling themselves ALL OVER MY SCREEN; as many as 90 would show up. After minimizing these one at a time, then I could proceed with my work.

As of late, the Run DLL as as App message has gotten progressively worse. I can't open menus on my start-up bar, I can't access certain programs, and I can't burn CDs. I have been doing as much research as possible and all signs have led me to those helping here on this board who are privy to de-coding HIJack This logfiles. After running the program here's what I ended up with:

Logfile of HijackThis v1.99.0
Scan saved at 6:31:58 PM, on 6/27/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\khooker.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\oswin32.exe
D:\330\iTunesHelper.exe
C:\Program Files\MSAC-FD1\MSstat.exe
C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
D:\Registry Mechanic\RegMech.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cgi?uid=&id=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch.cgi?uid=&id=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cgi?uid=&id=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch.cgi?uid=&id=0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.screenblast.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.e46fanatics.com/"); (C:\Documents and Settings\Dylan Capilla\Application Data\Mozilla\Profiles\default\poa5q7u5.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Dylan Capilla\Application Data\Mozilla\Profiles\default\poa5q7u5.slt\prefs.js)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll
O2 - BHO: (no name) - {1D072DB4-29AC-487F-B3F7-91492DA7C7B5} - (no file)
O2 - BHO: (no name) - {3189FF8F-14AA-4DE6-8450-8906D335A297} - (no file)
O2 - BHO: Redirect Class - {9516919A-9D32-4B17-BD14-2CE488599F65} - C:\Program Files\EE\EEF.dll
O2 - BHO: (no name) - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - (no file)
O2 - BHO: WebBar Class - {EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\APPLIE~1\Bar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [RegistryMechanic] D:\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [scvhost.exe] scvhost.exe
O4 - HKLM\..\Run: [WinDriv32] C:\WINDOWS\System32\WinDriv32.exe
O4 - HKLM\..\Run: [soundcontrl] soundcontrl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [olbactc] C:\WINDOWS\System32\olbactc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ee.exe] C:\Program Files\EE\ee.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [windhost.exe] C:\WINDOWS\oswin32.exe
O4 - HKLM\..\Run: [sm] C:\WINDOWS\sm_exe.exe
O4 - HKLM\..\Run: [iTunesHelper] D:\330\iTunesHelper.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [eltupt] C:\WINDOWS\eltupt.exe
O4 - HKLM\..\Run: [THGuard] C:\Program Files\TrojanHunter 4.2\THGuard.exe
O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe
O4 - HKLM\..\RunServices: [soundcontrl] soundcontrl.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msawindows.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [winupd.exe] C:\WINDOWS\System32\winupd.exe
O4 - HKCU\..\Run: [WinDriv32] C:\WINDOWS\System32\WinDriv32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [OnlineOffline] C:\Program Files\Andersson Digital Design\OnlineOffline\OnlineOffline.exe hide
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Memory Stick Monitor.lnk = C:\Program Files\MSAC-FD1\MSstat.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O4 - Global Startup: TFTP3880
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://spystream.babenet.com/cabs/videox.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.116/code/PWActiveXImgCtl.CAB
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50151/QDow_AS2.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: {D6E66235-7AA6-44ED-A06C-6F2033B1D993} - http://146.82.109.200/distribution/msiein.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08D43CC2-3A44-4851-90BE-EFAE2E7E1741}: NameServer = 64.160.192.70 206.13.29.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{08D43CC2-3A44-4851-90BE-EFAE2E7E1741}: NameServer = 64.160.192.70 206.13.29.12
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sony SPTI Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe


Can anyone offer some assistance? Thanks for the help!!!

DFDUBB

[DFDUBB]

*Bump*

[POADB]

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

If you have one of these, you will most likely have the other. Either way, here are some information on them:

BroadJump - Newer name for BroadJump Foundation Client (BJCFD) from BroadJump.com, now Motive. The software collects information on your Internet activity and sends it to your ISP so that your ISP can serve you advertisements related to the type of sites you visit.

Support.com - Spyware from SupportSoft provided to manufacturers, such as Sony (Vaio Support Agent) and Toshiba (Virtual Tech), and ISPs, such as Comcast, Cox and Charter (Pipeline Support Agent), that allows them to offer on-line support. This part ensures that software is installed correctly. Regarded as spyware as it has the ability to retrieve user information.

I would ask your ISP on how to remove it and why they installed it in the first place. Please do not uninstall the program, since it looks like it is required for your internet connection. This especially applies to those who use SBC as their ISP (Internet Service Provider). If they can't/won't resolve this problem for you, then it's time to switch to another provider that don't embed this spyware in their program. You will most likely also have BroadJump installed. The same situation applies here also. Try to find out how to remove it from your ISP. Don't uninstall it yourself.

Please download ETRemover.zip

WARNING!! This tool should be run from safe mode only. It will not be able to delete files in use by Windows, so running it from a regular windows session is useless. A readme is included with complete details on the tool and the malware it removes.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Go into HijackThis->Config->Misc. Tools->Open process manager. Select the following and click 'Kill process' for each one if they are still listed (they shouldn't be - but double check):

C:\WINDOWS\svchost.exe <<From this location ONLY!>>
C:\WINDOWS\oswin32.exe

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

WebSearch
Adtraffic

Run ETRemover NOW!

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cgi?uid=&id=0
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch.cgi?uid=&id=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.shopnav.com/sidesearch.cgi?uid=&id=0
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.shopnav.com/sidesearch.cgi?uid=&id=0
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.shopnav.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.screenblast.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll
O2 - BHO: (no name) - {1D072DB4-29AC-487F-B3F7-91492DA7C7B5} - (no file)
O2 - BHO: (no name) - {3189FF8F-14AA-4DE6-8450-8906D335A297} - (no file)
O2 - BHO: Redirect Class - {9516919A-9D32-4B17-BD14-2CE488599F65} - C:\Program Files\EE\EEF.dll
O2 - BHO: (no name) - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [scvhost.exe] scvhost.exe
O4 - HKLM\..\Run: [WinDriv32] C:\WINDOWS\System32\WinDriv32.exe
O4 - HKLM\..\Run: [soundcontrl] soundcontrl.exe
O4 - HKLM\..\Run: [olbactc] C:\WINDOWS\System32\olbactc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ee.exe] C:\Program Files\EE\ee.exe
O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\svchost.exe
O4 - HKLM\..\Run: [windhost.exe] C:\WINDOWS\oswin32.exe
O4 - HKLM\..\Run: [sm] C:\WINDOWS\sm_exe.exe
O4 - HKLM\..\Run: [eltupt] C:\WINDOWS\eltupt.exe
O4 - HKLM\..\RunServices: [scvhost.exe] scvhost.exe
O4 - HKLM\..\RunServices: [soundcontrl] soundcontrl.exe
O4 - HKLM\..\RunServices: [Microsoft Update] msawindows.exe
O4 - HKCU\..\Run: [winupd.exe] C:\WINDOWS\System32\winupd.exe
O4 - HKCU\..\Run: [WinDriv32] C:\WINDOWS\System32\WinDriv32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {1C955F3B-5B32-4393-A05D-24B4970CD2A1} - http://spystream.babenet.com/cabs/videox.cab
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.116/code/PWActiveXImgCtl.CAB
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50151/QDow_AS2.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {D6E66235-7AA6-44ED-A06C-6F2033B1D993} - http://146.82.109.200/distribution/msiein.cab

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

C:\WINDOWS\eltt.dll
C:\Program Files\EE\
C:\WINDOWS\System32\WinDriv32.exe
C:\WINDOWS\System32\olbactc.exe
C:\WINDOWS\svchost.exe
C:\WINDOWS\oswin32.exe
C:\WINDOWS\sm_exe.exe
C:\WINDOWS\eltupt.exe
C:\WINDOWS\System32\winupd.exe
C:\WINDOWS\System32\WinDriv32.exe

msawindows.exe
soundcontrl.exe <<SEarch and delete these files.

Restart and run a new HijackThis scan. Save the log file and post it here.

Use Panda ActiveScan online Virus Scan at http://www.pandasoftware.com/products/activescan
Save the results and bring them back with you also, in your next post.

[DFDUBB]

I went through the process; here's my new HIJACK log:
Logfile of HijackThis v1.99.0
Scan saved at 3:09:22 PM, on 6/28/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\System32\khooker.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
D:\330\iTunesHelper.exe
C:\Program Files\Error Nuker\bin\ErrorNuker.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\MSAC-FD1\MSstat.exe
C:\Program Files\Trend Micro\PC-cillin 2000\PNTIOMON.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Trend Micro\PC-cillin 2000\pccntupd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://www.e46fanatics.com/"); (C:\Documents and Settings\Dylan Capilla\Application Data\Mozilla\Profiles\default\poa5q7u5.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Dylan Capilla\Application Data\Mozilla\Profiles\default\poa5q7u5.slt\prefs.js)
O2 - BHO: WebBar Class - {EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\APPLIE~1\Bar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [RegistryMechanic] D:\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] D:\330\iTunesHelper.exe
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [THGuard] C:\Program Files\TrojanHunter 4.2\THGuard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [OnlineOffline] C:\Program Files\Andersson Digital Design\OnlineOffline\OnlineOffline.exe hide
O4 - HKCU\..\Run: [winupd.exe] C:\WINDOWS\System32\winupd.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Memory Stick Monitor.lnk = C:\Program Files\MSAC-FD1\MSstat.exe
O4 - Global Startup: Real-time Monitor.lnk = ?
O4 - Global Startup: TFTP3880
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08D43CC2-3A44-4851-90BE-EFAE2E7E1741}: NameServer = 64.160.192.70 206.13.29.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{08D43CC2-3A44-4851-90BE-EFAE2E7E1741}: NameServer = 64.160.192.70 206.13.29.12
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sony SPTI Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

Im still getting the Run DLL as an App error message... When you directed me to open the ADD/REMOVE PROGRAM WINDOW, I couldn't do this because that same DLL error message closes it down. Also, task manager still won't open???

[MicroBell]

Please run the Panda scan and post it's log as you were asked. Keep in mind..both XP and IE6 are outdated and the main reason your infected. Update both with the latest service packs and security updates.

[DFDUBB]

Yes, I tried to run the Pandascan; Since my browser is Netscape 7.2, it wont let me run the scan. Would you advise DLding IE to get the Pandascan? Thanks for the prompt replies!!! I hope Im a few steps closer to getting rid of these stupid Run DLL as APP errors!!!

[POADB]

If you cant get a Panda scan going do the following:

Please empty any Quarantine folder in your antivirus program and purge all recovery items in the Spybot program (if you use it) before running this tool.

Download the Mwav virus checker at http://www.mwti.net/antivirus/mwav.asp (Use Link 3)

1. Save it to a folder.
2. Reboot into Safe Mode.
3. Double click the Mwav.exe file. This is a stand alone tool and NOT just a virus checker......so it won't install anything.
4. Select all local drives, scan all files, and press SCAN. When it is completed, anything found will be displayed in the lower pane.
5. In the Virus Log Information Pane......
Left click and highlight all the information in the Lower pane --- Use &CTRL C &on your keyboard to copy everything found in the lower pane and save it to a notepad file
*Note* If prompted that a virus was found and you need to purchase the product to remove the malware, just close out the prompt and let it continue scanning. We are not going to use this to remove anything...but to ID the bad files.

Once you copy that to a Notepad file...highlight the text and copy it here.

[DFDUBB]

Ok guys, I went ahead and saved this:

File C:\WINDOWS\System32\winupd.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\userinit.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\drwtsn32.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\ntsd.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\inf\unregmp2.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\regsvr32.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\PROGRA~1\OUTLOO~1\setup50.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\rundll32.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ie4uinit.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\updcrl.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\LTSMMSG.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\PROGRA~1\QUICKT~1\qttask.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\PROGRA~1\ERRORN~1\bin\ERRORN~1.EXE infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\PROGRA~1\TROJAN~1.2\THGuard.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\PROGRA~1\ANDERS~1\ONLINE~1\ONLINE~1.EXE infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\winupd.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\mshta.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Dylan Capilla\Desktop\aawsepersonal.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Dylan Capilla\Desktop\MMFiles\Sony_MSFD\Setup.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Dylan Capilla\Desktop\Sony_MSFD\Setup.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Dylan Capilla\Desktop\XMP\DL Music\Acoustica-MP3-To-Wave-Converter-PLUS-Installer-aff_1687.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

This is only the virus pane... was i supposed to post the entire log? Thanks again, guys....

[POADB]

Download KillBox http://www.greyknight17.com/spy/KillBox.exe.

Reboot your computer to Safe Mode.

Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - choose NO when it asks if you want to reboot):

C:\WINDOWS\System32\winupd.exe
C:\WINDOWS\System32\mshta.exe

Reboot the computer now, back to Safe Mode, and run another mwav.exe scan please.

[DFDUBB]

Ok, I ran the Killbox. Here's the newest scan:

File C:\WINDOWS\System32\winupd.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\userinit.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\drwtsn32.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\ntsd.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\inf\unregmp2.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\regsvr32.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\PROGRA~1\OUTLOO~1\setup50.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\rundll32.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ie4uinit.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\updcrl.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\LTSMMSG.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\PROGRA~1\QUICKT~1\qttask.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\PROGRA~1\ERRORN~1\bin\ERRORN~1.EXE infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\PROGRA~1\TROJAN~1.2\THGuard.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\PROGRA~1\ANDERS~1\ONLINE~1\ONLINE~1.EXE infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\winupd.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\mshta.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Dylan Capilla\Desktop\aawsepersonal.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Dylan Capilla\Desktop\MMFiles\Sony_MSFD\Setup.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Dylan Capilla\Desktop\Sony_MSFD\Setup.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Dylan Capilla\Desktop\XMP\DL Music\Acoustica-MP3-To-Wave-Converter-PLUS-Installer-aff_1687.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Dylan Capilla\Desktop\XMP\Oldies\330\aaw6.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Dylan Capilla\Desktop\XMP\Oldies\330\reglite.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Dylan Capilla\Desktop\XMP\Oldies\Jamz\Power Point\08_price.zip infected by "Email-Worm.Win32.Bagle.pac" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\alg.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\cisvc.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\clipsrv.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\dllhost.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\dmadmin.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\imapi.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\mnmsrvc.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\msdtc.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\msiexec.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\netdde.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\sessmgr.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\SPTISRV.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\smlogsvc.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
Object "DyFuCA Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "DyFuCA Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MyBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MyBar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "DealHelper Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "tsa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Quicken Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mysearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "pop Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AdDestroyer Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "PerfectNav Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "winupd Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Claria Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "altnet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "AdRotator Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "SearchNew Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\iSetup.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\PWActiveXImgCtl.dll". Action Taken: No Action Taken.
Entry "HKCR\ActiveSkin4.Skin" refers to invalid object "{0944D16C-D0F4-4389-982A-A085595A9EB3}". Action Taken: No Action Taken.
Entry "HKCR\ActiveSkin4.Skin.1" refers to invalid object "{0944D16C-D0F4-4389-982A-A085595A9EB3}". Action Taken: No Action Taken.
Entry "HKCR\ActiveSkin4.SkinLabel" refers to invalid object "{5954EA75-9BFA-461A-BD34-CEA3A861FF19}". Action Taken: No Action Taken.
Entry "HKCR\ActiveSkin4.SkinLabel.1" refers to invalid object "{5954EA75-9BFA-461A-BD34-CEA3A861FF19}". Action Taken: No Action Taken.
Entry "HKCR\AXBROWSER.AXBrowserCtrl.1" refers to invalid object "{7BC24A41-4F83-442F-997F-9B9E654155A7}". Action Taken: No Action Taken.
Entry "HKCR\EEF.Redirect" refers to invalid object "{9516919A-9D32-4B17-BD14-2CE488599F65}". Action Taken: No Action Taken.
Entry "HKCR\EEF.Redirect.1" refers to invalid object "{9516919A-9D32-4B17-BD14-2CE488599F65}". Action Taken: No Action Taken.
Entry "HKCR\PAE_BHO.PEDEV_IEListener" refers to invalid object "{E1412445-4FF8-410e-8D24-F2CF86B171A4}". Action Taken: No Action Taken.
Entry "HKCR\PAE_BHO.PEDEV_IEListener.1" refers to invalid object "{E1412445-4FF8-410e-8D24-F2CF86B171A4}". Action Taken: No Action Taken.
Entry "HKCR\PEDEV_BHO.PEDEV" refers to invalid object "{5E47627B-D89E-442b-82A6-F2FAB368621B}". Action Taken: No Action Taken.
Entry "HKCR\PEDEV_BHO.PEDEV.1" refers to invalid object "{5E47627B-D89E-442b-82A6-F2FAB368621B}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\PopOops2.PopOops" refers to invalid object "{417386C3-8D4A-4611-9B91-E57E89D603AC}". Action Taken: No Action Taken.
Entry "HKCR\SEF.SearchHook" refers to invalid object "{0F9C37FC-72C6-4D7C-887E-21FB58DA7A41}". Action Taken: No Action Taken.
Entry "HKCR\SEF.SearchHook.1" refers to invalid object "{0F9C37FC-72C6-4D7C-887E-21FB58DA7A41}". Action Taken: No Action Taken.
Entry "HKCR\SkinAddOn.SkinPlasma" refers to invalid object "{762EC429-1A5D-4AB8-844A-9A552E1241DA}". Action Taken: No Action Taken.
Entry "HKCR\SkinAddOn.SkinPlasma.1" refers to invalid object "{762EC429-1A5D-4AB8-844A-9A552E1241DA}". Action Taken: No Action Taken.
Entry "HKCR\Snb.Band" refers to invalid object "{00027925-0017-4faf-9539-90E4AC0B9EC5}". Action Taken: No Action Taken.
Entry "HKCR\Snb.Band.1" refers to invalid object "{00027925-0017-4faf-9539-90E4AC0B9EC5}". Action Taken: No Action Taken.
Entry "HKCR\Sntb.BottomFrame" refers to invalid object "{79406F24-8E95-4af8-9FEF-2EA2B504E707}". Action Taken: No Action Taken.
Entry "HKCR\Sntb.BottomFrame.1" refers to invalid object "{79406F24-8E95-4af8-9FEF-2EA2B504E707}". Action Taken: No Action Taken.
Entry "HKCR\Sntb.LeftFrame" refers to invalid object "{8F7D96AA-489A-4194-AB34-21EF42507932}". Action Taken: No Action Taken.
Entry "HKCR\Sntb.LeftFrame.1" refers to invalid object "{8F7D96AA-489A-4194-AB34-21EF42507932}". Action Taken: No Action Taken.
Entry "HKCR\Sntb.PopupBrowser" refers to invalid object "{5E0910C6-9E45-481c-A2EC-0EC29C96EBEB}". Action Taken: No Action Taken.
Entry "HKCR\Sntb.PopupBrowser.1" refers to invalid object "{5E0910C6-9E45-481c-A2EC-0EC29C96EBEB}". Action Taken: No Action Taken.
Entry "HKCR\Sntb.PopupWindow" refers to invalid object "{B424E2AA-4466-41ca-8194-5A83995A9B15}". Action Taken: No Action Taken.
Entry "HKCR\Sntb.PopupWindow.1" refers to invalid object "{B424E2AA-4466-41ca-8194-5A83995A9B15}". Action Taken: No Action Taken.
Entry "HKCR\SonyDMPMixer.AVSuiteMixerDevice" refers to invalid object "{72E30961-A3E8-11D3-8F1A-00104B35A5FB}". Action Taken: No Action Taken.
Entry "HKCR\SWLAD1.SWLAD" refers to invalid object "{D52433A9-A44C-43AB-A013-24B3C756DD2B}". Action Taken: No Action Taken.
Entry "HKCR\VBUProgressBarControl.VBUProgress" refers to invalid object "{73175B20-8DF1-11D1-800A-44455354616F}". Action Taken: No Action Taken.
Entry "HKCR\WinAffiliateBHO.WinAffiliateIEExtensi.1" refers to invalid object "{E8EAEB34-F7B5-4C55-87FF-720FAF53D841}". Action Taken: No Action Taken.
Entry "HKCR\WinAffiliateBHO.WinAffiliateIEExtension" refers to invalid object "{E8EAEB34-F7B5-4C55-87FF-720FAF53D841}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
File C:\WINDOWS\1003546.exe infected by "Trojan-PSW.Win32.Agent.ah" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\127177968.exe infected by "Email-Worm.Win32.Bagle.bp" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\23956703.exe infected by "Trojan-PSW.Win32.Agent.ah" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\2417781.exe infected by "Trojan-PSW.Win32.Agent.ah" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\3387156.exe infected by "Email-Worm.Win32.Bagle.bp" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\46845750.exe infected by "Trojan-PSW.Win32.Agent.ah" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\709315968.exe.tcf infected by "Trojan-Proxy.Win32.Mitglieder.cw" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\772902843.exe.tcf infected by "Trojan-Proxy.Win32.Mitglieder.cw" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\7969937.exe infected by "Trojan-Dropper.Win32.Vidro.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\856316718.exe.tcf infected by "Trojan-Proxy.Win32.Mitglieder.cw" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\879239343.exe.tcf infected by "Trojan-Proxy.Win32.Mitglieder.cw" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\901853015.exe.tcf infected by "Trojan-Proxy.Win32.Mitglieder.cw" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\968138453.exe.tcf infected by "Trojan-Proxy.Win32.Mitglieder.cw" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\96wu19rd.exe.tcf tagged as "not-a-virus:AdWare.F1Organizer.h". Action Taken: No Action Taken.
File C:\WINDOWS\actulice.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\adw6inst.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\ehovsx.exe.tcf infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\ieuninst.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\istinstall_si.exe.tcf infected by "Trojan-Downloader.Win32.Small.gl" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\IsUninst.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\ledqnsh.exe.tcf infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\lglubwf.exe.tcf infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\ltremove.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\NCUNINST.EXE infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall4_80.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall4_88.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall4_94.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall5_20.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall5_40.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall5_48.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall5_64.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall6_10.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\NDNuninstall6_22.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\notepad.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\preInMPP.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\preInsln.exe.tcf infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\preInsMt.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\preInsTT.exe.tcf infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Q330994.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\R.COM infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\REGEDIT.COM infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\regedit.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\sm_exe.exe.dll infected by "SpamTool.Win32.Maniac.c" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\sr_exe.exe infected by "Email-Worm.Win32.Bagle.bp" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\sr_exe.exe.dll infected by "SpamTool.Win32.Maniac.b" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\svcnost.exe infected by "Trojan-Spy.Win32.Banker.mn" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\taskman.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\tov.exe.tcf infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\twunk_32.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\unist2.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\unvise32.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\unvise32qt.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\windhost.exe infected by "Trojan-Spy.Win32.Banker.mn" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\winhlp32.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\xen.exe.tcf infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\xgr.exe.tcf infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\xonufit.exe.tcf infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\xwbenkp.exe.tcf infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\3codecal.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\accwiz.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\actmovie.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ahui.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\atiupdate5.exe.tcf tagged as "not-a-virus:AdWare.Adtomi.e". Action Taken: No Action Taken.
File C:\WINDOWS\System32\bH.dll.tcf infected by "Trojan-Dropper.Win32.Agent.og" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\biH.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\BO2802040113.dll tagged as "not-a-virus:AdWare.VirtualBouncer.d". Action Taken: No Action Taken.
File C:\WINDOWS\System32\calc.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\calsdr.dll tagged as "not-a-virus:AdWare.F1Organizer.b". Action Taken: No Action Taken.
File C:\WINDOWS\System32\calsdr.exe.tcf infected by "Trojan-Dropper.Win32.Small.ff" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\cgzkcs32.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\charmap.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\Cjo9fQ88.exe.tcf infected by "Trojan-Downloader.Win32.VB.em" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ckcnv.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\cleanmgr.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\clipbrd.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\cmdl32.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\cmmon32.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\cmstp.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\conime.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\control.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\CS4P028.exe.tcf infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ctfmon.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\Cvx1j.exe.tcf infected by "Trojan-Downloader.Win32.VB.em" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\dcomcnfg.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ddeshare.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\DelTMID.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\dfrgfat.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\dfrgntfs.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\dllhst3g.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\dmremote.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\dplaysvr.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\dpnsvr.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\dpvsetup.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\dumprep.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\dvdplay.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\dvdupgrd.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\erifierv.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\eudcedit.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\eventvwr.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\extrac32.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\Facm.exe.tcf infected by "Trojan-Downloader.Win32.VB.em" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\fixmapi.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\fontview.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\foõ.exe.tcf infected by "Trojan-Proxy.Win32.Mitglieder.cw" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\freecell.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\grpconv.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\hpfinsta.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\id113.exe.tcf infected by "Trojan.Win32.SecondThought.ak" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\iexpress.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\iyjlm.dll.tcf tagged as "not-a-virus:AdWare.Adstart.i". Action Taken: No Action Taken.
File C:\WINDOWS\System32\iyjlmc.exe.tcf infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\iyjlmd.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\iyjlmf.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\JufLa7Q.exe.tcf infected by "Trojan-Downloader.Win32.VB.em" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\KppJ3f.exe.tcf infected by "Trojan-Downloader.Win32.VB.em" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\lights.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\lnkstub.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\logagent.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\logonui.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\magnify.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\migpwd.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\mmc.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\mobsync.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\mplay32.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\mpnotify.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\mrtMngr.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\MSCStat2.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\mshearts.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\msoert2.exe.tcf infected by "Trojan-Downloader.Win32.Agent.am" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\mspaint.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\Msrv32.exe.tcf infected by "Backdoor.Win32.Agobot.gen" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\msswchx.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\mstinit.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\mstsc.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\narrator.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\nddeapir.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\netsetup.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\norat.exe.tcf infected by "Trojan-Proxy.Win32.Mitglieder.cw" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\notepad.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\Nur0Z.exe.tcf infected by "Trojan-Downloader.Win32.VB.em" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\odbcad32.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\odbcconf.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\olbactc.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\omC.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\optimizer.exe infected by "Trojan-Downloader.Win32.IstBar.er" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\osk.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\osuninst.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\ountvolm.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\packager.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\perfmon.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\PjhM.exe.tcf infected by "Trojan-Downloader.Win32.VB.em" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\polall1m.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\PopOops.dll.tcf tagged as "not-a-virus:AdWare.VirtualBouncer.g". Action Taken: No Action Taken.
File C:\WINDOWS\System32\PopOops2.dll.tcf tagged as "not-a-virus:AdWare.VirtualBouncer.g". Action Taken: No Action Taken.
File C:\WINDOWS\System32\progman.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\proquota.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\pxhpinst.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\Qbm02Z1H.exe.tcf infected by "Trojan-Downloader.Win32.VB.em" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\QCON3216.EXE infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\rasphone.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\rcimlby.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\rdpclip.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\rdsaddin.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\rdshost.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\rdswuc.exe.tcf infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\rdswud.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\rdswuf.exe.tcf infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\regedt32.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\regwiz.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\rsmsink.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\rsmui.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\rtcshare.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\runonce.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\SahAgent.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\SahHtml.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\Sak0lQR.exe.tcf infected by "Trojan-Downloader.Win32.VB.em" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\savedump.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\scvhost.exe infected by "Backdoor.Win32.Agobot.gen" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\sdbinst.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\sethc.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\setup.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\shmgrate.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\shrpubw.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\sigverif.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\skeys.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\sndrec32.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\sndvol32.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\sol.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\spider.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\syncapp.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\syskey.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\sysocmgr.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\systray.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\T.COM infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\taskman.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\TASKMGR.COM infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\taskmgr.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\tcmsetup.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\tourstart.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\tscupgrd.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\WINDOWS\System32\upnpcont.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\Uqi4b5er.exe.tcf infected by "Trojan-Downloader.Win32.VB.em" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\Uqxt.exe.tcf infected by "Trojan-Downloader.Win32.VB.em" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\utilman.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\UtqjgHPh.exe.tcf infected by "Trojan-Downloader.Win32.VB.em" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\Vqxu.exe.tcf infected by "Trojan-Downloader.Win32.VB.em" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\wextract.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\wiaacmgr.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\winbpupd.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\winchat.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\winhlp32.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\winmine.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\winmsd.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\winshost.exe infected by "Email-Worm.Win32.Bagle.pac" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\winsystems.exe.tcf infected by "Trojan-Proxy.Win32.Mitglieder.cw" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\WinTools.exe.tcf infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\winupd.exeopen infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\winupd.exeopenopen infected by "Password-protected-EXE" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\winver.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\wiwshost.exe.tcf infected by "Email-Worm.Win32.Bagle.bb" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\wmpstub.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\wpabaln.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\wpnevent.exe.tcf infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\wpnpinst.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\write.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\wtshrui.exe.tcf infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\wupdmgr.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\Xivb4w26.exe.tcf infected by "Trojan-Downloader.Win32.VB.em" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\xpsp1hfm.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\Xqdccx.exe.tcf infected by "Trojan-Downloader.Win32.VB.em" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\Ylz4.exe.tcf infected by "Trojan-Downloader.Win32.VB.em" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\Yuyt10.exe.tcf infected by "Trojan-Downloader.Win32.VB.em" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\Zjt8.exe.tcf infected by "Trojan-Downloader.Win32.VB.em" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\DYLANC~1\LOCALS~1\Temp\esupdate.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.
File C:\DOCUME~1\DYLANC~1\LOCALS~1\Temp\Rar$EX00.438\KillBox.exe infected by "Email-Worm.Win32.Bagle.n" Virus! Action Taken: No Action Taken.

[POADB]

Please print out the instructions here (or save it in Notepad) so that you can follow along more easily.

Download Ewido Security Suite at http://www.ewido.net/en/download/ and install it. Update to the newest definitions. If you have trouble updating, you may do it manually at http://www.ewido.net/en/download/updates/ Do NOT the Ewido scan yet.

Reboot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

Run a full scan in Ewido. Save the log from the Ewido scan so that you can post it later.

[DFDUBB]

I dont know if i got a faulty ewido or what, but it gets to 96% scan (after about an hour) and then says "ewido has encoutered a problem and must shut down, sorry for the inconvenience."

let me try it again... for some reason these pop-ups are getting really bothersome

[Ried]

As you can see from the Mwav scan, you are severely infected.

Are you running Ewido from Safe Mode?

Try to run an online scan at Trend Micro. Please select the “autoclean” option when using Trend Micro.

Post the results of that scan.

[DFDUBB]

Yes, the ewido is running in safe mode. Does it usually take that long ( 1.5 hours) to run through?

[Ried]

Sure, I've had people report that it's taken up to 4 hours. It all depends on what's on your system. See if you can get it to finish, if not, try the online scan at TrendMicro and remember to select 'AutoClean'

[DFDUBB]

you know, the ewido gets to like 96% completion and then just shuts off? Really frustrating... The microscan won't let me run because i dont have the IE browser. Is it worth it to DL the IE browser, or is there another option????

[POADB]

OK. Microbell instructed me that if Ewido failed, to run KAV 5.0.

http://www.kaspersky.com/beta?product=161744315 - follow the on screen instructions here. You may need to download the scanner, I'm not entirely sure, but I hear it is able to clean the virus that you have spreaded all over your system.

This Ewido dropping out issue is quiet common. Unfortunately, we are unable to pin point the problem. Some people have success with disabling all other running programs, especially other anti-virus.

Try KAV 5.0. If it creates a report - bring it with you, otherwise let us know how you get on.

[DFDUBB]

Hmmm, this is strange... when i click the hyperlink for the kaspersky website, it says connection timed out? It won't let me access the site. Is there a mirrorlink?

[POADB]

Link works for me.

Try this one - http://www.kaspersky.com/beta

remmeber we want the Kav 5.0 beta scan.

[DFDUBB]

I ran the Panda scan and it WORKED!! No more Run Dll errors!


Thank you tremendously for all your assistance!!