|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
01-10-2006, 12:41 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jan 2006
Posts: 5
OS: XP
|
At wits end
I have removed just over 400 objects from a laptop using NAV2005, Spybot S&D, Ad-aware, Xoftware, X-cleaner micro edition,and CW shredder but I am still getting a balloon that says my computer is infected and that dangerous malware has been detected, of course inviting me to click it to protect my computer. Also Spyaxe keeps re-installing itself after I remove it. Any help would be greatly appreciated.
Logfile of HijackThis v1.99.1 Scan saved at 3:21:30 PM, on 1/10/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\HPQ\One-Touch\OneTouch.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\WINDOWS\system32\wuauclt.exe C:\DOCUME~1\RICH\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe C:\Program Files\JUSearch\juspc.exe C:\Program Files\Messenger\msmsgs.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=userinit.exe O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll (file missing) O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [0wao0o9s.dll] RUNDLL32.EXE 0wao0o9s.dll,b 20866143 O4 - HKLM\..\Run: [NI.UWAS5_0001_N57M0812] "C:\Documents and Settings\RICH\Local Settings\Temporary Internet Files\Content.IE5\E6KCVNK7\WinAntiSpywareScannerInstall[1].exe" -nag O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\pippkp.exe reg_run O4 - HKLM\..\Run: [zctalfxpd] c:\windows\system32\zctalfxpd.exe zctalfxpd O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKCU\..\Run: [HijackThis startup scan] C:\DOCUME~1\RICH\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe /startupscan O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1058.dll,InstantAccess O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe O4 - HKCU\..\Run: [Aaou] "C:\Program Files\ipee\othb.exe" -vt yazr O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
|
     |
| Sponsored Links |
|
01-10-2006, 02:35 PM
|
#2 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,238
OS: N/A
|
Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted.
Before we start, I want you to understand one thing. You have a very bad infection which is very difficult to remove. It requires a lot of work - both from you & me together. I'm gonna request for your full cooperation during such time. You should not at any time skip any of the steps outlined herewith nor do any of the fix outside out the order as I've laid out. Doing so may render the fix to be ineffective Please ensure that you have already patch your system against the recent WMF exploit. Please refer to my sig. No point we fix anything only for it to return tomorrow. Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. * * * * * * Let's try this first..  Download and unzip - bfu.zip Run the program and click the Web button located on the top right corner Copy/Paste this url into the address bar of the Download script window: http://metallica.geekstogo.com/EGDACCESS.bfu Checkmark the following boxes:
When it finishes running, click the Save button for a copy of the log Post the log created by the script when you have completed the fix If you have any questions about the use of BFU please click here * * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * * Download & install CleanUp.exe (not recommended for WinXP64) Download KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175) WinPfind.zip - download & extract the contents to it's own folder at the root of drive C TrackQoo.zip LQFix.zip Download & extract it to it's own folder - smitRem.exe Download and install Ewido Security Suite
If you have not already installed Ad-Aware SE 1.06, download and update aawsepersonal.exe 'UNPLUG'/DISCONNECT your computer from the Internet when you have finished downlaoding. It is IMPORTANT that you don't miss a step & perform everything in the correct order. * * * * * * Go to Start -> Control Panel -> Add or Remove Programs and uninstall the following programs:
If there is no Add/Remove Programs entry for this programs, click on Start, then Run and type the following in the Open: field:
A code will be displayed that it will ask you to enter. Enter this code and reboot. Once back to your desktop continue with the rest of the fix. * * * * * * FIXING ENTRIES WITH HIJACKTHIS * * * * * * * * * * HijackThis is able to create backups whenever if fixes any entry. These are stored in a subfolder called backups. As such, we advise against placing the program in any temporary folders. Please create a new directory, C:\Program Files\HijackThis\, and re-locate the program & it's associate files there. Do a HijackThis scan & place a check next to these items and select "Fix checked": R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.juno.com/s/search?r=minisearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=userinit.exe O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_ 7_0.dll (file missing) O4 - HKLM\..\Run: [0wao0o9s.dll] RUNDLL32.EXE 0wao0o9s.dll,b 20866143 O4 - HKLM\..\Run: [NI.UWAS5_0001_N57M0812] "C:\Documents and Settings\RICH\Local Settings\Temporary Internet Files\Content.IE5\E6KCVNK7\WinAntiSpywareScannerIn stall[1].exe" -nag O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\pippkp.exe reg_run O4 - HKLM\..\Run: [zctalfxpd] c:\windows\system32\zctalfxpd.exe zctalfxpd O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKCU\..\Run: [spc_w] "C:\Program Files\JUSearch\juspc.exe" -w O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGDACCESS_1058.dll,InstantAccess O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe O4 - HKCU\..\Run: [Aaou] "C:\Program Files\ipee\othb.exe" -vt yazr * * * * * * KILLBOX * * * * * * * * * * * * * * * * * * * * * * * Launch KillBox.exe & select the following options:
* Click the RED X button. * Click Yes at the Delete on Reboot prompt. * Click Yes at the 'Pending Operations prompt'. If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again. * * * * * * RESTART WINDOWS IN SAFE MODE * * * * * * * * * * 1. Restart your computer 2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3. Instead of Windows loading as normal, a menu should appear 4. Select the option to run Windows in Safe Mode. * * * * * * UN-INSTALLING PROGRAMS * * * * * * * * * * * * * * Go to Start -> Control Panel -> Add or Remove Programs and uninstall the following programs:
* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * * If you have not done so already, please enable the viewing of Hidden files From Windows Explorer, go to Tools -> Folder Options -> View tab.
* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * * Run Cleanup! using the following configuration: 1. Click Options... 2. Set the slider initially to Standard CleanUp! 3. Uncheck the following:
5. Press the CleanUp! button to start the program. 6. Do NOT reboot/logoff if prompted. * CleanUp! will not create any backups!! * * * * * * RUNNING ADDITIONAL SCANNERS * * * * * * * * * * * Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. * * * * Next go to Control Panel click Display>Desktop>Customize Desktop>Website Under the 'Web pages' box, Uncheck everything present. * * * * Open Ad-aware and close ALL other windows. 1. Click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window:
3. Click Start 4. Choose - Perform Full System Scan 5. DeSelect "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat. 6. Click Next and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically. 7. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window 8. Right-click on the list and choose Select All 9. Click Next to finish removing the items that were found * * * * * Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete. * * * * * * DEEP SCAN * * * * * * * * * * * * * * * * * * * * 1. From within the WinPFind folder, double click WinPFind.exe 2. Click Start Scan 3. Once the Scan is complete, it will create a report in a text file 4. Go to the WinPFind folder & locate WinPFind.txt 5. Post the results in your next reply! ** This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more. * * * * * * REBOOT TO NORMAL MODE * * * * * * * * * * * * * * Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component.
Do a scan with Trend Micro™ Anti-Spyware Click the "Scan and Clean your PC" button & follow the prompts
* * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * * From within TrackQoo.zip, double-click on TrackQoo1.vbs. Wait a few seconds and a notepad page will pop up, Copy & Paste those results in your next reply. * If your Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless! In your next post, please include fresh logs from:
__________________
|
|
|
|
|
01-11-2006, 03:10 PM
|
#3 (permalink) |
|
Registered User
Join Date: Jan 2006
Posts: 5
OS: XP
|
Done I hope
Have completed all the assigned tasks. No major problems. Computer seems to be operating better and got rid of the infection warning bubble. Thanking you for all your help to this point.
 This is the first of 2 submissions.smitRem © log file version 2.8 by noahdfear Microsoft Windows XP [Version 5.1.2600] The current date is: Wed 01/11/2006 The current time is: 13:10:59.00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ checking for ShudderLTD key ShudderLTD key not present! checking for PSGuard.com key PSGuard.com key not present! checking for WinHound.com key WinHound.com key not present! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SpyAxeFix © by noahdfear spyaxe directory present spyaxe uninstaller present Starting spyaxe uninstaller REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Winhound uninstaller NOT present ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Existing Pre-run Files ~~~ Program Files ~~~ Security Toolbar ~~~ Shortcuts ~~~ Online Security Guide.url Online Security Guide.url Security Troubleshooting.url Security Troubleshooting.url Install.dat ~~~ Favorites ~~~ Antivirus Test Online.url ~~~ system32 folder ~~~ wbeconm.dll 1024 dir ~~~ Icons in System32 ~~~ ot.ico ~~~ Windows directory ~~~ secure32.html ~~~ Drive root ~~~ secure32.html ~~~ Miscellaneous Files/folders ~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03 Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org Killing PID 1372 'explorer.exe' Killing PID 1372 'explorer.exe' Starting registry repairs Deleting files Remaining Post-run Files ~~~ Program Files ~~~ ~~~ Shortcuts ~~~ ~~~ Favorites ~~~ ~~~ system32 folder ~~~ ~~~ Icons in System32 ~~~ ~~~ Windows directory ~~~ ~~~ Drive root ~~~ ~~~ Miscellaneous Files/folders ~~~ ~~~ Wininet.dll ~~~ CLEAN! :) BFU v1.00.9 Windows XP SP2 (WinNT 5.01.2600 SP2) Script started at 9:31:50 PM, on 1/10/2006 Failed: FolderDelete C:\Program Files\Instant Access (folder not found) Failed: FileDelete C:\DOCUME~1\RICH\LOCALS~1\Temp\sa43.exe (operation failed) Failed: FolderDelete C:\DOCUME~1\RICH\LOCALS~1\Temp\Temporary Directory 1 for bfu.zip (operation failed) Failed: FolderDelete C:\DOCUME~1\RICH\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip (operation failed) Failed: FileDelete C:\DOCUME~1\RICH\LOCALS~1\Temp\~DF177F.tmp (operation failed) Failed: FileDelete C:\DOCUME~1\RICH\LOCALS~1\Temp\~DF5894.tmp (operation failed) Failed: FileDelete C:\WINDOWS\Temp\ZLT00bd7.TMP (operation failed) Script completed. Logfile of HijackThis v1.99.1 Scan saved at 5:50:12 PM, on 1/11/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\HPQ\One-Touch\OneTouch.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NI.UWAS5_0001_N57M0812] "C:\Documents and Settings\RICH\Local Settings\Temporary Internet Files\Content.IE5\E6KCVNK7\WinAntiSpywareScannerInstall[1].exe" -nag O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKCU\..\Run: [HijackThis startup scan] C:\HijackThis.exe /startupscan O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{770B91E1-B6E3-491F-A2EF-90A2291037FF}: NameServer = 216.220.230.24 216.220.230.25 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Wednesday, January 11, 2006 16:50:21 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 11/01/2006 Kaspersky Anti-Virus database records: 170551 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 42360 Number of viruses found: 56 Number of infected objects: 388 Number of suspicious objects: 1 Duration of the scan process: 3251 sec Infected Object Name - Virus Name C:\Program Files\Norton AntiVirus\Quarantine\033C45DE.cpl Infected: Trojan-Downloader.Win32.Qoologic.at C:\Program Files\Norton AntiVirus\Quarantine\03A23BE6.exe Infected: Trojan.Win32.Dialer.ay C:\Program Files\Norton AntiVirus\Quarantine\05613440.exe Infected: Packed.Win32.Klone.b C:\Program Files\Norton AntiVirus\Quarantine\056B3235.txt Infected: Packed.Win32.Klone.b C:\Program Files\Norton AntiVirus\Quarantine\056E5C31.exe Infected: Packed.Win32.Klone.b C:\Program Files\Norton AntiVirus\Quarantine\056E5C31.txt Infected: Packed.Win32.Klone.b C:\Program Files\Norton AntiVirus\Quarantine\0571062E.exe Infected: Packed.Win32.Klone.b C:\Program Files\Norton AntiVirus\Quarantine\0571062E.txt Infected: Packed.Win32.Klone.b C:\Program Files\Norton AntiVirus\Quarantine\0575302A.txt Infected: Packed.Win32.Klone.b C:\Program Files\Norton AntiVirus\Quarantine\05785A27.exe Infected: Packed.Win32.Klone.b C:\Program Files\Norton AntiVirus\Quarantine\057F2E1F.exe Infected: Trojan-Clicker.Win32.VB.kc C:\Program Files\Norton AntiVirus\Quarantine\057F2E1F.txt Infected: Packed.Win32.Klone.b C:\Program Files\Norton AntiVirus\Quarantine\0A915438.tmp Infected: Trojan-Downloader.Win32.Zlob.dm C:\Program Files\Norton AntiVirus\Quarantine\0A9A522D.tmp Infected: Trojan-Downloader.Win32.Zlob.dp C:\Program Files\Norton AntiVirus\Quarantine\0AFA5B3C.dll Infected: not-virus:Hoax.Win32.Renos.af C:\Program Files\Norton AntiVirus\Quarantine\0AFA5B3C.tmp Infected: Trojan-Downloader.Win32.Zlob.dp C:\Program Files\Norton AntiVirus\Quarantine\0B4D0890.tmp Infected: Trojan-Downloader.Win32.Zlob.dm C:\Program Files\Norton AntiVirus\Quarantine\0B61047A.tmp Infected: Trojan-Downloader.Win32.Zlob.dp C:\Program Files\Norton AntiVirus\Quarantine\0D614446.exe Infected: Trojan-Clicker.Win32.VB.kc C:\Program Files\Norton AntiVirus\Quarantine\19B44069.exe Infected: Trojan.Win32.Pakes C:\Program Files\Norton AntiVirus\Quarantine\19B86A66.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\Program Files\Norton AntiVirus\Quarantine\19BB1462.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\Program Files\Norton AntiVirus\Quarantine\19BE3E5F.dat Infected: Trojan-Downloader.Win32.Qoologic.at C:\Program Files\Norton AntiVirus\Quarantine\19D605FD.exe Infected: Trojan.Win32.Pakes C:\Program Files\Norton AntiVirus\Quarantine\19D92FF9.dat Infected: Trojan-Downloader.Win32.Qoologic.at C:\Program Files\Norton AntiVirus\Quarantine\19D92FF9.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\Program Files\Norton AntiVirus\Quarantine\1AC333E3.exe/data0010 Infected: Trojan-Dropper.Win32.Small.qn C:\Program Files\Norton AntiVirus\Quarantine\1AC333E3.exe Infected: Trojan-Dropper.Win32.Small.qn C:\Program Files\Norton AntiVirus\Quarantine\1BD55B8B.tmp Infected: Trojan-Downloader.Win32.Zlob.dl C:\Program Files\Norton AntiVirus\Quarantine\1BE2037D.txt Infected: not-virus:Hoax.Win32.Renos.aj C:\Program Files\Norton AntiVirus\Quarantine\1DDC6F50.exe Infected: not-virus:Hoax.Win32.Renos.aj C:\Program Files\Norton AntiVirus\Quarantine\1EFA1E55.tmp Infected: Trojan-Downloader.Win32.Zlob.dm C:\Program Files\Norton AntiVirus\Quarantine\1F030A53.fr7 Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess C:\Program Files\Norton AntiVirus\Quarantine\1F11443C.tmp Infected: Trojan-Downloader.Win32.Zlob.dp C:\Program Files\Norton AntiVirus\Quarantine\209A3D88.dll Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.f C:\Program Files\Norton AntiVirus\Quarantine\20A11180.dll Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.f C:\Program Files\Norton AntiVirus\Quarantine\20A11180.fr0 Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.f C:\Program Files\Norton AntiVirus\Quarantine\20FE3DD2.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\Program Files\Norton AntiVirus\Quarantine\2CF46FD9.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\Program Files\Norton AntiVirus\Quarantine\2D3E3A62.tmp Infected: Trojan-Downloader.Win32.Zlob.dl C:\Program Files\Norton AntiVirus\Quarantine\3200587D.exe Infected: Packed.Win32.Klone.b C:\Program Files\Norton AntiVirus\Quarantine\35317F58.tmp Infected: Trojan-Downloader.Win32.Zlob.dp C:\Program Files\Norton AntiVirus\Quarantine\35E755B5.exe Infected: Trojan.Win32.StartPage.agt C:\Program Files\Norton AntiVirus\Quarantine\35F153AA.exe Infected: Trojan.Win32.Zapchast.ad C:\Program Files\Norton AntiVirus\Quarantine\366E67FC.exe Infected: Trojan-Clicker.Win32.VB.kc C:\Program Files\Norton AntiVirus\Quarantine\38486E77.exe Infected: Trojan.Win32.Pakes C:\Program Files\Norton AntiVirus\Quarantine\384F426F.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\Program Files\Norton AntiVirus\Quarantine\38526C6C.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\Program Files\Norton AntiVirus\Quarantine\38551668.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\Program Files\Norton AntiVirus\Quarantine\385C6A61.dat Infected: Trojan-Downloader.Win32.Qoologic.at C:\Program Files\Norton AntiVirus\Quarantine\3A3F4A47.dll Infected: not-a-virus:Dialer.Win32.E-Group.q C:\Program Files\Norton AntiVirus\Quarantine\3BB9733D.exe Infected: Trojan.Win32.Pakes C:\Program Files\Norton AntiVirus\Quarantine\3BBC1D3A.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\Program Files\Norton AntiVirus\Quarantine\3BBF4736.exe Infected: Trojan-Downloader.Win32.PurityScan.ax C:\Program Files\Norton AntiVirus\Quarantine\3BD91719.dat Infected: Trojan-Downloader.Win32.Qoologic.at C:\Program Files\Norton AntiVirus\Quarantine\3BD91719.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\Program Files\Norton AntiVirus\Quarantine\3F482288.exe Infected: Trojan-Downloader.Win32.Tiny.al C:\Program Files\Norton AntiVirus\Quarantine\40E66D64.dll Infected: not-a-virus:Dialer.Win32.E-Group.d C:\Program Files\Norton AntiVirus\Quarantine\40E91761.dll Infected: not-a-virus:Dialer.Win32.E-Group.l C:\Program Files\Norton AntiVirus\Quarantine\43197266.htm Suspicious: Exploit.HTML.Mht C:\Program Files\Norton AntiVirus\Quarantine\44A304A3.exe Infected: not-virus:Hoax.Win32.Renos.aj C:\Program Files\Norton AntiVirus\Quarantine\46B87B2D.dll Infected: Trojan-Spy.Win32.Small.dg C:\Program Files\Norton AntiVirus\Quarantine\46C27922.dll Infected: Trojan-PSW.Win32.Agent.bu C:\Program Files\Norton AntiVirus\Quarantine\496B19E5.exe Infected: Trojan-Downloader.Win32.Small.buy C:\Program Files\Norton AntiVirus\Quarantine\49F52E36.tmp Infected: Trojan-Downloader.Win32.Zlob.dp C:\Program Files\Norton AntiVirus\Quarantine\57730EC1.dll Infected: Trojan-Clicker.Win32.Agent.ac C:\Program Files\Norton AntiVirus\Quarantine\57BF546E.fr8 Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.f C:\Program Files\Norton AntiVirus\Quarantine\595C3A62.tmp Infected: Trojan-Downloader.Win32.Zlob.dm C:\Program Files\Norton AntiVirus\Quarantine\59865C33.tmp Infected: Trojan-Downloader.Win32.Zlob.dp C:\Program Files\Norton AntiVirus\Quarantine\5B465447.exe Infected: Trojan-Clicker.Win32.VB.kc C:\Program Files\Norton AntiVirus\Quarantine\5BCB6BFC.exe Infected: Trojan-PSW.Win32.Agent.bu C:\Program Files\Norton AntiVirus\Quarantine\61497A38.exe Infected: Trojan-Downloader.Win32.Zlob.do C:\Program Files\Norton AntiVirus\Quarantine\61572229.tmp Infected: Trojan-Downloader.Win32.Zlob.dm C:\Program Files\Norton AntiVirus\Quarantine\62F94215.exe Infected: SpamTool.Win32.Mailbot.q C:\Program Files\Norton AntiVirus\Quarantine\633B09CD.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk C:\Program Files\Norton AntiVirus\Quarantine\633B09CD.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk C:\Program Files\Norton AntiVirus\Quarantine\633B09CD.exe Infected: Trojan-Dropper.Win32.VB.kk C:\Program Files\Norton AntiVirus\Quarantine\633E33C9.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\Program Files\Norton AntiVirus\Quarantine\633E33C9.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\Program Files\Norton AntiVirus\Quarantine\633E33C9.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\Program Files\Norton AntiVirus\Quarantine\633E33C9.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\Program Files\Norton AntiVirus\Quarantine\633E33C9.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\Program Files\Norton AntiVirus\Quarantine\633E33C9.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\Program Files\Norton AntiVirus\Quarantine\63415DC6.exe Infected: Trojan-Downloader.Win32.Adload.l C:\Program Files\Norton AntiVirus\Quarantine\634407C2.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\Program Files\Norton AntiVirus\Quarantine\634831BF.exe Infected: Trojan.Win32.Pakes C:\Program Files\Norton AntiVirus\Quarantine\634831BF.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.j C:\Program Files\Norton AntiVirus\Quarantine\634E05B7.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\Program Files\Norton AntiVirus\Quarantine\63522FB4.exe Infected: Trojan-Dropper.Win32.Small.qn C:\Program Files\Norton AntiVirus\Quarantine\635559B0.exe Infected: Trojan-Downloader.Win32.TSUpdate.o C:\Program Files\Norton AntiVirus\Quarantine\635803AD.exe Infected: Trojan-Dropper.Win32.VB.kk C:\Program Files\Norton AntiVirus\Quarantine\635B2DA9.exe Infected: Trojan.Win32.StartPage.aw C:\Program Files\Norton AntiVirus\Quarantine\636201A2.exe Infected: Trojan-Downloader.Win32.Adload.j C:\Program Files\Norton AntiVirus\Quarantine\6368559B.cpl Infected: Trojan-Downloader.Win32.Qoologic.at C:\Program Files\Norton AntiVirus\Quarantine\6368559B.dat Infected: Trojan-Downloader.Win32.Qoologic.at C:\Program Files\Norton AntiVirus\Quarantine\77AC09E0.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n C:\Program Files\Norton AntiVirus\Quarantine\77AC09E0.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p C:\Program Files\Norton AntiVirus\Quarantine\77AC09E0.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l C:\Program Files\Norton AntiVirus\Quarantine\77AC09E0.exe/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f C:\Program Files\Norton AntiVirus\Quarantine\77AC09E0.exe Infected: Trojan-Downloader.Win32.TSUpdate.f C:\Program Files\Norton AntiVirus\Quarantine\78127FE7.exe Infected: Trojan-Downloader.Win32.Adload.l C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP10\A0001595.dll Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.f C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP10\A0001596.dll Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.f C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP10\A0001604.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP10\A0001612.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP10\A0001620.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP10\A0001628.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP10\A0001636.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP11\A0001651.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP11\A0001653.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP11\A0001654.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP11\A0001661.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP11\A0001672.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP12\A0001704.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP12\A0001717.dll Infected: Trojan-Clicker.Win32.Agent.ac C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP13\A0001761.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP13\A0001763.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.l C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP13\A0001764.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP13\A0001771.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP13\A0001779.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP13\A0001788.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP14\A0001805.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP14\A0001813.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP14\A0001851.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP15\A0001883.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP15\A0001891.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP15\A0002891.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP15\A0002899.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP15\A0002907.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP15\A0002916.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP15\A0002924.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP15\A0002933.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP17\A0003002.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003065.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003070.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003072.sys Infected: SpamTool.Win32.Mailbot.b C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003077.tlb Infected: Trojan-Downloader.Win32.Zlob.dl C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003078.dll Infected: Trojan-Clicker.Win32.Small.jf C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003079.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003080.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003081.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003082.dll Infected: Trojan-Downloader.Win32.Qoologic.bd C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003083.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003091.sys Infected: SpamTool.Win32.Mailbot.b C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003095.tlb Infected: Trojan-Downloader.Win32.Zlob.dl C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003097.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003098.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003099.exe Infected: not-virus:Hoax.Win32.Renos.aj C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003100.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003102.dll Infected: Trojan-Downloader.Win32.Qoologic.bd C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003103.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003107.sys Infected: SpamTool.Win32.Mailbot.b C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003111.tlb Infected: Trojan-Downloader.Win32.Zlob.dl C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003113.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003114.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003115.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003116.dll Infected: Trojan-Downloader.Win32.Qoologic.bd C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003118.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003131.exe Infected: Trojan-Downloader.Win32.Tiny.al C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP18\A0003133.exe Infected: not-virus:Hoax.Win32.Renos.aj C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0000008.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0000017.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0000026.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0000035.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP2\A0000044.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP21\A0003182.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP21\A0003183.cpl Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP21\A0003187.sys Infected: SpamTool.Win32.Mailbot.b C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003198.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003199.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003200.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003201.dll Infected: Trojan-Downloader.Win32.Qoologic.bd C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003203.exe Infected: Trojan-Downloader.Win32.Zlob.dl C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003205.tlb Infected: Trojan-Downloader.Win32.Zlob.dl C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003206.exe Infected: Trojan-Downloader.Win32.Zlob.bu C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003210.sys Infected: SpamTool.Win32.Mailbot.b C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003214.tlb Infected: Trojan-Downloader.Win32.Zlob.do C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003216.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003217.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003218.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003219.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003220.dll Infected: Trojan-Downloader.Win32.Qoologic.bd C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003227.exe Infected: Trojan.Win32.StartPage.agt C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003228.exe Infected: Trojan.Win32.Zapchast.ad C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003230.sys Infected: SpamTool.Win32.Mailbot.b C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003234.tlb Infected: Trojan-Downloader.Win32.Zlob.do C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003236.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003237.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003239.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003240.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003241.dll Infected: Trojan-Downloader.Win32.Qoologic.bd C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003249.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003251.sys Infected: SpamTool.Win32.Mailbot.b C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003255.tlb Infected: Trojan-Downloader.Win32.Zlob.do C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003257.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003258.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003259.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003260.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003261.dll Infected: Trojan-Downloader.Win32.Qoologic.bd C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003266.dll Infected: Trojan-Spy.Win32.Small.dg C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003267.dll Infected: Trojan-PSW.Win32.Agent.bu C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003268.exe Infected: Trojan-PSW.Win32.Agent.bu C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003269.exe Infected: SpamTool.Win32.Mailbot.q C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003270.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003270.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003270.exe Infected: Trojan-Dropper.Win32.VB.kk C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003271.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003271.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003271.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003271.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003271.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003271.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003272.exe Infected: Trojan-Downloader.Win32.Adload.l C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003273.exe Infected: Trojan-Downloader.Win32.Adload.l C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003275.exe Infected: Trojan-Dropper.Win32.Small.qn C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003276.exe/data0010 Infected: Trojan-Dropper.Win32.Small.qn C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003276.exe Infected: Trojan-Dropper.Win32.Small.qn C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003278.exe Infected: Trojan-Dropper.Win32.VB.kk C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003280.exe Infected: Trojan-Downloader.Win32.Adload.j C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP22\A0003281.cpl Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003289.sys Infected: SpamTool.Win32.Mailbot.b C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003293.exe Infected: Trojan-Downloader.Win32.Zlob.do C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003294.tlb Infected: Trojan-Downloader.Win32.Zlob.do C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003295.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003296.dll Infected: Trojan-Downloader.Win32.Qoologic.bd C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003297.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003310.sys Infected: SpamTool.Win32.Mailbot.b C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003313.tlb Infected: Trojan-Downloader.Win32.Zlob.do C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003314.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003315.dll Infected: Trojan-Downloader.Win32.Qoologic.bd C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003316.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003342.sys Infected: SpamTool.Win32.Mailbot.b C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003346.tlb Infected: Trojan-Downloader.Win32.Zlob.do C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003347.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003348.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003349.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003350.dll Infected: Trojan-Downloader.Win32.Qoologic.bd C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003352.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003357.exe Infected: Trojan.Win32.Agent.il C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003358.exe Infected: Trojan-Downloader.Win32.Zlob.dn C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003398.sys Infected: SpamTool.Win32.Mailbot.b C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003403.dll Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.f C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003408.sys Infected: SpamTool.Win32.Mailbot.b C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003411.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003412.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003413.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003414.dll Infected: Trojan-Downloader.Win32.Qoologic.bd C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP23\A0003415.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP24\A0003426.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP24\A0003427.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP24\A0003428.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP24\A0003431.sys Infected: SpamTool.Win32.Mailbot.b C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP24\A0003436.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP24\A0003437.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP24\A0003438.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP24\A0003439.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP24\A0003440.dll Infected: Trojan-Downloader.Win32.Qoologic.bd C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP24\A0003443.dll Infected: not-a-virus:AdWare.Win32.Sud.b C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP24\A0003445.tlb Infected: Trojan-Downloader.Win32.Zlob.do C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP24\A0003451.sys Infected: SpamTool.Win32.Mailbot.b C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP26\A0003460.sys Infected: SpamTool.Win32.Mailbot.b C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP26\A0003465.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP27\A0003472.dll Infected: not-a-virus:AdWare.Win32.Sud.b C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP27\A0003475.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP27\A0003476.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP27\A0003477.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP27\A0003478.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP27\A0003484.sys Infected: SpamTool.Win32.Mailbot.b C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP27\A0003490.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP27\A0003491.dll Infected: Trojan-Downloader.Win32.Qoologic.bd C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP28\A0003493.dll Infected: SpamTool.Win32.Mailbot.q C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP28\A0003494.sys Infected: SpamTool.Win32.Mailbot.b C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP28\A0003498.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP28\A0003500.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP28\A0003503.sys Infected: SpamTool.Win32.Mailbot.b C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP28\A0003519.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP28\A0003520.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP28\A0003521.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP28\A0003522.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP28\A0003523.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP28\A0003524.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP28\A0003524.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP28\A0003524.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP28\A0003524.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP28\A0003524.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP28\A0003524.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP28\A0003533.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP28\A0003534.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP28\A0003535.dll Infected: Trojan-Downloader.Win32.Qoologic.bd C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP28\A0003584.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP28\A0003585.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP28\A0003586.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP28\A0003587.dll Infected: Trojan-Downloader.Win32.Qoologic.bd C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP29\A0003602.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP29\A0003603.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP29\A0003604.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP29\A0003605.dll Infected: Trojan-Downloader.Win32.Qoologic.bd C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP29\A0003608.exe Infected: Trojan-Downloader.Win32.PurityScan.ax C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP29\A0003610.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP3\A0000053.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP30\A0003629.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP31\A0003641.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP31\A0003642.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP31\A0003643.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP31\A0003644.dll Infected: Trojan-Downloader.Win32.Qoologic.bd C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP31\A0003658.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP31\A0003659.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP31\A0003660.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP31\A0003661.dll Infected: Trojan-Downloader.Win32.Qoologic.bd C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003683.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003684.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003686.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003687.dll Infected: Trojan-Downloader.Win32.Qoologic.bd C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003712.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003713.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003714.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003716.dll Infected: Trojan-Downloader.Win32.Qoologic.bd C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003722.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003730.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003731.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003733.dll Infected: Trojan-Downloader.Win32.Qoologic.bd C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003736.dll Infected: not-a-virus:AdWare.Win32.Sud.a C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003737.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003745.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003746.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003747.dll Infected: Trojan-Downloader.Win32.Qoologic.bd C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003828.dll Infected: not-virus:Hoax.Win32.Renos.ak C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003838.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003839.exe Infected: Trojan-Downloader.Win32.Small.bke C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003840.exe Infected: Trojan-Downloader.Win32.Small.cam C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003841.dll Infected: Trojan-Downloader.Win32.Qoologic.az C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003842.exe Infected: Trojan.Win32.Pakes C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003843.dll Infected: Trojan-Downloader.Win32.Qoologic.bd C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003844.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP32\A0003845.dll Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.e C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP4\A0000066.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP4\A0001065.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP5\A0001079.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP5\A0001090.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP5\A0001100.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP5\A0001109.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP5\A0001119.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP5\A0001129.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP5\A0001139.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP5\A0001149.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP6\A0001181.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP6\A0001185.dll Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.f C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP6\A0001193.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP6\A0001196.dll Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.f C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP6\A0001208.dll Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.f C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP6\A0001215.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP6\A0001226.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP6\A0001229.dll Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.f C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP6\A0001237.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP6\A0001249.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP6\A0001263.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP6\A0001273.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP6\A0001278.dll Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.f C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP6\A0001286.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP6\A0001289.dll Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.f C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP6\A0001297.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP7\A0001310.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP7\A0001318.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP7\A0001329.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP7\A0001339.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP8\A0001371.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP8\A0001379.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP8\A0001389.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP8\A0001400.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP8\A0001409.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP8\A0001419.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP8\A0001429.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP8\A0001437.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP8\A0001446.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP8\A0001457.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP8\A0001488.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP8\A0001497.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP8\A0001507.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP8\A0001515.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP8\A0001524.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP8\A0001534.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP8\A0001545.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP9\A0001552.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP9\A0001561.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\System Volume Information\_restore{68DCCD3E-2073-4915-A5DC-A445A55876AD}\RP9\A0001570.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.k C:\WINDOWS\system32\biqrexpj.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.g C:\WINDOWS\system32\DH9013.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf C:\WINDOWS\system32\DH9013.exe Infected: Trojan-Clicker.Win32.Small.jf C:\WINDOWS\system32\jcosnf.exe Infected: not-a-virus:AdWare.Win32.NaviPromo.g Scan process completed. --------------------------------------------------------- |
|
|
|
|
01-11-2006, 03:17 PM
|
#4 (permalink) |
|
Registered User
Join Date: Jan 2006
Posts: 5
OS: XP
|
Done I hope 2
Second submission with rest of logfiles. Thanks again.
ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 2:39:09 PM, 1/11/2006 + Report-Checksum: D67D60A5 + Scan result: HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0\Controls -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0\Controls\0 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0\Controls\1 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0\Controls\2 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\1 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\1\Controls -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\10 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\10\Controls -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\10\Controls\0 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\10\Controls\1 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11\Controls -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11\Controls\0 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11\Controls\1 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11\Controls\2 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2\Controls -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2\Controls\0 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2\Controls\1 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2\Controls\2 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\3 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\3\Controls -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\3\Controls\0 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\3\Controls\1 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\4 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\4\Controls -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\4\Controls\0 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\4\Controls\1 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\5 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\5\Controls -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\5\Controls\0 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\5\Controls\1 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\6 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\6\Controls -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\6\Controls\0 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\6\Controls\1 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7\Controls -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7\Controls\0 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7\Controls\1 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7\Controls\2 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\8 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\8\Controls -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\8\Controls\0 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\8\Controls\1 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\9 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\9\Controls -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\9\Controls\0 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\9\Controls\1 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\A -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\A\Controls -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\B -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\B\Controls -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\B\Controls\0 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\B\Controls\1 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\C -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\C\Controls -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\C\Controls\0 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\D -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\D\Controls -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\D\Controls\0 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\D\Controls\1 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\E -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\E\Controls -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\E\Controls\0 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\E\Controls\1 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\F -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\F\Controls -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\F\Controls\0 -> Spyware.MidAddle : Cleaned with backup HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_0024103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\F\Controls\1 -> Spyware.MidAddle : Cleaned with backup C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ohoo.exe -> Downloader.Qoologic.at : Cleaned with backup C:\Documents and Settings\RICH\Cookies\rich@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\RICH\Cookies\rich@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup C:\Documents and Settings\RICH\Cookies\rich@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup C:\Documents and Settings\RICH\Cookies\rich@data1.perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup C:\Documents and Settings\RICH\Cookies\rich@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup C:\Documents and Settings\RICH\Cookies\rich@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup C:\inrh9400.exe -> Downloader.Small.bke : Cleaned with backup C:\inst_0004.exe -> Downloader.Small.cam : Cleaned with backup C:\WINDOWS\system32\ioiiaip.dll -> Downloader.Qoologic.az : Cleaned with backup C:\WINDOWS\system32\jsjjcjv.exe -> Trojan.Pakes : Cleaned with backup C:\WINDOWS\system32\kekkl.dll -> Downloader.Small : Cleaned with backup C:\WINDOWS\system32\pippkp.exe -> Downloader.Qoologic.at : Cleaned with backup C:\WINDOWS\system32\sysinetsvc32.dll -> Dialer.Generic : Cleaned with backup C:\WINDOWS\system32\wawwv.dat -> Downloader.Qoologic.at : Cleaned with backup ::Report EndWARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600 Internet Explorer Version: 6.0.2900.2180 »»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»» Checking %SystemDrive% folder... qoologic 1/10/2006 9:49:28 PM 204131 C:\WinPFind.zip Checking %ProgramFilesDir% folder... Checking %WinDir% folder... Checking %System% folder... UPX! 1/10/2006 12:58:36 PM 44032 C:\WINDOWS\SYSTEM32\0wao7k9k.dll PEC2 7/19/2005 9:00:30 PM 59252 C:\WINDOWS\SYSTEM32\ansi.cfg PEC2 8/28/2002 9:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc PECompact2 1/4/2006 10:41:02 PM 2827616 C:\WINDOWS\SYSTEM32\MRT.exe aspack 1/4/2006 10:41:02 PM 2827616 C:\WINDOWS\SYSTEM32\MRT.exe aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll winsync 8/28/2002 9:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu Checking %System%\Drivers folder and sub-folders... PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts Checking the Windows folder and sub-folders for system and hidden files within the last 60 days... 1/11/2006 12:55:26 PM S 2048 C:\WINDOWS\bootstat.dat 1/7/2006 12:18:22 PM HS 7680 C:\WINDOWS\StartHtmico\Thumbs.db 1/11/2006 12:48:48 PM H 35870 C:\WINDOWS\system32\vsconfig.xml 1/7/2006 11:51:26 AM H 4212 C:\WINDOWS\system32\zllictbl.dat 11/30/2005 11:17:10 PM S 21633 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB905915.cat 12/1/2005 7:12:48 PM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB910437.cat 1/2/2006 6:09:36 PM S 11223 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912919.cat 1/11/2006 1:12:20 PM H 36864 C:\WINDOWS\system32\config\default.LOG 1/11/2006 1:08:08 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG 1/11/2006 12:55:28 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG 1/11/2006 1:13:58 PM H 516096 C:\WINDOWS\system32\config\software.LOG 1/11/2006 2:37:36 PM H 1032192 C:\WINDOWS\system32\config\system.LOG 1/10/2006 10:23:04 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG 12/17/2005 1:34:42 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\42b6977b-a024-4460-b244-009b477f651a 12/17/2005 1:34:42 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred 1/11/2006 12:54:06 PM H 6 C:\WINDOWS\Tasks\SA.DAT Checking for CPL files... Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl 4/26/2002 5:33:40 AM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl Microsoft Corporation 8/28/2002 9:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl Microsoft Corporation 8/28/2002 9:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl RealNetworks, Inc. 7/1/2004 2:44:58 PM 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl Microsoft Corporation 8/28/2002 9:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl »»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»» Checking files in %ALLUSERSPROFILE%\Startup folder... 9/9/2002 9:49:58 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini Checking files in %ALLUSERSPROFILE%\Application Data folder... 9/9/2002 2:33:50 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini Checking files in %USERPROFILE%\Startup folder... 9/9/2002 9:49:58 AM HS 84 C:\Documents and Settings\RICH\Start Menu\Programs\Startup\desktop.ini Checking files in %USERPROFILE%\Application Data folder... 9/9/2002 2:33:50 AM HS 62 C:\Documents and Settings\RICH\Application Data\desktop.ini 4/22/2005 2:24:54 PM 12358 C:\Documents and Settings\RICH\Application Data\PFP100JCM.{PB 4/22/2005 2:24:54 PM 61678 C:\Documents and Settings\RICH\Application Data\PFP100JPR.{PB UPX! 1/6/2005 4:38:36 PM 184680 C:\Documents and Settings\RICH\Application Data\shb.dat 1/8/2006 10:24:44 PM 482620 C:\Documents and Settings\RICH\Application Data\Sskknwrd.dll 1/8/2006 10:25:32 PM 36 C:\Documents and Settings\RICH\Application Data\Sskuknwrd.dll »»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»» [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform] SV1 = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved] [HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers] HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mnmmqmym {2b7b61fa-67b9-4e2c-a109-62cda29104e4} = C:\WINDOWS\system32\kekkl.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin = %SystemRoot%\system32\SHELL32.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF} = %SystemRoot%\system32\SHELL32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE} = %SystemRoot%\system32\SHELL32.dll [HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} &Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376} &Tip of the Day = %SystemRoot%\System32\shdocvw.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8F4902B6-6C04-4ade-8052-AA58578A21BD} hp toolkit = C:\WINDOWS\System32\Shdocvw.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE} Real.com = C:\WINDOWS\System32\Shdocvw.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} = hp toolkit : C:\HP\EXPLOREBAR\HPTOOLKT.DLL {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD} ButtonText = Messenger : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} ButtonText = Real.com : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD} Shell Search Band = %SystemRoot%\system32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38} Search Band = %SystemRoot%\System32\browseui.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478} = HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD} &Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1} File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} Favorites Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} History Band = %SystemRoot%\System32\shdocvw.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E} Explorer Band = %SystemRoot%\System32\shdocvw.dll [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} = hp toolkit : C:\HP\EXPLOREBAR\HPTOOLKT.DLL {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser {01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll {0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} = JunoBar : C:\Program Files\Juno\images\toolbar.dll {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll {EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Companion : C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] Cpqset C:\Program Files\HPQ\Default Settings\cpqset.exe QT4HPOT C:\Program Files\HPQ\One-Touch\OneTouch.EXE SynTPLpr C:\Program Files\Synaptics\SynTP\SynTPLpr.exe SynTPEnh C:\Program Files\Synaptics\SynTP\SynTPEnh.exe Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer NI.UWAS5_0001_N57M0812 "C:\Documents and Settings\RICH\Local Settings\Temporary Internet Files\Content.IE5\E6KCVNK7\WinAntiSpywareScannerInstall[1].exe" -nag Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe TV Now C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK srmclean C:\Cpqs\Scom\srmclean.exe RealTray C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER PreloadApp c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d MMTray Display Settings C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" CARPService carpserv.exe AutoTBar C:\hp\bin\autotbar.exe ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe AdaptecDirectCD "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] HijackThis startup scan C:\HijackThis.exe /startupscan Yahoo! Pager C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background MailSkinner c:\program files\mailskinner\mailskinner.exe [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state system.ini 0 win.ini 0 bootini 0 services 0 startup 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer NoActiveDesktopChanges 0 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum {BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL {6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = {0DF44EAA-FF21-4412-828E-260A8728E7F1} = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system dontdisplaylastusername 0 legalnoticecaption legalnoticetext shutdownwithoutlogon 1 undockwithoutlogon 1 DisableTaskMgr 0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies] HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop NoComponents 0 NoAddingComponents 0 NoDeletingComponents 0 NoEditingComponents 0 NoChangingWallPaper 0 NoCloseDragDropBands 0 NoMovingBands 0 NoHTMLWallPaper 0 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer NoDriveTypeAutoRun 145 NoActiveDesktop 0 NoSaveSettings 0 ClassicShell 0 NoThemesTab 0 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System DisableTaskMgr 0 NoDispAppearancePage 0 NoColorChoice 0 NoSizeChoice 0 NoDispBackgroundPage 0 NoDispScrSavPage 0 NoDispCPL 0 NoVisualStyleChoice 0 NoDispSettingsPage 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll SystemCheck2 = [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\SYSTEM32\Userinit.exe, Shell = explorer.exe System = HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain = crypt32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet = cryptnet.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll = cscdll.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msctl32.dll = msctl32.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy = sclgntfy.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn = WlNotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv = wlnotify.dll HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon = wlnotify.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path Debugger = ntsd -d [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] AppInit_DLLs »»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder. Scan completed on 1/11/2006 2:46:54 PM REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cpqset"="C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe" "QT4HPOT"="C:\\Program Files\\HPQ\\One-Touch\\OneTouch.EXE" "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe" "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe" "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer" "NI.UWAS5_0001_N57M0812"="\"C:\\Documents and Settings\\RICH\\Local Settings\\Temporary Internet Files\\Content.IE5\\E6KCVNK7\\WinAntiSpywareScannerInstall[1].exe\" -nag " "Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe" "TV Now"="C:\\Program Files\\HPQ\\Notebook Utilities\\TvNow.exe /RK" "srmclean"="C:\\Cpqs\\Scom\\srmclean.exe" "RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER" "PreloadApp"="c:\\hp\\drivers\\printers\\photosmart\\hphprld.exe c:\\hp\\drivers\\printers\\photosmart\\setup.exe -d" "MMTray"="" "Display Settings"="C:\\Program Files\\HPQ\\Notebook Utilities\\hptasks.exe /s" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "CARPService"="carpserv.exe" "AutoTBar"="C:\\hp\\bin\\autotbar.exe" "ATIPTA"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe" "AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\"" ----------------- HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers Subkey --- ewido {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} C:\Program Files\ewido\security suite\context.dll Subkey --- mnmmqmym {2b7b61fa-67b9-4e2c-a109-62cda29104e4} C:\WINDOWS\system32\kekkl.dll Subkey --- Offline Files {750fdf0e-2a26-11d1-a3ea-080036587f03} C:\WINDOWS\System32\cscui.dll Subkey --- Open With {09799AFB-AD67-11d1-ABCD-00C04FC30936} C:\WINDOWS\system32\SHELL32.dll Subkey --- Open With EncryptionMenu {A470F8CF-A1E8-4f65-8335-227475AA5C46} C:\WINDOWS\system32\SHELL32.dll Subkey --- Symantec.Norton.Antivirus.IEContextMenu {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} C:\Program Files\Norton AntiVirus\NavShExt.dll Subkey --- Yahoo! Mail {5464D816-CF16-4784-B9F3-75C0DB52B499} C:\PROGRA~1\Yahoo!\Common\ymmapi.dll Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8} Start Menu Pin C:\WINDOWS\system32\SHELL32.dll ===================== HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871} C:\WINDOWS\system32\SHELL32.dll Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF} C:\WINDOWS\system32\SHELL32.dll Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF} C:\WINDOWS\system32\SHELL32.dll Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE} C:\WINDOWS\system32\SHELL32.dll ============================== C:\Documents and Settings\All Users\Start Menu\Programs\Startup desktop.ini ============================== C:\Documents and Settings\RICH\Start Menu\Programs\Startup desktop.ini desktop.ini ============================== C:\WINDOWS\system32 cpl files access.cpl Microsoft Corporation appwiz.cpl Microsoft Corporation bdeadmin.cpl Inprise Corporation bthprops.cpl Microsoft Corporation desk.cpl Microsoft Corporation firewall.cpl Microsoft Corporation hdwwiz.cpl Microsoft Corporation inetcpl.cpl Microsoft Corporation intl.cpl Microsoft Corporation irprops.cpl Microsoft Corporation joy.cpl Microsoft Corporation main.cpl Microsoft Corporation mmsys.cpl Microsoft Corporation ncpa.cpl Microsoft Corporation netsetup.cpl Microsoft Corporation nusrmgr.cpl Microsoft Corporation odbccp32.cpl Microsoft Corporation powercfg.cpl Microsoft Corporation prefscpl.cpl RealNetworks, Inc. sysdm.cpl Microsoft Corporation telephon.cpl Microsoft Corporation timedate.cpl Microsoft Corporation wscui.cpl Microsoft Corporation wuaucpl.cpl Microsoft Corporation |
|
|
|
|
01-11-2006, 04:11 PM
|
#5 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,238
OS: N/A
|
Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.
* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * * Right click on this & choose "Save As..." DelO15Domains.inf - DelO15Domains.inf Right click on DelO15Domains.inf and choose Install. It will run immediately (you won't be able to see anything happen). You may delete the file afterwards. Host.zip - From within Host.zip, double click on MVPS.bat & allow it to run. Right click on this & select 'Save As' - DNSManual.bat Doubleclick on DNSManual.bat & allow it to run. SpywareBlaster 3.5.1 Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items IE-SpyAD - Extract the contents to a new folder From within the folder, double-click install.bat Select Option #2 - Install the new IE-SPYAD list. Then return to the main menu. Select option #4 - Add the old porn sites domain Please download the file attached - regdel.zip From within regdel.zip, doubleclick regdel.reg & allow it to merge with the Registry This will remove some malware entries from the Registry * * * * * * KILLBOX * * * * * * * * * * * * * * * * * * * * * * * Launch KillBox.exe & select the following options:
* Click the RED X button. * Click Yes at the Delete on Reboot prompt. * Click Yes at the 'Pending Operations prompt'. * * * * * * After you have rebooted, delete the contents of this folder, leaving it empty: C:\Program Files\Norton AntiVirus\Quarantine\ This would empty the System Volume Information folder Go to Start >> Run - type control sysdm.cpl,,4 & press Enter
Repeat the Kaspersky scan & post the resultant log along with a fresh HJT log. Let me know how the machine is behaving now.
__________________
Last edited by sUBs; 01-16-2006 at 03:06 PM. |
|
|
|
|
01-12-2006, 09:30 AM
|
#6 (permalink) |
|
Registered User
Join Date: Jan 2006
Posts: 5
OS: XP
|
At wits end
Done again and the computer seems to be working much better with no infection balloons and no popups. it is a bit faster also.
Logfile of HijackThis v1.99.1 Scan saved at 12:23:31 PM, on 1/12/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\HPQ\One-Touch\OneTouch.EXE C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\HijackThis\HijackThis.exe O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [AutoTBar] C:\hp\bin\autotbar.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKCU\..\Run: [HijackThis startup scan] C:\HijackThis.exe /startupscan O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://us8l.hpwis.com O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} - http://www.xblock.com/download/xclean_micro.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{770B91E1-B6E3-491F-A2EF-90A2291037FF}: NameServer = 216.220.230.24 216.220.230.25 O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Thursday, January 12, 2006 12:21:26 Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.67.0 Kaspersky Anti-Virus database last update: 12/01/2006 Kaspersky Anti-Virus database records: 170732 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 39747 Number of viruses found: 40 Number of infected objects: 100 Number of suspicious objects: 1 Duration of the scan process: 3211 sec Infected Object Name - Virus Name C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc10.exe Infected: Trojan-Clicker.Win32.VB.kc C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc11.exe/data0010 Infected: Trojan-Dropper.Win32.Small.qn C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc11.exe Infected: Trojan-Dropper.Win32.Small.qn C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc12.tmp Infected: Trojan-Downloader.Win32.Zlob.dl C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc13.txt Infected: not-virus:Hoax.Win32.Renos.aj C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc14.exe Infected: not-virus:Hoax.Win32.Renos.aj C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc15.tmp Infected: Trojan-Downloader.Win32.Zlob.dm C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc16.fr7 Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc17.tmp Infected: Trojan-Downloader.Win32.Zlob.dp C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc18.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc19.tmp Infected: Trojan-Downloader.Win32.Zlob.dl C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc20.dll Infected: not-a-virus:Dialer.Win32.E-Group.q C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc21.exe Infected: Trojan.Win32.Dialer.ay C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc23.exe Infected: Trojan.Win32.Pakes C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc25.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc26.exe Infected: Trojan-Downloader.Win32.PurityScan.ax C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc30.dat Infected: Trojan-Downloader.Win32.Qoologic.at C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc31.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc32.exe Infected: Trojan-Downloader.Win32.Tiny.al C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc33.exe Infected: Trojan-Clicker.Win32.VB.kc C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc34.exe Infected: Trojan-PSW.Win32.Agent.bu C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc35.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc36.exe Infected: Trojan.Win32.Pakes C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc37.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc39.dat Infected: Trojan-Downloader.Win32.Qoologic.at C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc4.tmp Infected: Trojan-Downloader.Win32.Zlob.dp C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc40.dat Infected: Trojan-Downloader.Win32.Qoologic.at C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc41.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc42.exe Infected: Trojan.Win32.Pakes C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc43.dll Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.f C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc44.fr0 Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.f C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc45.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc46.cpl Infected: Trojan-Downloader.Win32.Qoologic.at C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc47.exe Infected: Trojan.Win32.StartPage.agt C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc48.exe Infected: Trojan.Win32.Zapchast.ad C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc49.dll Infected: not-a-virus:Dialer.Win32.E-Group.d C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc5.tmp Infected: Trojan-Downloader.Win32.Zlob.dm C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc50.dll Infected: not-a-virus:Dialer.Win32.E-Group.l C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc51.exe Infected: not-virus:Hoax.Win32.Renos.aj C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc52.dll Infected: Trojan-Spy.Win32.Small.dg C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc53.dll Infected: Trojan-PSW.Win32.Agent.bu C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc54.tmp Infected: Trojan-Downloader.Win32.Zlob.dp C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc55.txt Infected: Packed.Win32.Klone.b C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc56.exe Infected: Packed.Win32.Klone.b C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc57.txt Infected: Packed.Win32.Klone.b C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc58.fr8 Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.f C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc59.exe Infected: Trojan-Clicker.Win32.VB.kc C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc6.dll Infected: not-virus:Hoax.Win32.Renos.af C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc60.txt Infected: Packed.Win32.Klone.b C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc61.exe Infected: SpamTool.Win32.Mailbot.q C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc62.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc62.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc62.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc62.exe/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc62.exe Infected: Trojan-Downloader.Win32.TSUpdate.f C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc63.dll Infected: not-a-virus:Porn-Dialer.Win32.InstantAccess.f C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc64.exe Infected: Trojan-Clicker.Win32.VB.kc C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc65.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc66.dat Infected: Trojan-Downloader.Win32.Qoologic.at C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc67.exe Infected: Trojan-Downloader.Win32.Small.buy C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc68.tmp Infected: Trojan-Downloader.Win32.Zlob.dm C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc69.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc69.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc69.exe Infected: Trojan-Dropper.Win32.VB.kk C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc7.tmp Infected: Trojan-Downloader.Win32.Zlob.dp C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc70.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc70.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc70.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ai C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc70.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc70.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc70.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc71.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc72.exe Infected: Trojan.Win32.StartPage.aw C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc73.exe Infected: Packed.Win32.Klone.b C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc74.tmp Infected: Trojan-Downloader.Win32.Zlob.dp C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc75.exe Infected: Trojan.Win32.Pakes C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc76.dll Infected: not-a-virus:AdWare.Win32.NaviPromo.m C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc77.dll Infected: Trojan-Clicker.Win32.Agent.ac C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc78.tmp Infected: Trojan-Downloader.Win32.Zlob.dp C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc79.exe Infected: Trojan-Downloader.Win32.Zlob.do C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc8.tmp Infected: Trojan-Downloader.Win32.Zlob.dm C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc80.exe Infected: Trojan-Downloader.Win32.Adload.l C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc81.exe Infected: Trojan-Dropper.Win32.Small.qn C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc82.exe Infected: Trojan-Downloader.Win32.Adload.l C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc83.exe Infected: Packed.Win32.Klone.b C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc84.txt Infected: Packed.Win32.Klone.b C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc85.txt Infected: Packed.Win32.Klone.b C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc86.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc87.exe Infected: Trojan.Win32.Pakes C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc88.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.j C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc89.exe Infected: Trojan-Downloader.Win32.TSUpdate.o C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc9.tmp Infected: Trojan-Downloader.Win32.Zlob.dp C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc90.exe Infected: Trojan-Dropper.Win32.VB.kk C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc91.exe Infected: Trojan-Downloader.Win32.Adload.j C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc92.exe Infected: Packed.Win32.Klone.b C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc93.exe Infected: Packed.Win32.Klone.b C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc94.cpl Infected: Trojan-Downloader.Win32.Qoologic.at C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc95.dat Infected: Trojan-Downloader.Win32.Qoologic.at C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc96.exe Infected: Trojan-Downloader.Win32.Qoologic.at C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc97.htm Suspicious: Exploit.HTML.Mht C:\RECYCLER\S-1-5-21-1399826384-2718059322-1914771934-1006\Dc98.tmp Infected: Trojan-Downloader.Win32.Zlob.dm Scan process completed. 
|
|
|
|
|
01-12-2006, 09:41 AM
|
#7 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 23,238
OS: N/A
|
Run CleanUp! once more to clear the garbage from the Recycle Bin.
Once that's done, consider yourself cleansed.  Kindly follow these simple steps in order to keep your computer clean and secure:
Update all these programs regularly. Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein After doing all these, your system will be optimised against future threats. It's okay to delete the Hijack This folder in a couple weeks if everything is working okay. Have a safe & happy computing day.  Please respond to this thread one more time so we can mark this thread as resolved.
__________________
|
|
|
|
|
01-12-2006, 10:10 AM
|
#8 (permalink) |
|
Registered User
Join Date: Jan 2006
Posts: 5
OS: XP
|
At wits end
I will complete the final tasks and return the computer to my most grateful friend who I am sure i will convince to make a contribution. I really appreciate all your help and your extremely rapid response. It has been a great learning experience. Thank you!!!!!!!
|
|
|
|
| Thread Tools | |
|
|
