Sorry I requiere this..

Fenrry · 04-05-2006, 10:56 PM

A friend of mine cann't use her pc, it simple won't boot, after I went and check out with all the pain in my mouth (tooths were taken with no regard for my humanity..

), I was able to do some tricks and got the safemode working...so so...
The pc simple will boot in normal mode and will start loading the mighty "BraveSentry", besides she's getting a non MsWinUpdate message on the taskbar warning that "Your Windows pc....... and a long a** story....is not protected and needs to install some critical updates", then my pain grows and I'm about to kill her.
But that's not the best part, a bunch of stuff starts asking ZA to allow going online, then after some useless attempts I got a "Warning your system has ......something...from a crash and will shut down.....then the clock of less than a minute", then reboots, don't know how much stuff she got, is really messed up, and I've been in pain for the past 4 days, all the help I may get will be really, really apreciated.

Btw, No Ad-aware was able to run, neither Spybot, didn't have time to do so and I was merely able to get a HJT log cause of the speed of the events in the machine.....sorry.....

Logfile of HijackThis v1.99.1
Scan saved at 09:16:51 p.m., on 05/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\inet20001\services.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\MediaGateway\MediaGateway.exe
C:\program files\zango\zango.exe
C:\WINDOWS\twbuvsl.exe
C:\Program Files\Block Checker\block-checker.exe
C:\WINDOWS\system32\kernels8.exe
C:\WINDOWS\system32\netfilt4.exe
C:\WINDOWS\system32\netfilt4.exe
C:\WINDOWS\inet20001\socks.exe
C:\Documents and Settings\All Users\Desktop\HijackThis.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Windows\xpupdate.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\inet20001\mm5.exe
C:\WINDOWS\system32\netfilt4.exe
C:\WINDOWS\System\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\netsh.exe
C:\Program Files\BraveSentry\BraveSentry.exe
C:\WINDOWS\system32\netsh.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dlh9jkdq2.exe
C:\WINDOWS\system32\dlh9jkdq6.exe
C:\WINDOWS\system32\dlh9jkdq7.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllcache\IExplore.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\inet20001\socks.exe
C:\WINDOWS\system32\maxd64.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Microsoft Works\WkDStore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R3 - Default URLSearchHook is missing
F3 - REG:win.ini: run=C:\WINDOWS\inet20001\services.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20001\3.03.00.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Zango Search Assistant Helper - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll
O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} - C:\WINDOWS\system32\ipsec6mom.dll
O2 - BHO: (no name) - {81A35F39-4850-474E-92C9-B4CF283207E0} - C:\WINDOWS\system32\mstask64.dll
O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\system32\navshext1.dll
O2 - BHO: IExplorerHelper Class - {E89097ED-3400-411D-9647-D368C3311C98} - C:\WINDOWS\system32\IeHelperExVSS.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe"
O4 - HKLM\..\Run: [twbuvsl] C:\WINDOWS\twbuvsl.exe
O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe
O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels8.exe
O4 - HKLM\..\RunServices: [netfilt4] C:\WINDOWS\system32\netfilt4.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels8.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [netfilt4] C:\WINDOWS\system32\netfilt4.exe
O4 - HKCU\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20001\services.exe
O4 - HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\system32\vxgame1.exe3584.exe
O4 - HKCU\..\Run: [BraveSentry] C:\Program Files\BraveSentry\BraveSentry.exe
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\User\LOCALS~1\Temp\7.tmp
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...pv2.0.0.9.cab?
O17 - HKLM\System\CCS\Services\Tcpip\..\{64CE08C7-7045-43A7-95FF-74D069C7819F}: NameServer = 85.255.114.41,85.255.112.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D2D9C29-DE56-4999-A987-EB4F0CCE07B8}: NameServer = 85.255.114.41,85.255.112.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1A6715B-6D1D-43F5-B0D1-CC53EF85871B}: NameServer = 85.255.114.41,85.255.112.24
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: 00Hedgie00reg - C:\Documents and Settings\All Users\Documents\Settings\00Hedgie00.dll
O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll
O20 - Winlogon Notify: ur32artreg - C:\Documents and Settings\All Users\Documents\Settings\ur32art.dll
O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:\WINDOWS\system32\lfcckllk.dll
O21 - SSODL: yZheSRERFlH - {60398713-CA93-2DB9-F260-F39679B2C65B} - C:\WINDOWS\system32\xltk.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Now if you all excuse me I have some pain killers to take and probably will be up in 24 hours.........probably...

Hustler24 · 04-06-2006, 04:40 AM

Hi and welcome to TSF.

I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible.

You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply.

Please be patient with me during this time.

Hustler24 · 04-06-2006, 04:47 AM

Fen,

This log is severely infected.

How much of the 5-step process have you/can you carry out? It will make it much easier to clean the system.

http://www.techsupportforum.com/hija...ijackthis.html

Let me know and post a new log when you are done.

Thanks.

Fenrry · 04-06-2006, 11:59 PM

Hya Hustler, after some struggle I was able to run in Safe Mode, got a little defrag so it will run a little better (really necesary!), yet the scan with Ad-aware and Spybot took me around an hour and little bit more, then I was able to boot in normal mode, got Cwshredder done, didn't see any programs to uninstall on add remove at CP (I'm a little woozy for the pain and pills..) I will triple check this today since I'm feeling a little bit better, but I got me a nice Panda Scan and the HJT log here for you, everything under 6 hours...:

Logfile of HijackThis v1.99.1
Scan saved at 09:04:06 p.m., on 06/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\vxgame1.exe3584.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
F3 - REG:win.ini: run=C:\WINDOWS\inet20001\services.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} - C:\WINDOWS\system32\ipsec6mom.dll
O2 - BHO: (no name) - {81A35F39-4850-474E-92C9-B4CF283207E0} - C:\WINDOWS\system32\mstask64.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINDOWS\inet20001\socks.exe
O4 - HKLM\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKLM\..\Run: [windows] c:\temp\svchost.exe
O4 - HKLM\..\Run: [6] C:\DOCUME~1\User\LOCALS~1\Temp\6.exe
O4 - HKLM\..\Run: [dmwfc.exe] C:\WINDOWS\system32\dmwfc.exe
O4 - HKLM\..\RunOnce: [Panda_cleaner_193685] C:\WINDOWS\system32\ActiveScan\pavdr.exe 193685
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20001\services.exe
O4 - HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\system32\vxgame1.exe3584.exe
O4 - HKCU\..\Run: [BraveSentry] C:\Program Files\BraveSentry\BraveSentry.exe
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\User\LOCALS~1\Temp\7.tmp
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...pv2.0.0.9.cab?
O17 - HKLM\System\CCS\Services\Tcpip\..\{64CE08C7-7045-43A7-95FF-74D069C7819F}: NameServer = 85.255.114.41,85.255.112.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D2D9C29-DE56-4999-A987-EB4F0CCE07B8}: NameServer = 85.255.114.41,85.255.112.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1A6715B-6D1D-43F5-B0D1-CC53EF85871B}: NameServer = 85.255.114.41,85.255.112.24
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: 00Hedgie00reg - C:\Documents and Settings\All Users\Documents\Settings\00Hedgie00.dll
O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll
O20 - Winlogon Notify: ur32artreg - C:\Documents and Settings\All Users\Documents\Settings\ur32art.dll
O21 - SSODL: yZheSRERFlH - {60398713-CA93-2DB9-F260-F39679B2C65B} - C:\WINDOWS\system32\xltk.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

...

Hustler24 · 04-07-2006, 01:32 AM

The Panda scan is missing. Please post it.

Hustler24 · 04-07-2006, 06:32 AM

Please ignore the above post. I will post further instructions shortly where you can post a Panda log as part of your reply.

Hustler24 · 04-08-2006, 01:42 AM

Hi Fen,

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

The system has several password stealing Trojans onboard. When we have cleaned it, I recommend that your friend change all her online passwords if she has any.

Go to My Computer >Tools >Folder Options >View tab and select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK.

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download Cleanup! or use this (Alternate Link) if the main link does not work and install it. You will use this later.

*NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups.

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

*Note* Alternet download sites for smitrem... http://www.downloads.subratam.org/smitRem.exe
http://www.bleepingcomputer.com/file...ar/smitRem.exe

Download Ewido Security Suite

1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

2. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

3. From the main ewido screen, click on update in the left menu, then click the Start update button.

4. After the update finishes (the status bar at the bottom will display "Update successful")

Close Ewido.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Once the desktop loads please save the text that will open (report.txt).

Download and unzip BFUzip from http://www.merijn.org/files/bfu.zip
Run the program and click the Web button as shown here:

Use this URL to copy into the address bar of the Download script window:
http://metallica.geekstogo.com/MediaGateway.BFU

Make sure all IE windows are closed.

Execute the script by clicking the Execute button.

If you have any questions about the use of BFU please read here:
http://metallica.geekstogo.com/BFUinstructions.html

Download Blockrem from HERE. Unzip it to its own folder on your desktop.

Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears).

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):

BraveSentry

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

Click Scanner
Click Complete System Scan to begin scanning.
Click OK when prompted to clean files
With the first file it prompts to clean, select the option: "Perform action on all infections"
Choose clean and click OK.
Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour.

Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
F3 - REG:win.ini: run=C:\WINDOWS\inet20001\services.exe
O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} - C:\WINDOWS\system32\ipsec6mom.dll
O2 - BHO: (no name) - {81A35F39-4850-474E-92C9-B4CF283207E0} - C:\WINDOWS\system32\mstask64.dll
O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINDOWS\inet20001\socks.exe
O4 - HKLM\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKLM\..\Run: [windows] c:\temp\svchost.exe
O4 - HKLM\..\Run: [6] C:\DOCUME~1\User\LOCALS~1\Temp\6.exe
O4 - HKLM\..\Run: [dmwfc.exe] C:\WINDOWS\system32\dmwfc.exe
O4 - HKCU\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20001\services.exe
O4 - HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\system32\vxgame1.exe3584.exe
O4 - HKCU\..\Run: [BraveSentry] C:\Program Files\BraveSentry\BraveSentry.exe
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\User\LOCALS~1\Temp\7.tmp
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...pv2.0.0.9.cab?
O17 - HKLM\System\CCS\Services\Tcpip\..\{64CE08C7-7045-43A7-95FF-74D069C7819F}: NameServer = 85.255.114.41,85.255.112.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{9D2D9C29-DE56-4999-A987-EB4F0CCE07B8}: NameServer = 85.255.114.41,85.255.112.24
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1A6715B-6D1D-43F5-B0D1-CC53EF85871B}: NameServer = 85.255.114.41,85.255.112.24
O20 - Winlogon Notify: 00Hedgie00reg - C:\Documents and Settings\All Users\Documents\Settings\00Hedgie00.dll
O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll
O20 - Winlogon Notify: ur32artreg - C:\Documents and Settings\All Users\Documents\Settings\ur32art.dll
O21 - SSODL: yZheSRERFlH - {60398713-CA93-2DB9-F260-F39679B2C65B} - C:\WINDOWS\system32\xltk.dll

Please remember to close all other windows, including browsers then click Fix checked.

Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

C:\WINDOWS\ inet20001
C:\WINDOWS\system32\ ipsec6mom.dll
C:\WINDOWS\system32\ mstask64.dll
C:\WINDOWS\ bxproxy.exe
C:\WINDOWS\system32\ dmwfc.exe
C:\WINDOWS\System\ svchost.exe < - Only the svchost.exe from this location
C:\WINDOWS\system32\ vxgame1.exe3584.exe
C:\Program Files\ BraveSentry
C:\Documents and Settings\All Users\Documents\Settings\ 00Hedgie00.dll
C:\WINDOWS\SYSTEM32\ senssrv.dll
C:\Documents and Settings\All Users\Documents\Settings\ ur32art.dll
C:\WINDOWS\system32\ xltk.dll

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Open the Blockrem folder on your desktop and double-click blockrem.bat (this is the file with the gear icon) to run it.

Once it is running please follow the onscreen instructions.

Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows:

Click Options
Move the slider button down to Custom CleanUp!

Check the following:

Empty Recycle Bins
Delete Cookies
Delete Prefetch files
Cleanup! All Users

Uncheck the following :

Scan local drives for temporary files

Click OK, Press the CleanUp! button to start the program and reboot when prompted.

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on the "Free To Use ActiveScan" located on the top right hand corner

Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting My Computer

If it finds any malware, it will offer you a report.

Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.

Click on See report then click Save report

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Paste the Panda Scan report here together with a new HiJack This log, ewido's log , the log from FixWareout and C:\smitfiles.txt

Fenrry · 04-08-2006, 07:19 PM

Ok, first the logs and then I'll tell you of some issues I just saw.

++++++

Panda:

Incident Status Location

Adware:adware/adsmart Not disinfected C:\WINDOWS\SYSTEM32\dlh9jkdq1.exe
Adware:adware/spysheriff Not disinfected C:\WINDOWS\SYSTEM32\kernels8.exe
Potentially unwanted tool:application/bravesentry Not disinfected C:\Documents and Settings\User\Desktop\BraveSentry.lnk
Adware:adware/savenow Not disinfected Windows Registry
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Administrator\Desktop\Smitrem.exe[Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\All Users\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\All Users\Desktop\Smitrem.exe[Process.exe]
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\User\Desktop\mhh.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\dlh9jkdq1.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\kernels8.exe

++++

Smithfiles

smitRem © log file
version 2.8

by noahdfear

Microsoft Windows XP [Version 5.1.2600]
The current date is: Sat 04/08/2006
The current time is: 20

56.23

Running from
C:\Documents and Settings\Administrator\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

checking for WinHound.com key

WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 1504 'explorer.exe'
Killing PID 1504 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\system32\browseui.dll"

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~

CLEAN! :)

++++++++

Wareout

Fixwareout ver 1.003
Last edited march/15/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\artmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\iugogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\sidkkhc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\atsniwd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ko2toob
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tafggrfd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tsiphxp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\nmdapxlt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\cvsgolps
...

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
"dmtra.exe"=-
...

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\IPSEC6.EXE
* csr.exe C:\WINDOWS\System32\CSNHQ.EXE

»»»»» Misc files
* thequicklink C:\WINDOWS\System32\XJDNU.DLL

»»»»» Checking for older varients covered by the Rem3 tool

+++++

Ewido

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 7:30:08 PM, 4/8/2006
+ Report-Checksum: 4B8939B3

+ Scan result:

HKLM\SOFTWARE\Classes\AppID\{78364D99-A640-4ddf-B91A-67EFF8373045} -> Trojan.Brospy.c : Cleaned with backup
[196] C:\Documents and Settings\All Users\Documents\Settings\ur32art.dll -> Trojan.Agent.oh : Error during cleaning
C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Block Checker.lnk -> Adware.BlockChecker : Cleaned with backup
C:\Documents and Settings\User\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\User\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\User\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup
C:\Documents and Settings\User\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Val3nTina\Application Data\Mozilla\Firefox\Profiles\2af395vh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Val3nTina\Application Data\Mozilla\Firefox\Profiles\2af395vh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Val3nTina\Application Data\Mozilla\Firefox\Profiles\2af395vh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Val3nTina\Application Data\Mozilla\Firefox\Profiles\2af395vh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Val3nTina\Application Data\Mozilla\Firefox\Profiles\2af395vh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Val3nTina\Application Data\Mozilla\Firefox\Profiles\2af395vh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Val3nTina\Application Data\Mozilla\Firefox\Profiles\2af395vh.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Val3nTina\Application Data\Mozilla\Firefox\Profiles\2af395vh.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Val3nTina\Application Data\Mozilla\Firefox\Profiles\2af395vh.default\cookies.txt -> TrackingCookie.7search : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Val3nTina\Application Data\Mozilla\Firefox\Profiles\2af395vh.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Val3nTina\Application Data\Mozilla\Firefox\Profiles\2af395vh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Val3nTina\Application Data\Mozilla\Firefox\Profiles\2af395vh.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
C:\Program Files\Canon\MP Navigator 1.1\mpn.exe -> Not-A-Virus.NetTool.Win32.CalcDNet.d : Cleaned with backup
C:\Program Files\Save -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Save\ACM.dll -> Adware.SaveNow : Cleaned with backup
C:\Program Files\Save\store.db -> Adware.SaveNow : Cleaned with backup
C:\RECYCLER\S-1-5-21-1409082233-484763869-725345543-500\Dc3\3.02.04.dll -> Adware.Ihbo : Cleaned with backup
C:\RECYCLER\S-1-5-21-1409082233-484763869-725345543-500\Dc3\3.03.00.dll -> Adware.Ihbo : Cleaned with backup
C:\RECYCLER\S-1-5-21-1409082233-484763869-725345543-500\Dc3\services.exe -> Downloader.CWS.s : Cleaned with backup
C:\WINDOWS\bxproxy.exe -> Logger.Small.dv : Cleaned with backup
C:\WINDOWS\load.exe -> Trojan.Agent.eo : Cleaned with backup
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\comdlg64.dll -> Proxy.Agent.ji : Cleaned with backup
C:\WINDOWS\system32\csnhq.exe -> Downloader.Agent.uj : Cleaned with backup
C:\WINDOWS\system32\dlh9jkdq6.exe -> Downloader.Tibs.dr : Cleaned with backup
C:\WINDOWS\system32\dlh9jkdq7.exe -> Downloader.Tibs.dr : Cleaned with backup
C:\WINDOWS\system32\dmnmw.exe -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\dmtgu.exe -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\dmtra.exe -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\eboqopkc.exe -> Proxy.Wopla.t : Cleaned with backup
C:\WINDOWS\system32\ecdhbikl.exe -> Proxy.Wopla.t : Cleaned with backup
C:\WINDOWS\system32\fcjmeahh.exe -> Proxy.Wopla.t : Cleaned with backup
C:\WINDOWS\system32\icfagegj.exe -> Proxy.Wopla.t : Cleaned with backup
C:\WINDOWS\system32\IeHelperExVSS.dll -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\ipsec6mom.dll -> Logger.Agent.eo : Cleaned with backup
C:\WINDOWS\system32\ipsec6mon.dll -> Logger.Agent.eo : Cleaned with backup
C:\WINDOWS\system32\mnmsrv.exe -> Logger.Small.dv : Cleaned with backup
C:\WINDOWS\system32\mstask64.dll -> Logger.Delf.ex : Cleaned with backup
C:\WINDOWS\system32\navshext1.dll -> Adware.Chiem : Cleaned with backup
C:\WINDOWS\system32\RpcxSs.dll -> Logger.Small.dv : Cleaned with backup
C:\WINDOWS\system32\senssrv.dll -> Downloader.Agent.afl : Cleaned with backup
C:\WINDOWS\system32\splogsvc.exe -> Hijacker.Small.kg : Cleaned with backup
C:\WINDOWS\system32\sysvx.exe -> Worm.Locksky.al : Cleaned with backup
C:\WINDOWS\system32\vxgame1.exe3584.exe -> Logger.Agent.ly : Cleaned with backup
C:\WINDOWS\system32\xjdnu.dll -> Adware.SBSoft : Cleaned with backup

::Report End

+++++

HJT

Logfile of HijackThis v1.99.1
Scan saved at 08:57:00 p.m., on 08/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
F3 - REG:win.ini: run=C:\WINDOWS\inet20001\services.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20001\services.exe
O4 - HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\system32\vxgame1.exe3584.exe
O4 - HKCU\..\Run: [BraveSentry] C:\Program Files\BraveSentry\BraveSentry.exe
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\User\LOCALS~1\Temp\7.tmp
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: 00Hedgie00reg - C:\Documents and Settings\All Users\Documents\Settings\00Hedgie00.dll
O20 - Winlogon Notify: 3246762198745124975reg - C:\Documents and Settings\All Users\Documents\Settings\3246762198745124975.dll
O20 - Winlogon Notify: ur32artreg - C:\Documents and Settings\All Users\Documents\Settings\ur32art.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

+++++++++++++++++++++

On normal mode I'm not able to run the Task Manager, but the pc seems to be working way better than the momment I got my hands on it, after all back then not even I was able to run windows for 5 mins.
When I boot on normal mode I got the warning "inte2001", I attached a copy of the warning, never asked by you to do so but I thought it will be usefull somehow, besides that the pc behaves normal, but I know it still requiere some work.

Now, in Safe Mode, that's another story, the cpu is all the time at 100%, process csrss.exe is working at 85~ all the time, can go down, can go up, IExplorer supposedly opens like 3 or 4 times randomly (for what I saw in the Task Manager, it doesn't open any browser windows), I run a HJT and save a Log, attached again aside so it won't get confused with the other part, for what I saw the infection is quite different than the one running on normal mode, Safe Mode still runs very slow.

Finally, thnx for all the help, time and understanding.

Hustler24 · 04-09-2006, 10:11 AM

Run a search for these folders and delete them manually via Start > Search, if present:

C:\WINDOWS\ inet20001
C:\Program Files\ BraveSentry

Click Here to download Killbox by Option^Explicit.

Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.

Select the following options:

delete on Reboot
All files (if available)

*Copy the file names below to the clipboard by highlighting them and pressing Control-C

Quote:

C:\WINDOWS\System\svchost.exe
C:\WINDOWS\bxproxy.exe
C:\WINDOWS\system32\vxgame1.exe3584.exe
C:\Documents and Settings\All Users\Documents\Settings\00Hedgie00.dll
C:\Documents and Settings\All Users\Documents\Settings\3246762198745124975.dll
C:\Documents and Settings\All Users\Documents\Settings\ur32art.dll
C:\WINDOWS\system32\FreezeScreenSaver.exe

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

*Click on the dropdown menu next to Full Path of File to Delete field.
*Verify that the filenames you pasted are found there
Select/tick the following:
* Delete on Reboot
* End Explorer Shell While Killing File
* Unregister.dll Before Deleting"

*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

After the reboot run HijackThis again. Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
F3 - REG:win.ini: run=C:\WINDOWS\inet20001\services.exe
O4 - HKCU\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20001\services.exe
O4 - HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe
O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\system32\vxgame1.exe3584.exe
O4 - HKCU\..\Run: [BraveSentry] C:\Program Files\BraveSentry\BraveSentry.exe
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\User\LOCALS~1\Temp\7.tmp
O20 - Winlogon Notify: 00Hedgie00reg - C:\Documents and Settings\All Users\Documents\Settings\00Hedgie00.dll
O20 - Winlogon Notify: 3246762198745124975reg - C:\Documents and Settings\All Users\Documents\Settings\3246762198745124975.dll
O20 - Winlogon Notify: ur32artreg - C:\Documents and Settings\All Users\Documents\Settings\ur32art.dll
O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe

Run CleanUp! again following the previous instructions.

Reboot into Safe Mode, run a Hijack This scan and fix the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing

Reboot normally.

Perform an online scan with Internet Explorer with

Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Post the Kaspersky scan and a new Hijack This log.

How many accounts are on this PC?

Fenrry · 04-09-2006, 02:42 PM

Logfile of HijackThis v1.99.1
Scan saved at 04:28:18 p.m., on 09/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\HJT\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

+++++++

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, April 09, 2006 4:24:17 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 9/04/2006
Kaspersky Anti-Virus database records: 187112
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 43378
Number of viruses found: 53
Number of infected objects: 471
Number of suspicious objects: 2
Duration of the scan process: 00:23:07

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/svchost.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip ZIP: suspicious - 1 skipped
C:\Music\04 Track 4.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Music\05 Track 5.wma Infected: Trojan-Downloader.WMA.Wimad.c skipped
C:\Music\TOTALLY HIP TRACK.wma Infected: Trojan-Downloader.WMA.Wimad.c skipped
C:\Music\Wicked Remix.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP100\A0011364.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP100\A0011411.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP100\A0011424.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP100\A0011446.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP100\A0011506.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP101\A0012678.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP101\A0013678.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP102\A0013731.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP102\A0013742.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP102\A0013778.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP102\A0013805.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP103\A0013861.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP103\A0013872.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP103\A0013886.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP104\A0014005.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP104\A0014058.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP105\A0014083.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP105\A0014146.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP106\A0014167.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP106\A0014180.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP106\A0014197.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP107\A0014212.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP107\A0014242.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP107\A0014256.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP107\A0014276.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP107\A0014363.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP108\A0014386.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP108\A0014429.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP108\A0014452.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP108\A0014479.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP109\A0014531.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP109\A0014545.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP109\A0014558.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP109\A0014598.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP109\A0014642.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP109\A0014676.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP109\A0014720.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP109\A0014778.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP109\A0014812.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP110\A0014843.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP110\A0014867.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP110\A0014901.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP110\A0014941.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP111\A0014959.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP111\A0015000.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP112\A0015025.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP112\A0016030.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP112\A0016066.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP112\A0016127.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP112\A0016186.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP113\A0016211.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP113\A0016222.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP113\A0016274.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP113\A0016334.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP114\A0016418.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP114\A0016468.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP114\A0016494.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP114\A0016507.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016523.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016548.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016578.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016616.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016641.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016656.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016685.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016745.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016756.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016768.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016781.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016818.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016829.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016844.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016870.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016887.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016968.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016988.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP116\A0017005.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP117\A0017063.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP117\A0017082.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP117\A0017149.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP118\A0018152.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP119\A0018181.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP119\A0018205.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP120\A0018275.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP120\A0018327.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP120\A0018362.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP120\A0018396.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP120\A0018444.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP121\A0018534.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP121\A0018559.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP122\A0018629.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP122\A0018667.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP122\A0018679.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP122\A0018721.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP123\A0018753.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP123\A0018765.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP124\A0019767.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP124\A0019813.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP124\A0019868.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP125\A0019963.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP125\A0020007.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP126\A0020024.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP126\A0020047.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP127\A0020060.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP127\A0020088.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP127\A0020101.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP127\A0020117.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP127\A0020128.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP128\A0020145.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP128\A0020179.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP128\A0020195.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP128\A0020231.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP128\A0020247.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP128\A0020282.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0020318.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0021316.dll Infected: Trojan-Spy.Win32.Delf.ex skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0021320.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0021321.exe Infected: Email-Worm.Win32.Locksky.al skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0021322.dll Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0021324.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0021327.exe Infected: Trojan-PSW.Win32.Agent.fv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0021329.exe Infected: Trojan-Downloader.Win32.Agent.hy skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0021330.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0021331.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0021332.exe Infected: Trojan-Downloader.Win32.Small.cpp skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022317.dll Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022318.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022319.exe Infected: Email-Worm.Win32.Locksky.al skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022324.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022325.exe Infected: Trojan-PSW.Win32.Agent.fv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022329.exe Infected: Trojan-Downloader.Win32.Agent.hy skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022330.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022331.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022332.exe Infected: Trojan-Downloader.Win32.CWS.s skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022333.exe Infected: Trojan-Downloader.Win32.Small.cps skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022335.exe Infected: Trojan-Dropper.Win32.Small.ann skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022336.dll Infected: Packed.Win32.Tibs skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022337.exe Infected: Trojan-PSW.Win32.Agent.eo skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022338.exe Infected: Trojan.Win32.Agent.oh skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022339.exe Infected: Trojan-Downloader.Win32.Agent.afl skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022340.exe Infected: Trojan-Spy.Win32.Delf.ex skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023314.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023320.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023321.exe Infected: Trojan-PSW.Win32.Agent.fv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023322.dll Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023323.exe Infected: Email-Worm.Win32.Locksky.al skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023324.exe Infected: Trojan-Proxy.Win32.Small.cf skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023328.exe Infected: Trojan-Downloader.Win32.Agent.hy skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023329.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023330.exe Infected: Trojan-Downloader.Win32.Small.cpp skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023331.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023332.dll Infected: Packed.Win32.Tibs skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023333.exe Infected: Trojan-Downloader.Win32.CWS.s skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023334.exe Infected: Trojan-Downloader.Win32.Small.cps skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023335.exe Infected: Trojan-Downloader.Win32.Small.cph skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023336.exe Infected: Trojan-PSW.Win32.Agent.eo skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023337.exe Infected: Trojan.Win32.Agent.oh skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023338.exe Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023339.exe Infected: Trojan-Spy.Win32.Small.dv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023340.dll Infected: Trojan-Spy.Win32.Agent.eo skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023341.exe Infected: Trojan-Spy.Win32.Agent.ly skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023348.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023352.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023353.exe Infected: Email-Worm.Win32.Locksky.al skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023354.dll Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023356.exe Infected: Trojan-PSW.Win32.Agent.fv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023359.exe Infected: Trojan-Proxy.Win32.Small.cf skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023360.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023363.exe Infected: Trojan-Downloader.Win32.Agent.hy skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023364.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023365.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023366.exe Infected: Trojan-Downloader.Win32.Small.cpp skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023367.exe Infected: Trojan-Downloader.Win32.CWS.s skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023368.exe Infected: Trojan-Downloader.Win32.Small.cps skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023369.dll Infected: Packed.Win32.Tibs skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023370.exe Infected: Trojan-Downloader.Win32.Small.cph skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023371.exe Infected: Trojan-PSW.Win32.Agent.eo skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023372.exe Infected: Trojan.Win32.Agent.oh skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023373.exe Infected: Trojan-Spy.Win32.Small.dv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024348.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024351.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024353.exe Infected: Email-Worm.Win32.Locksky.al skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024356.dll Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024358.exe Infected: Trojan-PSW.Win32.Agent.fv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024359.exe Infected: Trojan-Proxy.Win32.Small.cf skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024362.exe Infected: Trojan-Downloader.Win32.Agent.hy skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024363.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024364.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024365.exe Infected: Trojan-Downloader.Win32.Small.cpp skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024366.exe Infected: Trojan-Downloader.Win32.CWS.s skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024367.dll Infected: Packed.Win32.Tibs skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024368.exe Infected: Trojan-Downloader.Win32.Small.cps skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024369.exe Infected: Trojan-Downloader.Win32.Small.cph skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024370.exe Infected: Trojan-Downloader.Win32.Small.cqe skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024371.exe Infected: Trojan.Win32.Agent.oh skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024372.exe Infected: Trojan-Downloader.Win32.Agent.afl skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025348.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025354.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025355.dll Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025356.exe Infected: Email-Worm.Win32.Locksky.al skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025357.exe Infected: Trojan-PSW.Win32.Agent.fv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025358.exe Infected: Trojan-Proxy.Win32.Small.cf skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025360.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025363.exe Infected: Trojan-Downloader.Win32.Agent.hy skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025364.exe Infected: Trojan-Downloader.Win32.Small.cpp skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025365.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025366.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025367.exe Infected: Trojan-Downloader.Win32.CWS.s skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025368.exe Infected: Trojan-Downloader.Win32.Small.cps skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025369.exe Infected: Trojan-Downloader.Win32.Small.cph skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025370.dll Infected: Packed.Win32.Tibs skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025371.exe Infected: Trojan-Downloader.Win32.Small.cqe skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025372.exe Infected: Trojan.Win32.Agent.oh skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025373.exe Infected: Trojan-Spy.Win32.Small.dv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025379.dll Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025380.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025381.exe Infected: Email-Worm.Win32.Locksky.al skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025385.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025386.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025389.exe Infected: Trojan-PSW.Win32.Agent.fv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025390.exe Infected: Trojan-Proxy.Win32.Small.cf skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025393.exe Infected: Trojan-Downloader.Win32.Agent.hy skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025394.exe Infected: Trojan-Downloader.Win32.Small.cpp skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025395.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025396.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025397.exe Infected: Trojan-Downloader.Win32.CWS.s skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025398.exe Infected: Trojan-Downloader.Win32.Small.cps skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025399.dll Infected: Packed.Win32.Tibs skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025400.exe Infected: Trojan-Downloader.Win32.Small.cph skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025401.exe Infected: Trojan-PSW.Win32.Agent.eo skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025402.exe Infected: Trojan.Win32.Agent.oh skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025403.exe Infected: Trojan-Downloader.Win32.Agent.afl skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025408.dll Infected: Trojan-Spy.Win32.Delf.ex skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025410.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025413.exe Infected: Email-Worm.Win32.Locksky.al skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025414.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025416.exe Infected: not-virus:Hoax.Win32.Renos.ch skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025419.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025422.exe Infected: Trojan-PSW.Win32.Agent.fv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025423.exe Infected: Trojan-Proxy.Win32.Small.cf skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025424.exe Infected: Trojan-Downloader.Win32.Agent.hy skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025425.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025426.exe Infected: Trojan-Downloader.Win32.Small.cpp skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025427.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025428.exe Infected: Trojan-Downloader.Win32.CWS.s skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025429.exe Infected: Trojan-Downloader.Win32.Small.cps skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025430.dll Infected: Packed.Win32.Tibs skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025431.exe Infected: Trojan-Downloader.Win32.Small.cph skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025432.exe Infected: Trojan-Downloader.Win32.Small.cqe skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025433.exe Infected: Trojan.Win32.Agent.oh skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025434.exe Infected: Trojan-Downloader.Win32.Agent.afl skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025450.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025451.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025452.exe Infected: Email-Worm.Win32.Locksky.al skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025458.exe Infected: Trojan-PSW.Win32.Agent.fv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025459.exe Infected: Trojan-Proxy.Win32.Small.cf skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025460.exe Infected: not-virus:Hoax.Win32.Renos.ch skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025465.exe Infected: Trojan-Downloader.Win32.Agent.hy skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025466.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025467.exe Infected: Trojan-Downloader.Win32.Small.cpp skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025468.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025469.exe Infected: Trojan-Downloader.Win32.Small.cqe skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025470.exe Infected: Trojan-Downloader.Win32.CWS.s skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025471.exe Infected: Trojan-Downloader.Win32.Small.cps skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025472.exe Infected: Trojan-Downloader.Win32.Small.cph skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025478.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025484.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025485.exe Infected: Trojan-PSW.Win32.Agent.fv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025486.dll Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025487.exe Infected: Email-Worm.Win32.Locksky.al skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025488.exe Infected: Trojan-Proxy.Win32.Small.cf skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026478.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026480.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026481.exe Infected: Email-Worm.Win32.Locksky.al skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026485.exe Infected: Trojan-PSW.Win32.Agent.fv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026488.exe Infected: Trojan-Proxy.Win32.Small.cf skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026705.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026708.exe Infected: Trojan-PSW.Win32.Agent.fv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026709.exe Infected: Trojan-Proxy.Win32.Small.cf skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026714.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026715.exe Infected: Email-Worm.Win32.Locksky.al skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026716.dll Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026719.exe Infected: Trojan-Spy.Win32.Agent.ly skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026720.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026723.exe Infected: Trojan-Downloader.Win32.Agent.hy skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026724.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026726.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026727.exe Infected: Trojan-Downloader.Win32.Small.cqe skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026728.exe Infected: Trojan-Dropper.Win32.Small.ann skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026729.exe Infected: Trojan-Downloader.Win32.CWS.s skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026730.exe Infected: Trojan-Downloader.Win32.Small.cps skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026731.exe Infected: Trojan-Downloader.Win32.Small.cph skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026732.dll Infected: Packed.Win32.Tibs skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026744.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026745.exe Infected: Email-Worm.Win32.Locksky.al skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026746.dll Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026750.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026753.exe Infected: Trojan-PSW.Win32.Agent.fv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026754.exe Infected: Trojan-Proxy.Win32.Small.cf skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026758.exe Infected: Trojan-Downloader.Win32.Agent.hy skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026759.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026761.exe Infected: Trojan.Win32.Agent.oh skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026762.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026763.exe Infected: Trojan-Spy.Win32.Small.dv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026764.exe Infected: Trojan-Dropper.Win32.Small.ann skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026765.exe Infected: Trojan-Downloader.Win32.CWS.s skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026767.exe Infected: Trojan-Downloader.Win32.Small.cps skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026769.exe Infected: Trojan-Downloader.Win32.Small.cph skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026771.dll Infected: Packed.Win32.Tibs skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0027743.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0027745.dll Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0027746.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0027748.exe Infected: Email-Worm.Win32.Locksky.al skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0027751.exe Infected: Trojan-PSW.Win32.Agent.fv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0027752.exe Infected: Trojan-Proxy.Win32.Small.cf skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0028744.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0028745.exe Infected: Email-Worm.Win32.Locksky.al skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0028746.exe Infected: not-virus:Hoax.Win32.Renos.ch skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0028747.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0029745.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0031757.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0031758.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0031761.exe Infected: Email-Worm.Win32.Locksky.al skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0031762.exe Infected: Trojan-PSW.Win32.Agent.fv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0031763.exe Infected: Trojan-Proxy.Win32.Small.cf skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0031765.exe Infected: not-virus:Hoax.Win32.Renos.ch skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0032754.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0032758.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0032760.exe Infected: Email-Worm.Win32.Locksky.al skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0032762.dll Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0032763.exe Infected: Trojan-PSW.Win32.Agent.fv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0032764.exe Infected: Trojan-Proxy.Win32.Small.cf skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034772.exe Infected: Trojan-Downloader.Win32.Small.cph skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034773.exe Infected: Trojan-Downloader.Win32.CWS.s skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034774.exe Infected: Trojan-Spy.Win32.Small.dv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034775.exe Infected: Trojan-Downloader.Win32.Agent.afl skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034776.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034777.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034779.exe Infected: IM-Worm.Win32.Chiem.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034780.exe Infected: Trojan.Win32.Starter.e skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034782.exe Infected: Email-Worm.Win32.Delf.i skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034792.exe Infected: Trojan-Downloader.Win32.Small.cps skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034793.exe Infected: Trojan.Win32.Agent.oh skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034794.exe Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034795.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034796.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034797.exe Infected: Trojan-Downloader.Win32.Agent.hy skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034812.exe Infected: not-virus:Hoax.Win32.Renos.ch skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034813.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034814.exe Infected: Trojan-Downloader.Win32.Small.cph skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034815.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034816.exe Infected: Trojan-Spy.Win32.Delf.ig skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034817.exe Infected: Trojan-Proxy.Win32.Small.cf skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034818.exe Infected: Trojan-PSW.Win32.Agent.fv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034819.dll Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034820.exe Infected: not-virus:Hoax.Win32.Renos.ch skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034821.exe Infected: Trojan.Win32.Small.hl skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034822.dll Infected: Trojan-Proxy.Win32.Wopla.t skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034823.dll Infected: Trojan-Proxy.Win32.Wopla.t skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034824.dll Infected: Trojan-Proxy.Win32.Wopla.t skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034825.dll Infected: Trojan-Proxy.Win32.Wopla.t skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034826.exe Infected: Trojan-Spy.Win32.Delf.ex skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034827.dll Infected: Trojan-Proxy.Win32.Lager.aq skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034828.exe Infected: Backdoor.Win32.Agent.xb skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034834.dll Infected: Trojan-Proxy.Win32.Agent.df skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0034981.exe Infected: Trojan-Spy.Win32.Agent.ly skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035006.dll Infected: not-a-virus:AdWare.Win32.Ihbo.d skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035007.dll Infected: not-a-virus:AdWare.Win32.Ihbo.e skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035008.exe Infected: Trojan-Downloader.Win32.CWS.s skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035009.exe Infected: Trojan-Spy.Win32.Small.dv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035010.exe Infected: Trojan-PSW.Win32.Agent.eo skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035011.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035012.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035014.exe Infected: Trojan-Downloader.Win32.Tibs.dr skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035015.exe Infected: Trojan-Downloader.Win32.Tibs.dr skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035019.exe Infected: Trojan-Proxy.Win32.Wopla.t skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035020.exe Infected: Trojan-Proxy.Win32.Wopla.t skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035021.exe Infected: Trojan-Proxy.Win32.Wopla.t skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035022.exe Infected: Trojan-Proxy.Win32.Wopla.t skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035023.dll Infected: Packed.Win32.Tibs skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035024.dll Infected: Trojan-Spy.Win32.Agent.eo skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035025.dll Infected: Trojan-Spy.Win32.Agent.eo skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035026.exe Infected: Trojan-Spy.Win32.Small.dv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035027.dll Infected: Trojan-Spy.Win32.Delf.ex skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035028.dll Infected: not-a-virus:AdWare.Win32.Chiem.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035029.dll Infected: Trojan-Spy.Win32.Small.dv skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035030.exe Infected: Trojan-Clicker.Win32.Small.kg skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035031.exe Infected: Email-Worm.Win32.Locksky.al skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035032.exe Infected: Trojan-Spy.Win32.Agent.ly skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035033.dll Infected: not-a-virus:AdWare.Win32.SBSoft.h skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035097.dll Infected: Trojan-Downloader.Win32.Agent.afl skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe/WISE0057.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe/WISE0058.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe/WISE0059.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe/WISE0060.BIN/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe/WISE0060.BIN/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe/WISE0060.BIN/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe/WISE0060.BIN/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.370 skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe/WISE0060.BIN/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe/WISE0060.BIN/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe/WISE0060.BIN Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe/WISE0061.BIN Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe/WISE0062.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe WiseSFX: infected - 12 skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe WiseSFX Dropper: infected - 12 skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035392.exe Infected: Packed.Win32.PePatch.z skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP84\A0009232.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP85\A0009286.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP85\A0009341.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP86\A0009356.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP86\A0009383.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP87\A0009447.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP87\A0009469.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP87\A0009533.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP87\A0009572.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP88\A0009616.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP89\A0009628.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP89\A0009666.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP90\A0009756.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP90\A0009836.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP90\A0009890.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP90\A0009955.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP90\A0009966.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP90\A0009979.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP90\A0009998.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP90\A0010019.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP90\A0010030.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP91\A0010060.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP91\A0010102.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP91\A0010119.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP91\A0010153.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP92\A0010209.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP92\A0010248.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP93\A0010300.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP94\A0010360.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP94\A0010378.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP94\A0010395.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP95\A0010452.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP95\A0010463.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP95\A0010508.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP95\A0010555.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP95\A0010573.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP96\A0010630.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP96\A0010651.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP96\A0010695.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP97\A0010714.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP97\A0010767.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP97\A0010778.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP97\A0010812.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP97\A0010849.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP98\A0010870.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP98\A0010882.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP98\A0010934.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP99\A0010968.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP99\A0011045.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP99\A0011058.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP99\A0011088.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP99\A0011120.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP99\A0011170.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP99\A0011181.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP99\A0011199.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP99\A0011213.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP99\A0011246.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP99\A0011295.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped
C:\WINDOWS\system32\dlh9jkdq5.exe Infected: Trojan-Downloader.Win32.Tibs.ds skipped
C:\WINDOWS\system32\kernels8.exe Infected: Packed.Win32.PePatch.z skipped
C:\WINDOWS\system32\parad.raw.exe Infected: Packed.Win32.Tibs skipped

Scan process completed.

+++++++

Ok, I can move around SM easily than before, still very slow when opening the Windows explorer to check files and folders, the system iddle is showing around 90% usage yet cpu is at 4% or less with some unusual spikes that take everything to 100%.

The folders you asked me to delete are nowhere to be found.

About accounts, the pc used to have 3 accounts, Main admin (only in SM) and other 2 admin accounts for normal use, I actually deleted 1, so now is only 1 in normal mode and 2 in SM (Main Admin and Admin user for normal mode).

Question, that F2 entry in HJT is supposed to be there?

I guess it still needs one last try, so I'm waiting your directions anytime.

Hustler24 · 04-10-2006, 05:33 AM

The Hijack This log is clean!

Please delete the following files:

C:\WINDOWS\system32\ dlh9jkdq5.exe
C:\WINDOWS\system32\ kernels8.exe
C:\WINDOWS\system32\ parad.raw.exe
C:\Music\ 04 Track 4.wma
C:\Music\ 05 Track 5.wma
C:\Music\ TOTALLY HIP TRACK.wma
C:\Music\ Wicked Remix.wma

Open Spybot and empty the Quarantine folder.

Run CleanUp once more using the settings that you have previously used.

Update the definitions for Ewido and run a full system scan again

Create an uninstall list:

Open HiJackThis
Click on the configure button on the bottom right
Click on the tab "Misc Tools"
Click on the Box that says "Open Uninstall Manager"
Click on the button "Save list"
Copy and past the List from the notepad file into your post

Reboot normally and tell me how the system is performing now.

Post Ewido's log, the uninstall list and a new Hijack This log.

PS: - The F2 entry is fine!!

Fenrry · 04-10-2006, 05:21 PM

Logfile of HijackThis v1.99.1
Scan saved at 07:07:59 p.m., on 10/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

+++++++

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Reader 7.0
ArcSoft PhotoStudio 5.5
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
avast! Antivirus
Canon MP Drivers 7.0
Canon MP Navigator 1.1
Canon ScanGear Starter
Canon Utilities Easy-PhotoPrint
CleanUp!
Creative MediaSource
Desktop Weather by The Weather Channel
Easy-WebPrint
ewido anti-malware
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
iTunes
J2SE Runtime Environment 5.0 Update 3
Kaspersky On-line Scanner
Lavasoft VX2 Cleaner
LimeWire 4.9.30
Logitech QuickCam Software
Logitech® Camera Driver
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Money 2005
Microsoft Office PowerPoint Viewer 2003
Microsoft Picture It! Premium 10
Microsoft Streets and Trips 2005
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Mozilla Firefox (1.5)
MSN
MSN Messenger 7.5
Nero Suite
NeroVision Express 2
OmniPage SE 2.0
Panda ActiveScan
QuickTime
Realtek AC'97 Audio
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Shockwave
Spybot - Search & Destroy 1.4
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB912945)
Winamp (remove only)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Yahoo! Anti-Spy
Yahoo! Install Manager
Yahoo! Toolbar
ZoneAlarm

+++++++++

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 05:28:20 p.m., 10/04/2006
+ Report-Checksum: C12407B4

+ Scan result:

HKU\S-1-5-21-1409082233-484763869-725345543-1004\Software\Microsoft\Internet Explorer\Keywords -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1409082233-484763869-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup
HKU\S-1-5-21-1409082233-484763869-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78364D99-A640-4DDF-B91A-67EFF8373045} -> Trojan.Brospy.c : Cleaned with backup
HKU\S-1-5-21-1409082233-484763869-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1409082233-484763869-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup

::Report End

++++++++++++++

Hya, ok the issues, in safe mode still accesing the Windows Explorer is difficult, don't know why but it takes like a minute to show the contents.
In normal mode, can't access the Task manager, and the option to change access to some private or system folders is not possible, it may be cause of having the Main Admin (Safe mode) running with password?
Aside of that everything looks good.

Hustler24 · 04-11-2006, 01:13 PM

Please run CWShredder in Normal Mode.

Please download SilentRunners.vbs - Right click & choose Save As... SilentRunners.vbs

Before proceeding, disable any anti-virus or anti-spyware programs that may block/disable scripts

Launch SilentRunners by double-clicking the downloaded file. In the ensuing Window, select 'No' to avoid skipping supplementary searches. Please be patient as the script requires a few minutes to complete.

When it's done, you'll receive the prompt "All Done!". It will create a file called "Startup Programs". Post ALL its contents here in your next reply.

Download StartDreck

Unzip to its own folder and start the program:
Press 'Config'
Press 'Unmark All'

Check the following boxes only:
Registry -> Run Keys
System/drivers> Running processes
Press 'Ok'

Press 'Save' and select the location to save the log file (default is the same folder as the application)

Post the log in this thread.

So I need the SilentRunners log and the StartDreck log please.

Fenrry · 04-12-2006, 05:24 PM

Hya Hustler, I will include logs for both NM and SM, since I'm experiencing more trouble in SM, SM logs will be attached so there is no confusion.

Logfile of HijackThis v1.99.1
Scan saved at 07

25 p.m., on 12/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\HJT\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

+++++++

Silent Runners

"Silent Runners.vbs", revision 44, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"updateMgr" = ""C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]
"InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]
"OPSE reminder" = ""C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"" ["ScanSoft, Inc."]
"LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."]
"LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe " ["Logitech Inc."]
"OpwareSE2" = ""C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"" ["ScanSoft, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{4A368E80-174F-4872-96B5-0B27DDD11DB2}\(Default) = "SpywareGuard Download Protection"
-> {HKLM...CLSID} = "SpywareGuardDLBLOCK.CBrowserHelper"
\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\dlprotect.dll" [null data]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {HKLM...CLSID} = "Shell Extension for CDRW"
\InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Ahead Software AG"]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
-> {HKLM...CLSID} = "My Logitech Pictures"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
-> {HKLM...CLSID} = "ShellLink for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
-> {HKLM...CLSID} = "Shell Icon Handler for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard"
-> {HKLM...CLSID} = "SpywareGuard.Handler"
\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]
INFECTION WARNING! "{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard"
-> {HKLM...CLSID} = "SpywareGuard.Handler"
\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
"System" = (value not set)

HKLM\System\CurrentControlSet\Control\Session Manager\
INFECTION WARNING! "BootExecute" = "autocheck autochk * PFDNNT C:\WINDOWS\SYSTEM32\XLTK.DLL" [file not found], [MS], [file not found], [file not found], [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Startup items in "User" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\User\Start Menu\Programs\Startup
"SpywareGuard" -> shortcut to: "C:\Program Files\SpywareGuard\sgmain.exe" [null data]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"SpywareGuard" -> shortcut to: "C:\Program Files\SpywareGuard\sgmain.exe" [null data]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"
-> {HKLM...CLSID} = "Easy-WebPrint"
\InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."]

Explorer Bars

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{B205A35E-1FC4-4CE3-818B-899DBBB3388C}\

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTSvcCDA.EXE" ["Creative Technology Ltd"]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
InCD Helper, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["Ahead Software AG"]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor MP130\Driver = "CNMLM6s.DLL" ["CANON INC."]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 52 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 9 seconds.
---------- (total run time: 92 seconds)

+++++++

StartDreck

StartDreck (build 2.1.7 public stable) - 2006-04-12 @ 15:57:51 (GMT -04:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as User at USER-4E47281385

»Registry
»Run Keys
»Current User
»Run
*LogitechSoftwareUpdate="C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
*MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
*CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
*updateMgr="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
»RunOnce
»Default User
»Run
*bxproxy=C:\WINDOWS\bxproxy.exe
»RunOnce
»Local Machine
»Run
*ATIPTA=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
*SoundMan=SOUNDMAN.EXE
*avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
*Zone Labs Client=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
*InCD=C:\Program Files\Ahead\InCD\InCD.exe
*OPSE reminder="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
*LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
*LogitechVideoRepair=C:\Program Files\Logitech\Video\ISStart.exe
*OpwareSE2="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
*QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»Files
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+468=\SystemRoot\System32\smss.exe
+528=\??\C:\WINDOWS\system32\csrss.exe
+552=\??\C:\WINDOWS\system32\winlogon.exe
+600=C:\WINDOWS\system32\services.exe
+612=C:\WINDOWS\system32\lsass.exe
+760=C:\WINDOWS\system32\Ati2evxx.exe
+780=C:\WINDOWS\system32\svchost.exe
+840=C:\WINDOWS\system32\svchost.exe
+904=C:\WINDOWS\System32\svchost.exe
+928=C:\Program Files\Ahead\InCD\InCDsrv.exe
+1136=C:\WINDOWS\system32\svchost.exe
+1152=C:\WINDOWS\system32\svchost.exe
+1368=C:\WINDOWS\system32\spoolsv.exe
+1416=C:\WINDOWS\system32\Ati2evxx.exe
+1484=C:\WINDOWS\Explorer.EXE
+1720=C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
+1732=C:\Program Files\Alwil Software\Avast4\ashServ.exe
+1752=C:\WINDOWS\system32\CTSvcCDA.EXE
+1784=C:\Program Files\ewido anti-malware\ewidoctrl.exe
+1852=C:\WINDOWS\system32\svchost.exe
+1868=C:\WINDOWS\system32\wdfmgr.exe
+1888=C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+204=C:\WINDOWS\system32\MsPMSPSv.exe
+1604=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
+1616=C:\WINDOWS\SOUNDMAN.EXE
+1628=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
+1940=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
+2176=C:\Program Files\Ahead\InCD\InCD.exe
+2392=C:\WINDOWS\system32\LVCOMSX.EXE
+2400=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
+2592=C:\Program Files\Messenger\msmsgs.exe
+2656=C:\WINDOWS\system32\ctfmon.exe
+3900=C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
+2924=C:\Startdreck\StartDreck.exe
»Application specific

Running Defrag in SM takes something like 8 to 10 mins for 1% while on NM is around 5mins for the same percentage, there is no fragmented files just contiguous files, and the other issues on SM remain.
Btw, WinUpdates released yesterday are installed!!.

Hustler24 · 04-14-2006, 11:21 AM

Click START…RUN…Type in regedit. Make sure just "My Computer" is showing in the left pane and click..FILE….EXPORT…and save a copy somewhere in case you make a mistake. Now navigate to the following keys and delete the file/folder/entry I highlighted in RED

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
"System"

Navigate to:

HKLM\System\CurrentControlSet\Control\Session Manager\

Double click on "BootExecute" in the right pane.

You should then see the Data as autocheck autochk * PFDNNT C:\WINDOWS\SYSTEM32\XLTK.DLL

Delete PFDNNT C:\WINDOWS\SYSTEM32\XLTK.DLL so that only autocheck autochk * is left.

Exit the Registry Editor.

Delete these files using Killbox via the method we used earlier:

C:\WINDOWS\ bxproxy.exe
C:\WINDOWS\SYSTEM32\ XLTK.DLL

Download WinPFInd http://www.bleepingcomputer.com/file...r/WinPFind.zip and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.

Reboot into Safe Mode.

Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.! Once the Scan is Complete it will make a txt file (log) of what was found.

1. Go to the WinPFind folder
2. Locate WinPFind.txt
3. Please post those results along with a new Silent Runners log and StartDreck log.

Fenrry · 04-14-2006, 11:44 AM

Do you want me to run that under Safe Mode or Normal? Sorry, I just have to ask..

Hustler24 · 04-14-2006, 12:05 PM

Open the attached file and merge it with your registry. Reboot normally.

Set up StartDreck like this:

Start the program
Press 'Config'
Press 'mark all'
Uncheck the following boxes only:
System/Running Process -> List Modules
System/Drivers -> NT Services
System/Drivers -> NT Kernel- and FS-drivers
Press 'OK'
Press 'Save' and select the location to save the log file (default is the same folder as the application)

Download WinPFind as per my previous instructions. Post the StartDreck log, a new Silent Runners log and the WinPFind log .

Fenrry · 04-17-2006, 01:37 PM

Stardreck

StartDreck (build 2.1.7 public stable) - 2006-04-17 @ 14:51:41 (GMT -04:00)
Platform: Windows XP (Win NT 5.1.2600 Service Pack 2)
Internet Explorer: 6.0.2900.2180
Logged in as User at USER-4E47281385

»Registry
»Run Keys
»Current User
»Run
*LogitechSoftwareUpdate="C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
*MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
*CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
*updateMgr="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
»RunOnce
»Default User
»Run
»RunOnce
»Local Machine
»Run
*ATIPTA=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
*SoundMan=SOUNDMAN.EXE
*avast!=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
*Zone Labs Client=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
*InCD=C:\Program Files\Ahead\InCD\InCD.exe
*OPSE reminder="C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
*LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
*LogitechVideoRepair=C:\Program Files\Logitech\Video\ISStart.exe
*OpwareSE2="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
*QuickTime Task="C:\Program Files\QuickTime\qttask.exe" -atboottime
+OptionalComponents
+MSFS
*Installed=1
+MAPI
*Installed=1
*NoChange=1
+MAPI
*Installed=1
*NoChange=1
»RunOnce
»RunServices
»RunServicesOnce
»RunOnceEx
»RunServicesOnceEx
»File Associations (CR)
+.bat
*batfile="%1" %*
+.com
*comfile="%1" %*
+.disabled
*SpybotSD.DisabledFile="C:\Program Files\Spybot - Search & Destroy\blindman.exe" "%1"
+.exe
*exefile="%1" %*
+.hta
*htafile=C:\WINDOWS\system32\mshta.exe "%1" %*
+.htm
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.html
*FirefoxHTML=C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -url "%1"
+.js
*JSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.jse
*JSEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.pif
*piffile="%1" %*
+.reg
*regfile=regedit.exe "%1"
+.scr
*scrfile="%1" /S
+.txt
*txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1
+.vbs
*VBSFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.vbe
*VBEFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsh
*WSHFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.wsf
*WSFFile=%SystemRoot%\System32\WScript.exe "%1" %*
+.lnk
`lnkfile= [key or value does not exist]
»Active Setup (LM)
+Microsoft Windows Media Player/>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
*StubPath=C:\WINDOWS\inf\unregmp2.exe /ShowWMP
+Internet Explorer/>{26923b43-4d38-484f-9b9e-de460746276c}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
+Browser Customizations/>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
*StubPath=RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
+Outlook Express/>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
*StubPath=%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
+Themes Setup/{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
*StubPath=%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
+Microsoft Outlook Express 6/{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
+NetMeeting 3.01/{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
+Internet Explorer/{4b218e3e-bc98-4770-93d3-2731b9329278}
*StubPath=%SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf
+Windows Messenger 4.7/{5945c046-1e7d-11d1-bc44-00c04fd912be}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
+Microsoft Windows Media Player/{6BF52A52-394A-11d3-B153-00C04F79FAA6}
*StubPath=rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub
+Address Book 6/{7790769C-0471-11d2-AF11-00C04FA35D02}
*StubPath="%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
+Windows Desktop Update/{89820200-ECBD-11cf-8B85-00AA005B4340}
*StubPath=regsvr32.exe /s /n /i:U shell32.dll
+Internet Explorer 6/{89820200-ECBD-11cf-8B85-00AA005B4383}
*StubPath=%SystemRoot%\system32\ie4uinit.exe
»Browser Helper Objects (LM)
*yt.YTHelper.2/{02478D38-C3F9-4EFB-9B51-7695ECA05670}
`InprocServer32=C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
*AcroIEHelper.AcroIEHlprObj.1/{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
`InprocServer32=C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
*SpywareGuardDLBLOCK.CBrowserHelper/{4A368E80-174F-4872-96B5-0B27DDD11DB2}
`InprocServer32=C:\Program Files\SpywareGuard\dlprotect.dll
*{53707962-6F74-2D53-2644-206D7942484F}
`InprocServer32=C:\PROGRA~1\SPYBOT~1\SDHelper.dll
*SSVHelper Class/{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
`InprocServer32=C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
»Internet Explorer
»Current User
*Local Page=C:\WINDOWS\system32\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://yahoo.com/
+SearchUrl
*provider=
»Default User
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
»Local Machine
*Default_Page_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
*Default_Search_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Local Page=%SystemRoot%\system32\blank.htm
*Search Page=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
*Start Page=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
*CustomizeSearch=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
*SearchAssistant=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
»ShellServiceObjectDelayLoad (LM)
*PostBootReminder={7849596a-48ea-486e-8937-a2a3009f31a9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*CDBurn={fbeb8a05-beee-4442-804e-409d6c4515e9}
`InprocServer32=%SystemRoot%\system32\SHELL32.dll
*WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
`InprocServer32=%SystemRoot%\system32\webcheck.dll
*SysTray={35CEC8A3-2BE6-11D2-8773-92E220524153}
`InprocServer32=C:\WINDOWS\system32\stobject.dll
»Special NT Values
»Current User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Default User
*Load=
*Run=
*Programs=com exe bat pif cmd
*SHELL=
»Local Machine
*AppInit_DLLs=
*SHELL=Explorer.exe
*Userinit=userinit.exe
»Files
»Autostart Folders
»Current User
*C:\Documents and Settings\User\Start Menu\Programs\Startup\desktop.ini
*C:\Documents and Settings\User\Start Menu\Programs\Startup\SpywareGuard.lnk
»Default User
*C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\desktop.ini
»Local Machine
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
*C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpywareGuard.lnk
»INI-Files
»WIN.INI\[windows]
*LOAD=
*RUN=
»SYSTEM.INI\[boot]
*SHELL=Explorer.exe
»Text Files
*C:\boot.ini
`[boot loader]
`timeout=30
`default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
`[operating systems]
`multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
*C:\msdos.sys
*C:\config.sys
*C:\WINDOWS\system32\config.nt
`dos=high, umb
`device=%SystemRoot%\system32\himem.sys
`files=40
`device=C:\PROGRA~1\ALWILS~1\Avast4\aswmonds.sys
*C:\autoexec.bat
*C:\WINDOWS\system32\autoexec.nt
`@echo off
`lh %SystemRoot%\system32\mscdexnt.exe
`lh %SystemRoot%\system32\redir
`lh %SystemRoot%\system32\dosx
`SET BLASTER=A220 I5 D1 P330 T3
*C:\WINDOWS\system32\drivers\etc\hosts
`127.0.0.1 localhost
`127.0.0.1 zango.com
`127.0.0.1 www.zango.com
»Program Files
*C:\ntldr
*C:\ntdetect.com
*C:\io.sys
*C:\WINDOWS\system32\win.com
*C:\WINDOWS\explorer.exe
»%PATH% Companion Files
+C:\WINDOWS\system32\notepad.exe
*C:\WINDOWS\NOTEPAD.EXE
+C:\WINDOWS\system32\taskman.exe
*C:\WINDOWS\TASKMAN.EXE
+C:\WINDOWS\system32\winhlp32.exe
*C:\WINDOWS\winhlp32.exe
»System/Drivers
»Running Processes
+0=<idle>
+4=<system>
+468=\SystemRoot\System32\smss.exe
+552=\??\C:\WINDOWS\system32\csrss.exe
+580=\??\C:\WINDOWS\system32\winlogon.exe
+624=C:\WINDOWS\system32\services.exe
+636=C:\WINDOWS\system32\lsass.exe
+784=C:\WINDOWS\system32\Ati2evxx.exe
+804=C:\WINDOWS\system32\svchost.exe
+864=C:\WINDOWS\system32\svchost.exe
+932=C:\WINDOWS\System32\svchost.exe
+952=C:\Program Files\Ahead\InCD\InCDsrv.exe
+1152=C:\WINDOWS\system32\svchost.exe
+1188=C:\WINDOWS\system32\svchost.exe
+1352=C:\WINDOWS\system32\spoolsv.exe
+1476=C:\WINDOWS\system32\Ati2evxx.exe
+1532=C:\WINDOWS\Explorer.EXE
+1740=C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
+1752=C:\Program Files\Alwil Software\Avast4\ashServ.exe
+1772=C:\WINDOWS\system32\CTSvcCDA.EXE
+1804=C:\Program Files\ewido anti-malware\ewidoctrl.exe
+1856=C:\WINDOWS\system32\svchost.exe
+1872=C:\WINDOWS\system32\wdfmgr.exe
+1892=C:\WINDOWS\system32\ZoneLabs\vsmon.exe
+208=C:\WINDOWS\system32\MsPMSPSv.exe
+1012=C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
+1240=C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
+2236=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
+2244=C:\WINDOWS\SOUNDMAN.EXE
+2252=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
+2272=C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
+2296=C:\Program Files\Ahead\InCD\InCD.exe
+2320=C:\WINDOWS\system32\LVCOMSX.EXE
+2336=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
+2428=C:\Program Files\Messenger\msmsgs.exe
+2456=C:\WINDOWS\system32\ctfmon.exe
+2532=C:\Program Files\SpywareGuard\sgmain.exe
+2644=C:\Program Files\SpywareGuard\sgbhp.exe
+2984=C:\WINDOWS\system32\wuauclt.exe
+3204=C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
+3392=C:\Startdreck\StartDreck.exe
»VMM32Files (LM)
»%System%\VMM32
»%System%\IOSUBSYS
»Application specific
»MS Office 97/8.0 STARTUP-PATH
»Current User
»Default User
»Local Machine
»ICQ NetDetect
»Current User
»Default User

+++++++

WpFind

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 12/21/1999 7:58:02 AM 21312 C:\WINDOWS\choice.exe

Checking %System% folder...
UPX! 1/27/2006 5:38:10 PM 503296 C:\WINDOWS\SYSTEM32\aswBoot.exe
PEC2 8/4/2004 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 2/14/2006 9:20:14 AM 550120 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 4/6/2006 3:48:38 PM 5143456 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 4/6/2006 3:48:38 PM 5143456 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 8:00:00 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 8:00:00 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/4/2004 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
4/17/2006 2:56:08 PM S 2048 C:\WINDOWS\bootstat.dat
4/9/2006 4:57:44 PM RH 0 C:\WINDOWS\assembly\PublisherPolicy.tme
4/9/2006 4:57:44 PM RH 0 C:\WINDOWS\assembly\pubpol1.dat
4/11/2006 1:15:52 PM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1b.dat
4/11/2006 1:15:54 PM RH 0 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\index1c.dat
4/8/2006 5:44:48 PM HS 2177 C:\WINDOWS\system32\6E3DBFB2
4/17/2006 2:49:06 PM H 35980 C:\WINDOWS\system32\vsconfig.xml
4/10/2006 7:29:08 PM H 4212 C:\WINDOWS\system32\zllictbl.dat
3/24/2006 1:11:10 AM S 10337 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB904942.cat
3/22/2006 7:17:30 PM S 14054 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB908531.cat
3/23/2006 2:15:38 AM S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911562.cat
3/13/2006 4:45:34 PM S 7898 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911565.cat
3/17/2006 5:24:26 AM S 12455 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911567.cat
3/30/2006 6:03:56 AM S 22339 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB912812.cat
4/17/2006 2:55:54 PM H 8192 C:\WINDOWS\system32\config\default.LOG
4/17/2006 3:04:30 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
4/17/2006 2:56:10 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
4/17/2006 3:05:04 PM H 73728 C:\WINDOWS\system32\config\software.LOG
4/17/2006 2:56:26 PM H 933888 C:\WINDOWS\system32\config\system.LOG
4/12/2006 3:47:50 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
4/9/2006 4:51:02 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\9c84a1fe-026f-4334-b7f4-718f1b51aac4
4/9/2006 4:51:02 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
4/17/2006 2:54:00 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 8:00:00 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 4/18/2005 7:57:58 AM 18706432 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/4/2004 8:00:00 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Logitech Inc. 6/8/2005 4:13:28 PM 282624 C:\WINDOWS\SYSTEM32\camcpl.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 5:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 8/4/2004 8:00:00 AM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 5/26/2005 5:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
10/29/2005 6:44:48 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
4/10/2006 8:31:22 PM 659 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpywareGuard.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
10/30/2005 1:34:28 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
11/1/2005 11:39:34 PM 1751 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
10/29/2005 6:44:48 PM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
4/10/2006 8:31:22 PM 659 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\SpywareGuard.lnk

Checking files in %USERPROFILE%\Application Data folder...
10/30/2005 1:34:28 AM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini
4/6/2006 3:03:02 PM 56 C:\Documents and Settings\Administrator\Application Data\wklnhst.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\avast
{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Yahoo! Toolbar Helper = C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}
SpywareGuardDLBLOCK.CBrowserHelper = C:\Program Files\SpywareGuard\dlprotect.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} = Easy-WebPrint : C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B205A35E-1FC4-4CE3-818B-899DBBB3388C}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\system32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\system32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
SoundMan SOUNDMAN.EXE
avast! C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
InCD C:\Program Files\Ahead\InCD\InCD.exe
OPSE reminder "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"
LVCOMSX C:\WINDOWS\system32\LVCOMSX.EXE
LogitechVideoRepair C:\Program Files\Logitech\Video\ISStart.exe
OpwareSE2 "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE
item Adobe Reader Speed Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~4\Office10\OSA.EXE -b -l
item Microsoft Office
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~4\Office10\OSA.EXE -b -l
item Microsoft Office

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "C:\Program Files\iTunes\iTunesHelper.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command "C:\Program Files\iTunes\iTunesHelper.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogitechVideoTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item LogiTray
hkey HKLM
command C:\Program Files\Logitech\Video\LogiTray.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item LogiTray
hkey HKLM
command C:\Program Files\Logitech\Video\LogiTray.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoActiveDesktopChanges 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700} 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
DisableTaskMgr 0

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
NoChangingWallPaper 0
NoAddingComponents 0
NoComponents 0
NoDeletingComponents 0
NoEditingComponents 0
NoCloseDragDropBands 0
NoMovingBands 0
NoHTMLWallPaper 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoActiveDesktop 0
NoSaveSettings 0
ClassicShell 0
NoThemesTab 0
ForceActiveDesktopOn 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0
NoDispAppearancePage 0
NoColorChoice 0
NoSizeChoice 0
NoDispBackgroundPage 0
NoDispScrSavPage 0
NoDispCPL 0
NoVisualStyleChoice 0
NoDispSettingsPage 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\system32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\system32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = userinit.exe
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent
= Ati2evxx.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 4/17/2006 3:14:44 PM

+++++++

Silent runners

"Silent Runners.vbs", revision 44, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"LogitechSoftwareUpdate" = ""C:\Program Files\Logitech\Video\ManifestEngine.exe" boot" ["Logitech Inc."]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"CTFMON.EXE" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"updateMgr" = ""C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1" ["Adobe Systems Incorporated"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ATIPTA" = "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" ["ATI Technologies, Inc."]
"SoundMan" = "SOUNDMAN.EXE" ["Realtek Semiconductor Corp."]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"Zone Labs Client" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" ["Zone Labs, LLC"]
"InCD" = "C:\Program Files\Ahead\InCD\InCD.exe" ["Ahead Software AG"]
"OPSE reminder" = ""C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini"" ["ScanSoft, Inc."]
"LVCOMSX" = "C:\WINDOWS\system32\LVCOMSX.EXE" ["Logitech Inc."]
"LogitechVideoRepair" = "C:\Program Files\Logitech\Video\ISStart.exe " ["Logitech Inc."]
"OpwareSE2" = ""C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"" ["ScanSoft, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{02478D38-C3F9-4EFB-9B51-7695ECA05670}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar Helper"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{4A368E80-174F-4872-96B5-0B27DDD11DB2}\(Default) = "SpywareGuard Download Protection"
-> {HKLM...CLSID} = "SpywareGuardDLBLOCK.CBrowserHelper"
\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\dlprotect.dll" [null data]
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{950FF917-7A57-46BC-8017-59D9BF474000}" = "Shell Extension for CDRW"
-> {HKLM...CLSID} = "Shell Extension for CDRW"
\InProcServer32\(Default) = "C:\Program Files\Ahead\InCD\incdshx.dll" ["Ahead Software AG"]
"{400CFEE2-39D0-46DC-96DF-E0BB5A4324B3}" = "My Logitech Pictures"
-> {HKLM...CLSID} = "My Logitech Pictures"
\InProcServer32\(Default) = "C:\Program Files\Logitech\Video\Namespc2.dll" ["Logitech Inc."]
"{21569614-B795-46b1-85F4-E737A8DC09AD}" = "Shell Search Band"
-> {HKLM...CLSID} = "Shell Search Band"
\InProcServer32\(Default) = "C:\WINDOWS\system32\browseui.dll" [MS]
"{e82a2d71-5b2f-43a0-97b8-81be15854de8}" = "ShellLink for Application References"
-> {HKLM...CLSID} = "ShellLink for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}" = "Shell Icon Handler for Application References"
-> {HKLM...CLSID} = "Shell Icon Handler for Application References"
\InProcServer32\(Default) = "C:\WINDOWS\system32\dfshim.dll" [MS]
"{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard"
-> {HKLM...CLSID} = "SpywareGuard.Handler"
\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\ewido anti-malware\shellhook.dll" ["TODO: <Firmenname>"]
INFECTION WARNING! "{81559C35-8464-49F7-BB0E-07A383BEF910}" = "SpywareGuard"
-> {HKLM...CLSID} = "SpywareGuard.Handler"
\InProcServer32\(Default) = "C:\Program Files\SpywareGuard\spywareguard.dll" [null data]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! AtiExtEvent\DLLName = "Ati2evxx.dll" ["ATI Technologies Inc."]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Program Files\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Startup items in "User" & "All Users" startup folders:
------------------------------------------------------

C:\Documents and Settings\User\Start Menu\Programs\Startup
"SpywareGuard" -> shortcut to: "C:\Program Files\SpywareGuard\sgmain.exe" [null data]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"SpywareGuard" -> shortcut to: "C:\Program Files\SpywareGuard\sgmain.exe" [null data]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{327C2873-E90D-4C37-AA9D-10AC9BABA46C}" = "Easy-WebPrint"
-> {HKLM...CLSID} = "Easy-WebPrint"
\InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll" ["Yahoo! Inc."]

Explorer Bars

Dormant Explorer Bars in "View, Explorer Bar" menu

HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_06"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll" ["Sun Microsystems, Inc."]

{B205A35E-1FC4-4CE3-818B-899DBBB3388C}\

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Ati HotKey Poller, Ati HotKey Poller, "C:\WINDOWS\system32\Ati2evxx.exe" ["ATI Technologies Inc."]
avast! Antivirus, avast! Antivirus, ""C:\Program Files\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
Creative Service for CDROM Access, Creative Service for CDROM Access, "C:\WINDOWS\system32\CTSvcCDA.EXE" ["Creative Technology Ltd"]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido anti-malware\ewidoctrl.exe" ["ewido networks"]
InCD Helper, InCDsrv, "C:\Program Files\Ahead\InCD\InCDsrv.exe" ["Ahead Software AG"]
TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" ["Zone Labs, LLC"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
WMDM PMSP Service, WMDM PMSP Service, "C:\WINDOWS\system32\MsPMSPSv.exe" [MS]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor MP130\Driver = "CNMLM6s.DLL" ["CANON INC."]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 34 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 8 seconds.
---------- (total run time: 72 seconds)

...

Hopefully I got not too many to clean now.

Hustler24 · 04-17-2006, 03:35 PM

Fen,

Please navigate to the following file:

C:\WINDOWS\system32\ 6E3DBFB2

Right-click it and choose Properties.

Please tell me what is listed under Properties for that file.

If there is nothing there, open the file up with Notepad and paste what comes up in Notepad.

Fenrry · 04-18-2006, 03:39 PM

Looking for the file in question, no info on the summary tab, but it was created on April 1st of 2006, modified the next saturday 8th of 2006, and accessed today the 18th, attributes "hidden", advanced attributes (what's selected) both options under "Archive and index attributes" are selected, just those two:

-File is ready for Arch.
-For fast search....

That's all under this file.

Sorry almost forgot this:

¬Tºô47ã½—?$+¥ž|¾uƒ&ðöÄr†„cS5¾ ù©8¸6¿1+WŸ[‚U^Ö¹ÎcjXÑaäl×+ß³Ce-ŠÌPÔ–¬nï ºŽ¹u:zàE»ìâöÚ²3H¼{@™@°¡óP¿-ïã2Ÿ°N;Åé9Ø`ïˆ;t'èØã{Ôd\ð])}¡]³’IAdwõåÓÓ¸ÆõïÌ¶Þþ¤¤í Â0Sãâã¿c=ÌŒ@=wÙ‡î,zlÊºEÛeÿ‚«Œ oVö»Vv_˜©”ˆ {Ót¯¬£1 ýá´øõV¾NÊ+°ÅÜÓàô ÀW`œø¥Ô…{Ô”S7S×¹ºº. e«¸S
‰*´Td@{â6¿ôxmsÒbê@×²QÕéÎÂGmN&ƒ*PœÉ¯[²EcƒÊ¢Rr #3í˜Â¤– ß#þÌQ ÕmD[¦/ƒG‹G¡[.#JU5ßJ·ôO*O"9ØbLáÿ‘TÓÄ
;ôM0¹93ÐÉ®[rÅŽ
*Ë ‡*FÐŸk N¿;‘AÇ$äåDë6³bpaas‹'ªè“U9;”+½ ¦†Y×¥tÎ-7{:ÅÀ¡w™µ#Q‚ª*;r
<}j^ìõhx¡gb{
uÈz3ÈJ®l¡Átçb7wY=ï±X³À"¥‘¾
p‚ùJw|[±¨(ñ;Ø²îì+ç”ÝÌT÷P’b)é"gû´ù#xá$äOj(ïa¬1WQc‹}®Gõ#è«¶1U¼âQ÷Ö|®*Ýð8<E›¾ý"¿h wúÐRûÑž«Íl?Ø¿¼ÿ¨éÐ,l=O>q:ÆÁpF¨=b¿^Q‚B†¡ˆñ…¨ðæý£n3?0‰”J1ì®ÉHç¨¨>q+LÍúy<5PˆªÔd>2œdbEmu\Ìš%
ËKà1ñq9e¼.÷Á]ÊÊ:˜à‘¦Ž£©¬‘·…™ÓˆÇÄ51ˆ^„³”Åˆ”D$´“=ß›ó’*“ú K"
3HI•ÕÀ×(°
Ìîà¼_u˜µT8jé •*¾g504ãÌŸÃm7uE‘N“‘TÖÖZuÐ²ÿÓ¥“îîœÚáƒ&‡g¯SùPc›Í&*°
¬W–.ßmê°-}©%¨‹Ï‡®ïVtÖå<V#Ãž•Ã’“nðèªaœ#6}Ð¦OÑ4Ç@Œq{·»™lyûž%ÚÚA5Îal-Ü(¿1ÇE‰¦µ¸A¸&Ì‰*-ò ¹’Í O jP;'(ÇÀGbÚ›É,‚ÚÇØÝ_{ðàìšäu*‚X¨rb›+ûùgÿcàk†¢ágs4îT!'##épœHH'žõ‹Š*JANßm$
‹çï€àÏLˆðrvÆ„„Ó¡³\:m©Tø¼Jû>EšÆ¡ýQÖ>Xù*7Í];·®à \‘K`Õ U"‚¥¢¡%VXÈ
rEN=™•F*Áˆ‡VýrÅ\…—º–eŸÃÜt¨Ç/Ý3•qZ`W®¡sÞ©™`¸ApÅ–\øÝöž~óî0Ü•^[ét~Ö-BÙƒõó´Þ°¶±ío™—kv;8F…m±®*/$~_d+;È—2ƒ Ó¤!Ã1ñÃñ}”ÝÂ"dðð'¢UÿÔcp êðÆ°ŸÑã"û.ºÝëYªDÏ ù{áµ§YÊ•n^òûÍ¶=pos“ó„±ŠyY ÉVmôúŒÐKÀH}úó\£ï¶´I„/ ËšåCIËßŒÏ¿Jœò8˜dß*š3;°„DåË%„‡j?úkß€²pöŽÌ:•{2dhŸÑñê>L eXÄØ¦¿ó>GþÄ€p»¾îÌsêÁp¢ÓAøúr}Tž‘Æª¥\³FšåSîlÇ|‘YÔ5Ñì$K¨Á"¨*Ûšþ„ÐUA·âa žú\’EßŠ÷Béè”ÊËnìE\ßKNŽ
BMëòÜÌÅ*|w®qÔˆŒåÖõ•ÛÆJ3)vþ¢–Á[Ÿ»ò(¬LŽ£uQÌ·A5Ÿ‡xbf
>õ½©R¤Ù=òd±©Ñ*ò³gáÕƒ»éÔo#Pé~a}Eâ{lùöq l"„=¬¹»áj!ë©8zØcöF0TEBCZÊø7¸€ázüï»»ÁAû“ä
üsQRª©„žT•)—}ÃÇ …}/%9x€çIS±´$•Ô îôrºÂ«ýû¶ÉxÐêçöˆ= åŸ”oÚJúÚW„“Aßl)Ò¬W_Ý™ú˜ÈX{)šzßƒ8·„cþš.bLŽ+§eÈ³àH°éTëý¡¯ÿÈÔÎmubÒál…=Sžª@aæL™ñ¦°ý¢
&)Øm°Ó3ÐÅæzõz\Ò—fä…0þ\Ý…)/B—Ã< !0”ÚÉöî°[m°ÃrÎ·*ö´¥yÎP²ÿÜ*Ó¿XvA(@$ü¨4k/¦õåƒäÅÛ¦¯™+B°á°V2¸gZLpÈéÈïÈm VD’†úÖ|Á)rƒ9°
³³¨v3Ô^DÒ¼P²fË"öLÐbS¿RíÔG”Y5¸›Ú„‘þÍ j*Ôp ‚Ë‚Hù_?Oê‰ØºL`ìÚËh)xÍè).)U8¶¼·LI†8¥IQaT!'Éç-¡’Ó‘4^|kVtS2,ÎÏ¢žíña|cÍ—VÛ›w)›ïRx$²Æ¥LLù|³Ti;±{c<GI
6$œÊó4³“9{ecBA,ƒšÞ[C„5Ù’MÌ—v66ƒ#þp1±€Ý±ì]óq1h‹|?Xc)hzï-9è

04-05-2006, 10:56 PM	#1 (permalink)
Fenrry Registered User Join Date: Jul 2005 Location: From Colombia but I live in Toronto and this allergies are terrible this year.... Posts: 318 OS: Xp pro	Sorry I requiere this.. A friend of mine cann't use her pc, it simple won't boot, after I went and check out with all the pain in my mouth (tooths were taken with no regard for my humanity.. ), I was able to do some tricks and got the safemode working...so so... The pc simple will boot in normal mode and will start loading the mighty "BraveSentry", besides she's getting a non MsWinUpdate message on the taskbar warning that "Your Windows pc....... and a long a** story....is not protected and needs to install some critical updates", then my pain grows and I'm about to kill her. But that's not the best part, a bunch of stuff starts asking ZA to allow going online, then after some useless attempts I got a "Warning your system has ......something...from a crash and will shut down.....then the clock of less than a minute", then reboots, don't know how much stuff she got, is really messed up, and I've been in pain for the past 4 days, all the help I may get will be really, really apreciated. Btw, No Ad-aware was able to run, neither Spybot, didn't have time to do so and I was merely able to get a HJT log cause of the speed of the events in the machine.....sorry..... Logfile of HijackThis v1.99.1 Scan saved at 09:16:51 p.m., on 05/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Internet Explorer\iexplore.exe c:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\inet20001\services.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\MediaGateway\MediaGateway.exe C:\program files\zango\zango.exe C:\WINDOWS\twbuvsl.exe C:\Program Files\Block Checker\block-checker.exe C:\WINDOWS\system32\kernels8.exe C:\WINDOWS\system32\netfilt4.exe C:\WINDOWS\system32\netfilt4.exe C:\WINDOWS\inet20001\socks.exe C:\Documents and Settings\All Users\Desktop\HijackThis.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Windows\xpupdate.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\WINDOWS\inet20001\mm5.exe C:\WINDOWS\system32\netfilt4.exe C:\WINDOWS\System\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\netsh.exe C:\Program Files\BraveSentry\BraveSentry.exe C:\WINDOWS\system32\netsh.exe C:\WINDOWS\system32\dwwin.exe C:\WINDOWS\system32\dlh9jkdq2.exe C:\WINDOWS\system32\dlh9jkdq6.exe C:\WINDOWS\system32\dlh9jkdq7.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllcache\IExplore.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\inet20001\socks.exe C:\WINDOWS\system32\maxd64.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Microsoft Works\WkDStore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R3 - Default URLSearchHook is missing F3 - REG:win.ini: run=C:\WINDOWS\inet20001\services.exe O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20001\3.03.00.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Zango Search Assistant Helper - {56F1D444-11BF-4879-A12B-79CF0177F038} - c:\program files\zango\zangohook.dll O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} - C:\WINDOWS\system32\ipsec6mom.dll O2 - BHO: (no name) - {81A35F39-4850-474E-92C9-B4CF283207E0} - C:\WINDOWS\system32\mstask64.dll O2 - BHO: System Process - {C2EEB4FA-B6D6-41b9-9CFA-ABA87F862BCB} - C:\WINDOWS\system32\navshext1.dll O2 - BHO: IExplorerHelper Class - {E89097ED-3400-411D-9647-D368C3311C98} - C:\WINDOWS\system32\IeHelperExVSS.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe O4 - HKLM\..\Run: [zango] "c:\program files\zango\zango.exe" O4 - HKLM\..\Run: [twbuvsl] C:\WINDOWS\twbuvsl.exe O4 - HKLM\..\Run: [BlockChecker] C:\Program Files\Block Checker\block-checker.exe O4 - HKLM\..\Run: [System] C:\WINDOWS\system32\kernels8.exe O4 - HKLM\..\RunServices: [netfilt4] C:\WINDOWS\system32\netfilt4.exe O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels8.exe O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe O4 - HKCU\..\Run: [netfilt4] C:\WINDOWS\system32\netfilt4.exe O4 - HKCU\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20001\services.exe O4 - HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\system32\vxgame1.exe3584.exe O4 - HKCU\..\Run: [BraveSentry] C:\Program Files\BraveSentry\BraveSentry.exe O4 - HKCU\..\Run: [Key] C:\DOCUME~1\User\LOCALS~1\Temp\7.tmp O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...pv2.0.0.9.cab? O17 - HKLM\System\CCS\Services\Tcpip\..\{64CE08C7-7045-43A7-95FF-74D069C7819F}: NameServer = 85.255.114.41,85.255.112.24 O17 - HKLM\System\CCS\Services\Tcpip\..\{9D2D9C29-DE56-4999-A987-EB4F0CCE07B8}: NameServer = 85.255.114.41,85.255.112.24 O17 - HKLM\System\CCS\Services\Tcpip\..\{B1A6715B-6D1D-43F5-B0D1-CC53EF85871B}: NameServer = 85.255.114.41,85.255.112.24 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: 00Hedgie00reg - C:\Documents and Settings\All Users\Documents\Settings\00Hedgie00.dll O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll O20 - Winlogon Notify: ur32artreg - C:\Documents and Settings\All Users\Documents\Settings\ur32art.dll O21 - SSODL: SysTray.Exgl - {636821FC-6F5C-2f1b-B164-E67214F678E2} - C:\WINDOWS\system32\lfcckllk.dll O21 - SSODL: yZheSRERFlH - {60398713-CA93-2DB9-F260-F39679B2C65B} - C:\WINDOWS\system32\xltk.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Now if you all excuse me I have some pain killers to take and probably will be up in 24 hours.........probably...

04-07-2006, 06:32 AM	#6 (permalink)
Hustler24 Analyst, Security Team Join Date: Mar 2005 Posts: 890 OS: Windows XP Home	Please ignore the above post. I will post further instructions shortly where you can post a Panda log as part of your reply. Last edited by Hustler24; 04-07-2006 at 06:35 AM.

04-08-2006, 01:42 AM	#7 (permalink)
Hustler24 Analyst, Security Team Join Date: Mar 2005 Posts: 890 OS: Windows XP Home	Hi Fen, Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. The system has several password stealing Trojans onboard. When we have cleaned it, I recommend that your friend change all her online passwords if she has any. Go to My Computer >Tools >Folder Options >View tab and select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Also make sure there is no checkmark beside Hide file extensions for known file types. Click OK. You may want to print out these instructions for reference, since you will have to restart your computer during the fix. Please download Cleanup! or use this (Alternate Link) if the main link does not work and install it. You will use this later. NOTE Cleanup deletes EVERYTHING out of temporary folders and does not make backups. Download smitRem.exe and save the file to your desktop. Double click on the file to extract it to it's own folder on the desktop. Note Alternet download sites for smitrem... http://www.downloads.subratam.org/smitRem.exe http://www.bleepingcomputer.com/file...ar/smitRem.exe Download Ewido Security Suite 1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". 2. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment. 3. From the main ewido screen, click on update in the left menu, then click the Start update button. 4. After the update finishes (the status bar at the bottom will display "Update successful") Close Ewido. Please download FixWareout from one of these sites: http://downloads.subratam.org/Fixwareout.exe http://swandog46.geekstogo.com/Fixwareout.exe Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal. Once the desktop loads please save the text that will open (report.txt). Download and unzip BFUzip from http://www.merijn.org/files/bfu.zip Run the program and click the Web button as shown here: Use this URL to copy into the address bar of the Download script window: http://metallica.geekstogo.com/MediaGateway.BFU Make sure all IE windows are closed. Execute the script by clicking the Execute button. If you have any questions about the use of BFU please read here: http://metallica.geekstogo.com/BFUinstructions.html Download Blockrem from HERE. Unzip it to its own folder on your desktop. Reboot your system in Safe Mode (By repeatedly tapping the F8 key until the menu appears). Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist): BraveSentry Run Ewido with it's updated definitions:(...it's important that all windows must be closed) Click Scanner Click Complete System Scan to begin scanning. Click OK when prompted to clean files With the first file it prompts to clean, select the option: "Perform action on all infections" Choose clean and click OK. Once finished, click the Save report button & save the report to your desktop Ewido scan would require at least an hour. Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com F3 - REG:win.ini: run=C:\WINDOWS\inet20001\services.exe O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} - C:\WINDOWS\system32\ipsec6mom.dll O2 - BHO: (no name) - {81A35F39-4850-474E-92C9-B4CF283207E0} - C:\WINDOWS\system32\mstask64.dll O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINDOWS\inet20001\socks.exe O4 - HKLM\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe O4 - HKLM\..\Run: [windows] c:\temp\svchost.exe O4 - HKLM\..\Run: [6] C:\DOCUME~1\User\LOCALS~1\Temp\6.exe O4 - HKLM\..\Run: [dmwfc.exe] C:\WINDOWS\system32\dmwfc.exe O4 - HKCU\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20001\services.exe O4 - HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\system32\vxgame1.exe3584.exe O4 - HKCU\..\Run: [BraveSentry] C:\Program Files\BraveSentry\BraveSentry.exe O4 - HKCU\..\Run: [Key] C:\DOCUME~1\User\LOCALS~1\Temp\7.tmp O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...pv2.0.0.9.cab? O17 - HKLM\System\CCS\Services\Tcpip\..\{64CE08C7-7045-43A7-95FF-74D069C7819F}: NameServer = 85.255.114.41,85.255.112.24 O17 - HKLM\System\CCS\Services\Tcpip\..\{9D2D9C29-DE56-4999-A987-EB4F0CCE07B8}: NameServer = 85.255.114.41,85.255.112.24 O17 - HKLM\System\CCS\Services\Tcpip\..\{B1A6715B-6D1D-43F5-B0D1-CC53EF85871B}: NameServer = 85.255.114.41,85.255.112.24 O20 - Winlogon Notify: 00Hedgie00reg - C:\Documents and Settings\All Users\Documents\Settings\00Hedgie00.dll O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll O20 - Winlogon Notify: ur32artreg - C:\Documents and Settings\All Users\Documents\Settings\ur32art.dll O21 - SSODL: yZheSRERFlH - {60398713-CA93-2DB9-F260-F39679B2C65B} - C:\WINDOWS\system32\xltk.dll Please remember to close all other windows, including browsers then click Fix checked. Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. C:\WINDOWS\ inet20001 C:\WINDOWS\system32\ ipsec6mom.dll C:\WINDOWS\system32\ mstask64.dll C:\WINDOWS\ bxproxy.exe C:\WINDOWS\system32\ dmwfc.exe C:\WINDOWS\System\ svchost.exe < - Only the svchost.exe from this location C:\WINDOWS\system32\ vxgame1.exe3584.exe C:\Program Files\ BraveSentry C:\Documents and Settings\All Users\Documents\Settings\ 00Hedgie00.dll C:\WINDOWS\SYSTEM32\ senssrv.dll C:\Documents and Settings\All Users\Documents\Settings\ ur32art.dll C:\WINDOWS\system32\ xltk.dll Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen. Wait for the tool to complete and disk cleanup to finish. The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. Open the Blockrem folder on your desktop and double-click blockrem.bat (this is the file with the gear icon) to run it. Once it is running please follow the onscreen instructions. Open Cleanup! by double-clicking the icon on your desktop (or from Start > All Programs). Set the program up as follows: Click Options Move the slider button down to Custom CleanUp! Check the following: Empty Recycle Bins Delete Cookies Delete Prefetch files Cleanup! All Users Uncheck the following : Scan local drives for temporary files Click OK, Press the CleanUp! button to start the program and reboot when prompted. Perform an online scan with Internet Explorer with Panda ActiveScan Click on the "Free To Use ActiveScan" located on the top right hand corner Click Check Now** and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it * Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place * Begin the scan by selecting My Computer If it finds any malware, it will offer you a report. Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later. Click on See report then click Save report * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. * Turn off the real time scanner of any existing antivirus program while performing the online scan Paste the Panda Scan report here together with a new HiJack This log, ewido's log , the log from FixWareout and C:\smitfiles.txt

04-09-2006, 02:42 PM	#10 (permalink)
Fenrry Registered User Join Date: Jul 2005 Location: From Colombia but I live in Toronto and this allergies are terrible this year.... Posts: 318 OS: Xp pro	Logfile of HijackThis v1.99.1 Scan saved at 04:28:18 p.m., on 09/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\HJT\HijackThis.exe F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe +++++++ ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Sunday, April 09, 2006 4:24:17 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 9/04/2006 Kaspersky Anti-Virus database records: 187112 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 43378 Number of viruses found: 53 Number of infected objects: 471 Number of suspicious objects: 2 Duration of the scan process: 00:23:07 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip/svchost.exe Suspicious: Password-protected-EXE skipped C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC2.zip ZIP: suspicious - 1 skipped C:\Music\04 Track 4.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped C:\Music\05 Track 5.wma Infected: Trojan-Downloader.WMA.Wimad.c skipped C:\Music\TOTALLY HIP TRACK.wma Infected: Trojan-Downloader.WMA.Wimad.c skipped C:\Music\Wicked Remix.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP100\A0011364.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP100\A0011411.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP100\A0011424.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP100\A0011446.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP100\A0011506.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP101\A0012678.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP101\A0013678.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP102\A0013731.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP102\A0013742.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP102\A0013778.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP102\A0013805.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP103\A0013861.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP103\A0013872.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP103\A0013886.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP104\A0014005.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP104\A0014058.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP105\A0014083.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP105\A0014146.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP106\A0014167.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP106\A0014180.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP106\A0014197.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP107\A0014212.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP107\A0014242.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP107\A0014256.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP107\A0014276.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP107\A0014363.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP108\A0014386.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP108\A0014429.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP108\A0014452.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP108\A0014479.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP109\A0014531.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP109\A0014545.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP109\A0014558.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP109\A0014598.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP109\A0014642.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP109\A0014676.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP109\A0014720.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP109\A0014778.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP109\A0014812.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP110\A0014843.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP110\A0014867.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP110\A0014901.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP110\A0014941.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP111\A0014959.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP111\A0015000.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP112\A0015025.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP112\A0016030.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP112\A0016066.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP112\A0016127.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP112\A0016186.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP113\A0016211.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP113\A0016222.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP113\A0016274.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP113\A0016334.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP114\A0016418.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP114\A0016468.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP114\A0016494.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP114\A0016507.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016523.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016548.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016578.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016616.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016641.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016656.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016685.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016745.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016756.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016768.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016781.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016818.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016829.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016844.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016870.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016887.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016968.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP115\A0016988.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP116\A0017005.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP117\A0017063.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP117\A0017082.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP117\A0017149.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP118\A0018152.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP119\A0018181.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP119\A0018205.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP120\A0018275.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP120\A0018327.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP120\A0018362.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP120\A0018396.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP120\A0018444.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP121\A0018534.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP121\A0018559.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP122\A0018629.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP122\A0018667.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP122\A0018679.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP122\A0018721.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP123\A0018753.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP123\A0018765.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP124\A0019767.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP124\A0019813.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP124\A0019868.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP125\A0019963.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP125\A0020007.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP126\A0020024.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP126\A0020047.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP127\A0020060.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP127\A0020088.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP127\A0020101.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP127\A0020117.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP127\A0020128.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP128\A0020145.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP128\A0020179.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP128\A0020195.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP128\A0020231.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP128\A0020247.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP128\A0020282.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0020318.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0021316.dll Infected: Trojan-Spy.Win32.Delf.ex skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0021320.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0021321.exe Infected: Email-Worm.Win32.Locksky.al skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0021322.dll Infected: Backdoor.Win32.Agent.xb skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0021324.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0021327.exe Infected: Trojan-PSW.Win32.Agent.fv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0021329.exe Infected: Trojan-Downloader.Win32.Agent.hy skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0021330.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0021331.exe Infected: Trojan-Proxy.Win32.Small.bo skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0021332.exe Infected: Trojan-Downloader.Win32.Small.cpp skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022317.dll Infected: Backdoor.Win32.Agent.xb skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022318.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022319.exe Infected: Email-Worm.Win32.Locksky.al skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022324.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022325.exe Infected: Trojan-PSW.Win32.Agent.fv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022329.exe Infected: Trojan-Downloader.Win32.Agent.hy skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022330.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022331.exe Infected: Trojan-Proxy.Win32.Small.bo skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022332.exe Infected: Trojan-Downloader.Win32.CWS.s skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022333.exe Infected: Trojan-Downloader.Win32.Small.cps skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022335.exe Infected: Trojan-Dropper.Win32.Small.ann skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022336.dll Infected: Packed.Win32.Tibs skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022337.exe Infected: Trojan-PSW.Win32.Agent.eo skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022338.exe Infected: Trojan.Win32.Agent.oh skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022339.exe Infected: Trojan-Downloader.Win32.Agent.afl skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0022340.exe Infected: Trojan-Spy.Win32.Delf.ex skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023314.exe Infected: Trojan-Spy.Win32.Delf.ig skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023320.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023321.exe Infected: Trojan-PSW.Win32.Agent.fv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023322.dll Infected: Backdoor.Win32.Agent.xb skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023323.exe Infected: Email-Worm.Win32.Locksky.al skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023324.exe Infected: Trojan-Proxy.Win32.Small.cf skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023328.exe Infected: Trojan-Downloader.Win32.Agent.hy skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023329.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023330.exe Infected: Trojan-Downloader.Win32.Small.cpp skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023331.exe Infected: Trojan-Proxy.Win32.Small.bo skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023332.dll Infected: Packed.Win32.Tibs skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023333.exe Infected: Trojan-Downloader.Win32.CWS.s skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023334.exe Infected: Trojan-Downloader.Win32.Small.cps skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023335.exe Infected: Trojan-Downloader.Win32.Small.cph skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023336.exe Infected: Trojan-PSW.Win32.Agent.eo skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023337.exe Infected: Trojan.Win32.Agent.oh skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023338.exe Infected: Backdoor.Win32.Agent.xb skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023339.exe Infected: Trojan-Spy.Win32.Small.dv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023340.dll Infected: Trojan-Spy.Win32.Agent.eo skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023341.exe Infected: Trojan-Spy.Win32.Agent.ly skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023348.exe Infected: Trojan-Spy.Win32.Delf.ig skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023352.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023353.exe Infected: Email-Worm.Win32.Locksky.al skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023354.dll Infected: Backdoor.Win32.Agent.xb skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023356.exe Infected: Trojan-PSW.Win32.Agent.fv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023359.exe Infected: Trojan-Proxy.Win32.Small.cf skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023360.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023363.exe Infected: Trojan-Downloader.Win32.Agent.hy skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023364.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023365.exe Infected: Trojan-Proxy.Win32.Small.bo skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023366.exe Infected: Trojan-Downloader.Win32.Small.cpp skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023367.exe Infected: Trojan-Downloader.Win32.CWS.s skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023368.exe Infected: Trojan-Downloader.Win32.Small.cps skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023369.dll Infected: Packed.Win32.Tibs skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023370.exe Infected: Trojan-Downloader.Win32.Small.cph skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023371.exe Infected: Trojan-PSW.Win32.Agent.eo skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023372.exe Infected: Trojan.Win32.Agent.oh skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0023373.exe Infected: Trojan-Spy.Win32.Small.dv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024348.exe Infected: Trojan-Spy.Win32.Delf.ig skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024351.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024353.exe Infected: Email-Worm.Win32.Locksky.al skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024356.dll Infected: Backdoor.Win32.Agent.xb skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024358.exe Infected: Trojan-PSW.Win32.Agent.fv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024359.exe Infected: Trojan-Proxy.Win32.Small.cf skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024362.exe Infected: Trojan-Downloader.Win32.Agent.hy skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024363.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024364.exe Infected: Trojan-Proxy.Win32.Small.bo skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024365.exe Infected: Trojan-Downloader.Win32.Small.cpp skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024366.exe Infected: Trojan-Downloader.Win32.CWS.s skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024367.dll Infected: Packed.Win32.Tibs skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024368.exe Infected: Trojan-Downloader.Win32.Small.cps skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024369.exe Infected: Trojan-Downloader.Win32.Small.cph skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024370.exe Infected: Trojan-Downloader.Win32.Small.cqe skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024371.exe Infected: Trojan.Win32.Agent.oh skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0024372.exe Infected: Trojan-Downloader.Win32.Agent.afl skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025348.exe Infected: Trojan-Spy.Win32.Delf.ig skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025354.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025355.dll Infected: Backdoor.Win32.Agent.xb skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025356.exe Infected: Email-Worm.Win32.Locksky.al skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025357.exe Infected: Trojan-PSW.Win32.Agent.fv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025358.exe Infected: Trojan-Proxy.Win32.Small.cf skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025360.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025363.exe Infected: Trojan-Downloader.Win32.Agent.hy skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025364.exe Infected: Trojan-Downloader.Win32.Small.cpp skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025365.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025366.exe Infected: Trojan-Proxy.Win32.Small.bo skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025367.exe Infected: Trojan-Downloader.Win32.CWS.s skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025368.exe Infected: Trojan-Downloader.Win32.Small.cps skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025369.exe Infected: Trojan-Downloader.Win32.Small.cph skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025370.dll Infected: Packed.Win32.Tibs skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025371.exe Infected: Trojan-Downloader.Win32.Small.cqe skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025372.exe Infected: Trojan.Win32.Agent.oh skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025373.exe Infected: Trojan-Spy.Win32.Small.dv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025379.dll Infected: Backdoor.Win32.Agent.xb skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025380.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025381.exe Infected: Email-Worm.Win32.Locksky.al skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025385.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025386.exe Infected: Trojan-Spy.Win32.Delf.ig skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025389.exe Infected: Trojan-PSW.Win32.Agent.fv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025390.exe Infected: Trojan-Proxy.Win32.Small.cf skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025393.exe Infected: Trojan-Downloader.Win32.Agent.hy skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025394.exe Infected: Trojan-Downloader.Win32.Small.cpp skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025395.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025396.exe Infected: Trojan-Proxy.Win32.Small.bo skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025397.exe Infected: Trojan-Downloader.Win32.CWS.s skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025398.exe Infected: Trojan-Downloader.Win32.Small.cps skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025399.dll Infected: Packed.Win32.Tibs skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025400.exe Infected: Trojan-Downloader.Win32.Small.cph skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025401.exe Infected: Trojan-PSW.Win32.Agent.eo skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025402.exe Infected: Trojan.Win32.Agent.oh skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025403.exe Infected: Trojan-Downloader.Win32.Agent.afl skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025408.dll Infected: Trojan-Spy.Win32.Delf.ex skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025410.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025413.exe Infected: Email-Worm.Win32.Locksky.al skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025414.exe Infected: Trojan-Spy.Win32.Delf.ig skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025416.exe Infected: not-virus:Hoax.Win32.Renos.ch skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025419.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025422.exe Infected: Trojan-PSW.Win32.Agent.fv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025423.exe Infected: Trojan-Proxy.Win32.Small.cf skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025424.exe Infected: Trojan-Downloader.Win32.Agent.hy skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025425.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025426.exe Infected: Trojan-Downloader.Win32.Small.cpp skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025427.exe Infected: Trojan-Proxy.Win32.Small.bo skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025428.exe Infected: Trojan-Downloader.Win32.CWS.s skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025429.exe Infected: Trojan-Downloader.Win32.Small.cps skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025430.dll Infected: Packed.Win32.Tibs skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025431.exe Infected: Trojan-Downloader.Win32.Small.cph skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025432.exe Infected: Trojan-Downloader.Win32.Small.cqe skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025433.exe Infected: Trojan.Win32.Agent.oh skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP129\A0025434.exe Infected: Trojan-Downloader.Win32.Agent.afl skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025450.exe Infected: Trojan-Spy.Win32.Delf.ig skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025451.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025452.exe Infected: Email-Worm.Win32.Locksky.al skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025458.exe Infected: Trojan-PSW.Win32.Agent.fv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025459.exe Infected: Trojan-Proxy.Win32.Small.cf skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025460.exe Infected: not-virus:Hoax.Win32.Renos.ch skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025465.exe Infected: Trojan-Downloader.Win32.Agent.hy skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025466.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025467.exe Infected: Trojan-Downloader.Win32.Small.cpp skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025468.exe Infected: Trojan-Proxy.Win32.Small.bo skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025469.exe Infected: Trojan-Downloader.Win32.Small.cqe skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025470.exe Infected: Trojan-Downloader.Win32.CWS.s skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025471.exe Infected: Trojan-Downloader.Win32.Small.cps skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025472.exe Infected: Trojan-Downloader.Win32.Small.cph skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025478.exe Infected: Trojan-Spy.Win32.Delf.ig skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025484.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025485.exe Infected: Trojan-PSW.Win32.Agent.fv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025486.dll Infected: Backdoor.Win32.Agent.xb skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025487.exe Infected: Email-Worm.Win32.Locksky.al skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0025488.exe Infected: Trojan-Proxy.Win32.Small.cf skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026478.exe Infected: Trojan-Spy.Win32.Delf.ig skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026480.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026481.exe Infected: Email-Worm.Win32.Locksky.al skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026485.exe Infected: Trojan-PSW.Win32.Agent.fv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026488.exe Infected: Trojan-Proxy.Win32.Small.cf skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026705.exe Infected: Trojan-Spy.Win32.Delf.ig skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026708.exe Infected: Trojan-PSW.Win32.Agent.fv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026709.exe Infected: Trojan-Proxy.Win32.Small.cf skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026714.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026715.exe Infected: Email-Worm.Win32.Locksky.al skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026716.dll Infected: Backdoor.Win32.Agent.xb skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026719.exe Infected: Trojan-Spy.Win32.Agent.ly skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026720.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026723.exe Infected: Trojan-Downloader.Win32.Agent.hy skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026724.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026726.exe Infected: Trojan-Proxy.Win32.Small.bo skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026727.exe Infected: Trojan-Downloader.Win32.Small.cqe skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026728.exe Infected: Trojan-Dropper.Win32.Small.ann skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026729.exe Infected: Trojan-Downloader.Win32.CWS.s skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026730.exe Infected: Trojan-Downloader.Win32.Small.cps skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026731.exe Infected: Trojan-Downloader.Win32.Small.cph skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026732.dll Infected: Packed.Win32.Tibs skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026744.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026745.exe Infected: Email-Worm.Win32.Locksky.al skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026746.dll Infected: Backdoor.Win32.Agent.xb skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026750.exe Infected: Trojan-Spy.Win32.Delf.ig skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026753.exe Infected: Trojan-PSW.Win32.Agent.fv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026754.exe Infected: Trojan-Proxy.Win32.Small.cf skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026758.exe Infected: Trojan-Downloader.Win32.Agent.hy skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026759.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026761.exe Infected: Trojan.Win32.Agent.oh skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026762.exe Infected: Trojan-Proxy.Win32.Small.bo skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026763.exe Infected: Trojan-Spy.Win32.Small.dv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026764.exe Infected: Trojan-Dropper.Win32.Small.ann skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026765.exe Infected: Trojan-Downloader.Win32.CWS.s skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026767.exe Infected: Trojan-Downloader.Win32.Small.cps skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026769.exe Infected: Trojan-Downloader.Win32.Small.cph skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0026771.dll Infected: Packed.Win32.Tibs skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0027743.exe Infected: Trojan-Spy.Win32.Delf.ig skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0027745.dll Infected: Backdoor.Win32.Agent.xb skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0027746.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0027748.exe Infected: Email-Worm.Win32.Locksky.al skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0027751.exe Infected: Trojan-PSW.Win32.Agent.fv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0027752.exe Infected: Trojan-Proxy.Win32.Small.cf skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0028744.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0028745.exe Infected: Email-Worm.Win32.Locksky.al skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0028746.exe Infected: not-virus:Hoax.Win32.Renos.ch skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0028747.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0029745.exe Infected: Trojan-Spy.Win32.Delf.ig skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0031757.exe Infected: Trojan-Spy.Win32.Delf.ig skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0031758.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0031761.exe Infected: Email-Worm.Win32.Locksky.al skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0031762.exe Infected: Trojan-PSW.Win32.Agent.fv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0031763.exe Infected: Trojan-Proxy.Win32.Small.cf skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0031765.exe Infected: not-virus:Hoax.Win32.Renos.ch skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0032754.exe Infected: Trojan-Spy.Win32.Delf.ig skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0032758.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0032760.exe Infected: Email-Worm.Win32.Locksky.al skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0032762.dll Infected: Backdoor.Win32.Agent.xb skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0032763.exe Infected: Trojan-PSW.Win32.Agent.fv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0032764.exe Infected: Trojan-Proxy.Win32.Small.cf skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034772.exe Infected: Trojan-Downloader.Win32.Small.cph skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034773.exe Infected: Trojan-Downloader.Win32.CWS.s skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034774.exe Infected: Trojan-Spy.Win32.Small.dv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034775.exe Infected: Trojan-Downloader.Win32.Agent.afl skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034776.exe Infected: Trojan.Win32.Dialer.ay skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034777.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034779.exe Infected: IM-Worm.Win32.Chiem.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034780.exe Infected: Trojan.Win32.Starter.e skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034782.exe Infected: Email-Worm.Win32.Delf.i skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034792.exe Infected: Trojan-Downloader.Win32.Small.cps skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034793.exe Infected: Trojan.Win32.Agent.oh skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034794.exe Infected: Backdoor.Win32.Agent.xb skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034795.exe Infected: Trojan-Proxy.Win32.Small.bo skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034796.exe Infected: Trojan-Downloader.Win32.Small.cpt skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034797.exe Infected: Trojan-Downloader.Win32.Agent.hy skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034812.exe Infected: not-virus:Hoax.Win32.Renos.ch skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034813.exe Infected: Trojan-Proxy.Win32.Small.bo skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034814.exe Infected: Trojan-Downloader.Win32.Small.cph skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034815.exe Infected: Trojan-Spy.Win32.Delf.ig skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034816.exe Infected: Trojan-Spy.Win32.Delf.ig skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034817.exe Infected: Trojan-Proxy.Win32.Small.cf skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034818.exe Infected: Trojan-PSW.Win32.Agent.fv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034819.dll Infected: Backdoor.Win32.Agent.xb skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034820.exe Infected: not-virus:Hoax.Win32.Renos.ch skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034821.exe Infected: Trojan.Win32.Small.hl skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034822.dll Infected: Trojan-Proxy.Win32.Wopla.t skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034823.dll Infected: Trojan-Proxy.Win32.Wopla.t skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034824.dll Infected: Trojan-Proxy.Win32.Wopla.t skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034825.dll Infected: Trojan-Proxy.Win32.Wopla.t skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034826.exe Infected: Trojan-Spy.Win32.Delf.ex skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034827.dll Infected: Trojan-Proxy.Win32.Lager.aq skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034828.exe Infected: Backdoor.Win32.Agent.xb skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP130\A0034834.dll Infected: Trojan-Proxy.Win32.Agent.df skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0034981.exe Infected: Trojan-Spy.Win32.Agent.ly skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035006.dll Infected: not-a-virus:AdWare.Win32.Ihbo.d skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035007.dll Infected: not-a-virus:AdWare.Win32.Ihbo.e skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035008.exe Infected: Trojan-Downloader.Win32.CWS.s skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035009.exe Infected: Trojan-Spy.Win32.Small.dv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035010.exe Infected: Trojan-PSW.Win32.Agent.eo skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035011.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035012.dll Infected: Trojan-Proxy.Win32.Agent.ji skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035014.exe Infected: Trojan-Downloader.Win32.Tibs.dr skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035015.exe Infected: Trojan-Downloader.Win32.Tibs.dr skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035019.exe Infected: Trojan-Proxy.Win32.Wopla.t skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035020.exe Infected: Trojan-Proxy.Win32.Wopla.t skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035021.exe Infected: Trojan-Proxy.Win32.Wopla.t skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035022.exe Infected: Trojan-Proxy.Win32.Wopla.t skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035023.dll Infected: Packed.Win32.Tibs skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035024.dll Infected: Trojan-Spy.Win32.Agent.eo skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035025.dll Infected: Trojan-Spy.Win32.Agent.eo skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035026.exe Infected: Trojan-Spy.Win32.Small.dv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035027.dll Infected: Trojan-Spy.Win32.Delf.ex skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035028.dll Infected: not-a-virus:AdWare.Win32.Chiem.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035029.dll Infected: Trojan-Spy.Win32.Small.dv skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035030.exe Infected: Trojan-Clicker.Win32.Small.kg skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035031.exe Infected: Email-Worm.Win32.Locksky.al skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035032.exe Infected: Trojan-Spy.Win32.Agent.ly skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035033.dll Infected: not-a-virus:AdWare.Win32.SBSoft.h skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035097.dll Infected: Trojan-Downloader.Win32.Agent.afl skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe/WISE0057.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe/WISE0058.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe/WISE0059.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe/WISE0060.BIN/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe/WISE0060.BIN/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe/WISE0060.BIN/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe/WISE0060.BIN/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.370 skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe/WISE0060.BIN/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe/WISE0060.BIN/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe/WISE0060.BIN Infected: not-a-virus:AdWare.Win32.WebHancer skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe/WISE0061.BIN Infected: not-a-virus:Server-Proxy.Win32.MarketScore.k skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe/WISE0062.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe WiseSFX: infected - 12 skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035390.exe WiseSFX Dropper: infected - 12 skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP131\A0035392.exe Infected: Packed.Win32.PePatch.z skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP84\A0009232.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP85\A0009286.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP85\A0009341.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP86\A0009356.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP86\A0009383.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP87\A0009447.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP87\A0009469.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP87\A0009533.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP87\A0009572.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP88\A0009616.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP89\A0009628.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP89\A0009666.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP90\A0009756.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP90\A0009836.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP90\A0009890.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP90\A0009955.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP90\A0009966.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP90\A0009979.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP90\A0009998.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP90\A0010019.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP90\A0010030.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP91\A0010060.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP91\A0010102.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP91\A0010119.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP91\A0010153.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP92\A0010209.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP92\A0010248.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP93\A0010300.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP94\A0010360.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP94\A0010378.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP94\A0010395.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP95\A0010452.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP95\A0010463.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP95\A0010508.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP95\A0010555.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP95\A0010573.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP96\A0010630.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP96\A0010651.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP96\A0010695.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP97\A0010714.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP97\A0010767.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP97\A0010778.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP97\A0010812.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP97\A0010849.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP98\A0010870.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP98\A0010882.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP98\A0010934.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP99\A0010968.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP99\A0011045.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP99\A0011058.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP99\A0011088.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP99\A0011120.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP99\A0011170.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP99\A0011181.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP99\A0011199.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP99\A0011213.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP99\A0011246.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\System Volume Information\_restore{24224859-4490-4438-BAED-9D35610F4294}\RP99\A0011295.dll Infected: not-a-virus:AdWare.Win32.180Solutions.a skipped C:\WINDOWS\system32\dlh9jkdq5.exe Infected: Trojan-Downloader.Win32.Tibs.ds skipped C:\WINDOWS\system32\kernels8.exe Infected: Packed.Win32.PePatch.z skipped C:\WINDOWS\system32\parad.raw.exe Infected: Packed.Win32.Tibs skipped Scan process completed. +++++++ Ok, I can move around SM easily than before, still very slow when opening the Windows explorer to check files and folders, the system iddle is showing around 90% usage yet cpu is at 4% or less with some unusual spikes that take everything to 100%. The folders you asked me to delete are nowhere to be found. About accounts, the pc used to have 3 accounts, Main admin (only in SM) and other 2 admin accounts for normal use, I actually deleted 1, so now is only 1 in normal mode and 2 in SM (Main Admin and Admin user for normal mode). Question, that F2 entry in HJT is supposed to be there? I guess it still needs one last try, so I'm waiting your directions anytime. Last edited by Fenrry; 04-09-2006 at 02:46 PM.

04-10-2006, 05:33 AM	#11 (permalink)
Hustler24 Analyst, Security Team Join Date: Mar 2005 Posts: 890 OS: Windows XP Home	The Hijack This log is clean! Please delete the following files: C:\WINDOWS\system32\ dlh9jkdq5.exe C:\WINDOWS\system32\ kernels8.exe C:\WINDOWS\system32\ parad.raw.exe C:\Music\ 04 Track 4.wma C:\Music\ 05 Track 5.wma C:\Music\ TOTALLY HIP TRACK.wma C:\Music\ Wicked Remix.wma Open Spybot and empty the Quarantine folder. Run CleanUp once more using the settings that you have previously used. Update the definitions for Ewido and run a full system scan again Create an uninstall list: Open HiJackThis Click on the configure button on the bottom right Click on the tab "Misc Tools" Click on the Box that says "Open Uninstall Manager" Click on the button "Save list" Copy and past the List from the notepad file into your post Reboot normally and tell me how the system is performing now. Post Ewido's log, the uninstall list and a new Hijack This log. PS: - The F2 entry is fine!!

04-06-2006, 04:40 AM	#2 (permalink)
Hustler24 Analyst, Security Team Join Date: Mar 2005 Posts: 890 OS: Windows XP Home	Hi and welcome to TSF. I am currently reviewing your log. Please note that this is under the supervision of an expert analyst, and I will be back with a fix for your problem as soon as possible. You may wish to Subscribe to this thread (Thread Tools) so that you are notified when you receive a reply. Please be patient with me during this time.

04-06-2006, 04:47 AM	#3 (permalink)
Hustler24 Analyst, Security Team Join Date: Mar 2005 Posts: 890 OS: Windows XP Home	Fen, This log is severely infected. How much of the 5-step process have you/can you carry out? It will make it much easier to clean the system. http://www.techsupportforum.com/hija...ijackthis.html Let me know and post a new log when you are done. Thanks.

04-06-2006, 11:59 PM	#4 (permalink)
Fenrry Registered User Join Date: Jul 2005 Location: From Colombia but I live in Toronto and this allergies are terrible this year.... Posts: 318 OS: Xp pro	Hya Hustler, after some struggle I was able to run in Safe Mode, got a little defrag so it will run a little better (really necesary!), yet the scan with Ad-aware and Spybot took me around an hour and little bit more, then I was able to boot in normal mode, got Cwshredder done, didn't see any programs to uninstall on add remove at CP (I'm a little woozy for the pain and pills..) I will triple check this today since I'm feeling a little bit better, but I got me a nice Panda Scan and the HJT log here for you, everything under 6 hours...: Logfile of HijackThis v1.99.1 Scan saved at 09:04:06 p.m., on 06/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Internet Explorer\iexplore.exe c:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\vxgame1.exe3584.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com F3 - REG:win.ini: run=C:\WINDOWS\inet20001\services.exe F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} - C:\WINDOWS\system32\ipsec6mom.dll O2 - BHO: (no name) - {81A35F39-4850-474E-92C9-B4CF283207E0} - C:\WINDOWS\system32\mstask64.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINDOWS\inet20001\socks.exe O4 - HKLM\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe O4 - HKLM\..\Run: [windows] c:\temp\svchost.exe O4 - HKLM\..\Run: [6] C:\DOCUME~1\User\LOCALS~1\Temp\6.exe O4 - HKLM\..\Run: [dmwfc.exe] C:\WINDOWS\system32\dmwfc.exe O4 - HKLM\..\RunOnce: [Panda_cleaner_193685] C:\WINDOWS\system32\ActiveScan\pavdr.exe 193685 O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20001\services.exe O4 - HKCU\..\Run: [bxproxy] C:\WINDOWS\bxproxy.exe O4 - HKCU\..\Run: [WinMedia] C:\WINDOWS\system32\vxgame1.exe3584.exe O4 - HKCU\..\Run: [BraveSentry] C:\Program Files\BraveSentry\BraveSentry.exe O4 - HKCU\..\Run: [Key] C:\DOCUME~1\User\LOCALS~1\Temp\7.tmp O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...pv2.0.0.9.cab? O17 - HKLM\System\CCS\Services\Tcpip\..\{64CE08C7-7045-43A7-95FF-74D069C7819F}: NameServer = 85.255.114.41,85.255.112.24 O17 - HKLM\System\CCS\Services\Tcpip\..\{9D2D9C29-DE56-4999-A987-EB4F0CCE07B8}: NameServer = 85.255.114.41,85.255.112.24 O17 - HKLM\System\CCS\Services\Tcpip\..\{B1A6715B-6D1D-43F5-B0D1-CC53EF85871B}: NameServer = 85.255.114.41,85.255.112.24 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: 00Hedgie00reg - C:\Documents and Settings\All Users\Documents\Settings\00Hedgie00.dll O20 - Winlogon Notify: SensSrv - C:\WINDOWS\SYSTEM32\senssrv.dll O20 - Winlogon Notify: ur32artreg - C:\Documents and Settings\All Users\Documents\Settings\ur32art.dll O21 - SSODL: yZheSRERFlH - {60398713-CA93-2DB9-F260-F39679B2C65B} - C:\WINDOWS\system32\xltk.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: FreezeScreenSaver - Unknown owner - C:\WINDOWS\system32\FreezeScreenSaver.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe ...

04-07-2006, 01:32 AM	#5 (permalink)
Hustler24 Analyst, Security Team Join Date: Mar 2005 Posts: 890 OS: Windows XP Home	The Panda scan is missing. Please post it.

04-10-2006, 05:21 PM	#12 (permalink)
Fenrry Registered User Join Date: Jul 2005 Location: From Colombia but I live in Toronto and this allergies are terrible this year.... Posts: 318 OS: Xp pro	Logfile of HijackThis v1.99.1 Scan saved at 07:07:59 p.m., on 10/04/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe C:\WINDOWS\system32\CTSvcCDA.EXE C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Ahead\InCD\InCD.exe C:\WINDOWS\system32\LVCOMSX.EXE C:\Program Files\Logitech\Video\LogiTray.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Logitech\Video\FxSvr2.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HijackThis.exe F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_3_16_0.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\ereg.ini" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe +++++++ Ad-Aware SE Personal Adobe Acrobat 5.0 Adobe Reader 7.0 ArcSoft PhotoStudio 5.5 ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver avast! Antivirus Canon MP Drivers 7.0 Canon MP Navigator 1.1 Canon ScanGear Starter Canon Utilities Easy-PhotoPrint CleanUp! Creative MediaSource Desktop Weather by The Weather Channel Easy-WebPrint ewido anti-malware HighMAT Extension to Microsoft Windows XP CD Writing Wizard HijackThis 1.99.1 Hotfix for Windows Media Format SDK (KB902344) Hotfix for Windows XP (KB896344) iTunes J2SE Runtime Environment 5.0 Update 3 Kaspersky On-line Scanner Lavasoft VX2 Cleaner LimeWire 4.9.30 Logitech QuickCam Software Logitech® Camera Driver Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft .NET Framework 2.0 Microsoft Base Smart Card Cryptographic Service Provider Package Microsoft Encarta Encyclopedia Standard 2005 Microsoft Money 2005 Microsoft Office PowerPoint Viewer 2003 Microsoft Picture It! Premium 10 Microsoft Streets and Trips 2005 Microsoft Word 2002 Microsoft Works Microsoft Works 2005 Setup Launcher Microsoft Works Suite Add-in for Microsoft Word Mozilla Firefox (1.5) MSN MSN Messenger 7.5 Nero Suite NeroVision Express 2 OmniPage SE 2.0 Panda ActiveScan QuickTime Realtek AC'97 Audio Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893066) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Shockwave Spybot - Search & Destroy 1.4 Update for Windows XP (KB894391) Update for Windows XP (KB898461) Update for Windows XP (KB900930) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB912945) Winamp (remove only) Windows Genuine Advantage v1.3.0254.0 Windows Installer 3.1 (KB893803) Windows Media Connect Windows Media Format Runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 10 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB887797 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB891781 Yahoo! Anti-Spy Yahoo! Install Manager Yahoo! Toolbar ZoneAlarm +++++++++ --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 05:28:20 p.m., 10/04/2006 + Report-Checksum: C12407B4 + Scan result: HKU\S-1-5-21-1409082233-484763869-725345543-1004\Software\Microsoft\Internet Explorer\Keywords -> Adware.CoolWebSearch : Cleaned with backup HKU\S-1-5-21-1409082233-484763869-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{56F1D444-11BF-4879-A12B-79CF0177F038} -> Adware.180Solutions : Cleaned with backup HKU\S-1-5-21-1409082233-484763869-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78364D99-A640-4DDF-B91A-67EFF8373045} -> Trojan.Brospy.c : Cleaned with backup HKU\S-1-5-21-1409082233-484763869-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C2EEB4FA-B6D6-41B9-9CFA-ABA87F862BCB} -> Adware.Generic : Cleaned with backup HKU\S-1-5-21-1409082233-484763869-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup ::Report End ++++++++++++++ Hya, ok the issues, in safe mode still accesing the Windows Explorer is difficult, don't know why but it takes like a minute to show the contents. In normal mode, can't access the Task manager, and the option to change access to some private or system folders is not possible, it may be cause of having the Main Admin (Safe mode) running with password? Aside of that everything looks good.

04-11-2006, 01:13 PM	#13 (permalink)
Hustler24 Analyst, Security Team Join Date: Mar 2005 Posts: 890 OS: Windows XP Home	Please run CWShredder in Normal Mode. Please download SilentRunners.vbs - Right click & choose Save As... SilentRunners.vbs Before proceeding, disable any anti-virus or anti-spyware programs that may block/disable scripts Launch SilentRunners by double-clicking the downloaded file. In the ensuing Window, select 'No' to avoid skipping supplementary searches. Please be patient as the script requires a few minutes to complete. When it's done, you'll receive the prompt "All Done!". It will create a file called "Startup Programs". Post ALL its contents here in your next reply. Download StartDreck Unzip to its own folder and start the program: Press 'Config' Press 'Unmark All' Check the following boxes only: Registry -> Run Keys System/drivers> Running processes Press 'Ok' Press 'Save' and select the location to save the log file (default is the same folder as the application) Post the log in this thread. So I need the SilentRunners log and the StartDreck log please.

04-14-2006, 11:21 AM	#15 (permalink)
Hustler24 Analyst, Security Team Join Date: Mar 2005 Posts: 890 OS: Windows XP Home	Click START…RUN…Type in regedit. Make sure just "My Computer" is showing in the left pane and click..FILE….EXPORT…and save a copy somewhere in case you make a mistake. Now navigate to the following keys and delete the file/folder/entry I highlighted in RED HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\ "System" Navigate to: HKLM\System\CurrentControlSet\Control\Session Manager\ Double click on "BootExecute" in the right pane. You should then see the Data as *autocheck autochk PFDNNT C:\WINDOWS\SYSTEM32\XLTK.DLL Delete PFDNNT C:\WINDOWS\SYSTEM32\XLTK.DLL** so that only autocheck autochk * is left. Exit the Registry Editor. Delete these files using Killbox via the method we used earlier: C:\WINDOWS\ bxproxy.exe C:\WINDOWS\SYSTEM32\ XLTK.DLL Download WinPFInd http://www.bleepingcomputer.com/file...r/WinPFind.zip and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder. Reboot into Safe Mode. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.! Once the Scan is Complete it will make a txt file (log) of what was found. 1. Go to the WinPFind folder 2. Locate WinPFind.txt 3. Please post those results along with a new Silent Runners log and StartDreck log.

04-14-2006, 11:44 AM	#16 (permalink)
Fenrry Registered User Join Date: Jul 2005 Location: From Colombia but I live in Toronto and this allergies are terrible this year.... Posts: 318 OS: Xp pro	Do you want me to run that under Safe Mode or Normal? Sorry, I just have to ask..

04-17-2006, 03:35 PM	#19 (permalink)
Hustler24 Analyst, Security Team Join Date: Mar 2005 Posts: 890 OS: Windows XP Home	Fen, Please navigate to the following file: C:\WINDOWS\system32\ 6E3DBFB2 Right-click it and choose Properties. Please tell me what is listed under Properties for that file. If there is nothing there, open the file up with Notepad and paste what comes up in Notepad.

04-18-2006, 03:39 PM	#20 (permalink)
Fenrry Registered User Join Date: Jul 2005 Location: From Colombia but I live in Toronto and this allergies are terrible this year.... Posts: 318 OS: Xp pro	Looking for the file in question, no info on the summary tab, but it was created on April 1st of 2006, modified the next saturday 8th of 2006, and accessed today the 18th, attributes "hidden", advanced attributes (what's selected) both options under "Archive and index attributes" are selected, just those two: -File is ready for Arch. -For fast search.... That's all under this file. Sorry almost forgot this: ¬Tºô47ã½—?$+¥ž\|¾uƒ&ðöÄr†„cS5¾ ù©8¸6¿1+WŸ[‚U^Ö¹ÎcjXÑaäl×+ß³Ce-ŠÌPÔ–¬nï ºŽ¹u:zàE»ìâöÚ²3H¼{@™@°¡óP¿-ïã2Ÿ°N;Åé9Ø`ïˆ;t'èØã{Ôd\ð])}¡]³’IAdwõåÓÓ¸ÆõïÌ¶Þþ¤¤í Â0Sãâã¿c=ÌŒ@=wÙ‡î,zlÊºEÛeÿ‚«Œ oVö»Vv_˜©”ˆ {Ót¯¬£1 ýá´øõV¾NÊ+°ÅÜÓàô ÀW`œø¥Ô…{Ô”S7S×¹ºº. e«¸S ‰´Td@{â6¿ôxmsÒbê@×²QÕéÎÂGmN&ƒPœÉ¯[²EcƒÊ¢Rr #3í˜Â¤– ß#þÌQ ÕmD[¦/ƒG‹G¡[.#JU5ßJ·ôOO"9ØbLáÿ‘TÓÄ ;ôM0¹93ÐÉ®[rÅŽ Ë ‡FÐŸk N¿;‘AÇ$äåDë6³bpaas‹'ªè“U9;”+½ ¦†Y×¥tÎ-7{:ÅÀ¡w™µ#Q‚ª;r <}j^ìõhx¡gb{ uÈz3ÈJ®l¡Átçb7wY=ï±X³À"¥‘¾ p‚ùJw\|[±¨(ñ;Ø²îì+ç”ÝÌT÷P’b)é"gû´ù#xá$äOj(ïa¬1WQc‹}®Gõ#è«¶1U¼âQ÷Ö\|®Ýð8<E›¾ý"¿h wúÐRûÑž«Íl?Ø¿¼ÿ¨éÐ,l=O>q:ÆÁpF¨=b¿^Q‚B†¡ˆñ…¨ðæý£n3?0‰”J1ì®ÉHç¨¨>q+LÍúy<5PˆªÔd>2œdbEmu\Ìš% ËKà1ñq9e¼.÷Á]ÊÊ:˜à‘¦Ž£©¬‘·…™ÓˆÇÄ51ˆ^„³”Åˆ”D$´“=ß›ó’“ú K" 3HI•ÕÀ×(° Ìîà¼_u˜µT8jé •¾g504ãÌŸÃm7uE‘N“‘TÖÖZuÐ²ÿÓ¥“îîœÚáƒ&‡g¯SùPc›Í&° ¬W–.ßmê°-}©%¨‹Ï‡®ïVtÖå<V#Ãž•Ã’“nðèªaœ#6}Ð¦OÑ4Ç@Œq{·»™lyûž%ÚÚA5Îal-Ü(¿1ÇE‰¦µ¸A¸&Ì‰-ò ¹’Í O jP;'(ÇÀGbÚ›É,‚ÚÇØÝ_{ðàìšäu‚X¨rb›+ûùgÿcàk†¢ágs4îT!'##épœHH'žõ‹ŠJANßm$ ‹çï€àÏLˆðrvÆ„„Ó¡³\:m©Tø¼Jû>EšÆ¡ýQÖ>Xù7Í];·®à \‘K`Õ U"‚¥¢¡%VXÈ rEN=™•FÁˆ‡VýrÅ\…—º–eŸÃÜt¨Ç/Ý3•qZ`W®¡sÞ©™`¸ApÅ–\øÝöž~óî0Ü•^[ét~Ö-BÙƒõó´Þ°¶±ío™—kv;8F…m±®/$~_d+;È—2ƒ Ó¤!Ã1ñÃñ}”ÝÂ"dðð'¢UÿÔcp êðÆ°ŸÑã"û.ºÝëYªDÏ ù{áµ§YÊ•n^òûÍ¶=pos“ó„±ŠyY ÉVmôúŒÐKÀH}úó\£ï¶´I„/ ËšåCIËßŒÏ¿Jœò8˜dßš3;°„DåË%„‡j?úkß€²pöŽÌ:•{2dhŸÑñê>L eXÄØ¦¿ó>GþÄ€p»¾îÌsêÁp¢ÓAøúr}Tž‘Æª¥\³FšåSîlÇ\|‘YÔ5Ñì$K¨Á"¨Ûšþ„ÐUA·âa žú\’EßŠ÷Béè”ÊËnìE\ßKNŽ BMëòÜÌÅ\|w®qÔˆŒåÖõ•ÛÆJ3)vþ¢–Á[Ÿ»ò(¬LŽ£uQÌ·A5Ÿ‡xbf >õ½©R¤Ù=òd±©Ñò³gáÕƒ»éÔo#Pé~a}Eâ{lùöq l"„=¬¹»áj!ë©8zØcöF0TEBCZÊø7¸€ázüï»»ÁAû“ä üsQRª©„žT•)—}ÃÇ …}/%9x€çIS±´$•Ô îôrºÂ«ýû¶ÉxÐêçöˆ= åŸ”oÚJúÚW„“Aßl)Ò¬W_Ý™ú˜ÈX{)šzßƒ8·„cþš.bLŽ+§eÈ³àH°éTëý¡¯ÿÈÔÎmubÒál…=Sžª@aæL™ñ¦°ý¢ &)Øm°Ó3ÐÅæzõz\Ò—fä…0þ\Ý…)/B—Ã< !0”ÚÉöî°[m°ÃrÎ·ö´¥yÎP²ÿÜÓ¿XvA(@$ü¨4k/¦õåƒäÅÛ¦¯™+B°á°V2¸gZLpÈéÈïÈm VD’†úÖ\|Á)rƒ9° ³³¨v3Ô^DÒ¼P²fË"öLÐbS¿RíÔG”Y5¸›Ú„‘þÍ jÔp ‚Ë‚Hù_?Oê‰ØºL`ìÚËh)xÍè).)U8¶¼·LI†8¥IQaT!'Éç-¡’Ó‘4^\|kVtS2,ÎÏ¢žíña\|cÍ—VÛ›w)›ïRx$²Æ¥LLù\|³Ti;±{c<GI 6$œÊó4³“9{ecBA,ƒšÞ[C„5Ù’MÌ—v66ƒ#þp1±€Ý±ì]óq1h‹\|?Xc)hzï-9è Last edited by Fenrry; 04-18-2006 at 03:43 PM.*