I was in the process of a Windows update, all of a sudden AVG detected a virus.

" Virus Detected!
While opening file: C:\WINDOWS\hh.exe:ialbm
Trojan horse Downloader.Agent.5.L "

I was unable to successfully install my update.

Could this be related to my other thread? http://www.geekstogo.com/forum/Viruses_Com...elf-t27476.html

Logfile of HijackThis v1.99.1
Scan saved at 3:51:41 AM, on 6/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ryan\Desktop\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: AltaVista Search - file://C:\Program Files\ALTAVISTA Toolbar\Cache\SelectedContextSearch.htm
O8 - Extra context menu item: Translate - file://C:\Program Files\ALTAVISTA Toolbar\Cache\SelectedContextTranslation.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/cha...t/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct2_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt1_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {2253F320-AB68-4A07-917D-4F12D8884A06} (ChainCast VMR Client Proxy) - http://www.streamaudio.com/download/ccpm_0237.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {4E7BD74F-2B8D-469E-92EA-EC65A294AE31} - http://toolbar.altavista.com/static/toolba...ab?r=1089531232
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by20fd.bay20.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/7d90ae0...all/xscan53.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! Webcam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} (WheelofFortune Object) - http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe

This post has been edited by Duke1: Jun 15 2005, 04:08 AM

Hi Duke1,

We meet again.

In HijackThis click Config > MISC Tools > open AdsSpy > check Quick scan and ignore safe streams.

Then click scan and save log
Post the content of that log.

Regards,

Hey hey!

Here's the log you requested.



C:\WINDOWS\addcw.dll : noccde (30022 bytes)
C:\WINDOWS\addej32.dll : fcvigb (11197 bytes)
C:\WINDOWS\addib32.dll : daddfr (11592 bytes)
C:\WINDOWS\addib32.dll : dvxtyq (11197 bytes)
C:\WINDOWS\addib32.dll : ekfifq (11197 bytes)
C:\WINDOWS\addif.dll : rvfzb (30022 bytes)
C:\WINDOWS\addjv32.dll : xlqoit (30022 bytes)
C:\WINDOWS\addkm.dll : fejzsx (11197 bytes)
C:\WINDOWS\addkm.dll : nsviht (7305 bytes)
C:\WINDOWS\addkm.dll : vwpgas (30022 bytes)
C:\WINDOWS\addmn32.dll : gtgobe (3547 bytes)
C:\WINDOWS\addmr32.dll : yfbevh (30022 bytes)
C:\WINDOWS\addov.dll : fiykjs (11197 bytes)
C:\WINDOWS\addpq32.dll : qdzogh (30022 bytes)
C:\WINDOWS\addpq32.dll : xjqqdd (30022 bytes)
C:\WINDOWS\addqi.dll : vzthcz (11197 bytes)
C:\WINDOWS\addyu.dll : jxrvlh (30022 bytes)
C:\WINDOWS\AIMPR.INI : hwbfz (27901 bytes)
C:\WINDOWS\AIMPR.INI : oxjoso (30022 bytes)
C:\WINDOWS\AIMPR.INI : skaql (11388 bytes)
C:\WINDOWS\aiyzv.log : tpxbcd (11197 bytes)
C:\WINDOWS\alchem.ini : qfmqn (11388 bytes)
C:\WINDOWS\alchem.ini : vzhei (11388 bytes)
C:\WINDOWS\alcrmv.exe : ngihp (56320 bytes)
C:\WINDOWS\alcrmv.exe : ssckw (27901 bytes)
C:\WINDOWS\alcrmv.exe : xvrkb (3063 bytes)
C:\WINDOWS\alcupd.exe : axylj (55808 bytes)
C:\WINDOWS\alcupd.exe : fejoj (10752 bytes)
C:\WINDOWS\AMCAP.EXE : narjc (56832 bytes)
C:\WINDOWS\AMCAP.EXE : qiiht (27901 bytes)
C:\WINDOWS\anmbu.log : tspnwi (11197 bytes)
C:\WINDOWS\apiby.dll : pyjihp (3567 bytes)
C:\WINDOWS\apicj32.dll : iztvba (68096 bytes)
C:\WINDOWS\apifn32.dll : ohounj (68096 bytes)
C:\WINDOWS\apihg.dll : gzquqb (30022 bytes)
C:\WINDOWS\apiij32.dll : nzysvq (11197 bytes)
C:\WINDOWS\apisa.dll : nqunrx (11197 bytes)
C:\WINDOWS\apisa.dll : orlzsr (7305 bytes)
C:\WINDOWS\apivh.dll : zkwrom (68096 bytes)
C:\WINDOWS\appsu.dll : daxpu (96539 bytes)
C:\WINDOWS\atlic32.dll : oneglf (3567 bytes)
C:\WINDOWS\atllb.dll : oiekc (11591 bytes)
C:\WINDOWS\atllb.dll : tunpd (11591 bytes)
C:\WINDOWS\atlrw32.dll : cysqab (9216 bytes)
C:\WINDOWS\atlsd32.dll : xvzdgq (11197 bytes)
C:\WINDOWS\atlse.dll : uzcvum (30022 bytes)
C:\WINDOWS\atlut.dll : apvtfn (30022 bytes)
C:\WINDOWS\atlvb32.dll : sgkxih (3547 bytes)
C:\WINDOWS\atlvw.dll : lhckkj (68096 bytes)
C:\WINDOWS\aucfg.ini : vidov (10330 bytes)
C:\WINDOWS\avrack.ini : epvqu (10752 bytes)
C:\WINDOWS\avrack.ini : inyzr (7305 bytes)
C:\WINDOWS\avrack.ini : qojbd (30022 bytes)
C:\WINDOWS\avrack.ini : rbpvy (3063 bytes)
C:\WINDOWS\bedhl.txt : xfwxyh (64000 bytes)
C:\WINDOWS\bedhl.txt : yhemye (11197 bytes)
C:\WINDOWS\bhtff.dat : glrkvo (3567 bytes)
C:\WINDOWS\bhtff.dat : inkrlc (30022 bytes)
C:\WINDOWS\bootstat.dat : pfrpg (11591 bytes)
C:\WINDOWS\bootstat.dat : vgbvjv (11197 bytes)
C:\WINDOWS\box boat blue.ico : ohualy (30022 bytes)
C:\WINDOWS\bzznu.log : lhudtv (11336 bytes)
C:\WINDOWS\cbrmn.dat : wcdbuv (11336 bytes)
C:\WINDOWS\cdplayer.ini : meyft (10330 bytes)
C:\WINDOWS\chdnb.txt : agyndo (11197 bytes)
C:\WINDOWS\ciomh.txt : pvygpb (11592 bytes)
C:\WINDOWS\clfbi.txt : tekmat (7471 bytes)
C:\WINDOWS\clock.avi : deliyk (30022 bytes)
C:\WINDOWS\clock.avi : ffhtf (10752 bytes)
C:\WINDOWS\clock.avi : gsqqe (11591 bytes)
C:\WINDOWS\clock.avi : nhrff (10752 bytes)
C:\WINDOWS\clock.avi : pkhhr (11591 bytes)
C:\WINDOWS\clock.avi : udvgnt (7305 bytes)
C:\WINDOWS\clock.avi : wfsvbc (11197 bytes)
C:\WINDOWS\cmsetacl.log : gictz (30022 bytes)
C:\WINDOWS\cmsetacl.log : xfsyh (30022 bytes)
C:\WINDOWS\Coffee Bean.bmp : alkan (3347 bytes)
C:\WINDOWS\Coffee Bean.bmp : fugagb (68096 bytes)
C:\WINDOWS\comsetup.log : pnnux (56832 bytes)
C:\WINDOWS\comsetup.log : uoncu (10330 bytes)
C:\WINDOWS\comsetup.log : vdsgg (3063 bytes)
C:\WINDOWS\comsetup.log : ytjdy (11388 bytes)
C:\WINDOWS\crab32.dll : kbeyaj (30022 bytes)
C:\WINDOWS\crab32.dll : snkvxg (11197 bytes)
C:\WINDOWS\crdt.dll : sbsdfy (11197 bytes)
C:\WINDOWS\criv.dll : yfxurm (30022 bytes)
C:\WINDOWS\crum32.dll : qbbipk (11592 bytes)
C:\WINDOWS\crun32.dll : diinlj (11197 bytes)
C:\WINDOWS\crva32.dll : jcmoru (7471 bytes)
C:\WINDOWS\crvf.dll : kqyzr (30022 bytes)
C:\WINDOWS\crvq.dll : ijzcgo (11197 bytes)
C:\WINDOWS\crwd.dll : ldxgnh (64000 bytes)
C:\WINDOWS\crwl32.dll : kynhy (11197 bytes)
C:\WINDOWS\crwl32.dll : nyici (11197 bytes)
C:\WINDOWS\crzv.dll : tsnwcm (3547 bytes)
C:\WINDOWS\d3by.dll : aniaf (10752 bytes)
C:\WINDOWS\d3by.dll : vtrvy (11197 bytes)
C:\WINDOWS\d3cy32.dll : womryj (30022 bytes)
C:\WINDOWS\d3fc32.dll : qcwqtx (11197 bytes)
C:\WINDOWS\d3fm.dll : ctyqcr (7305 bytes)
C:\WINDOWS\d3fm.dll : socxua (30022 bytes)
C:\WINDOWS\d3jj32.dll : whfxmo (3547 bytes)
C:\WINDOWS\d3kf32.dll : dfflr (56320 bytes)
C:\WINDOWS\d3kf32.dll : oiycpq (68096 bytes)
C:\WINDOWS\d3ly32.dll : icwdo (30022 bytes)
C:\WINDOWS\d3lz32.dll : doaqao (11197 bytes)
C:\WINDOWS\d3lz32.dll : ydaysz (11197 bytes)
C:\WINDOWS\d3pp32.dll : napbyr (7305 bytes)
C:\WINDOWS\d3qe.dll : fbigac (3567 bytes)
C:\WINDOWS\d3qf.dll : klrmpj (3567 bytes)
C:\WINDOWS\d3qt32.dll : ybsmve (68096 bytes)
C:\WINDOWS\d3re.dll : clkrjt (68096 bytes)
C:\WINDOWS\d3to32.dll : tafkjj (11592 bytes)
C:\WINDOWS\d3uc32.dll : hpqsbg (11197 bytes)
C:\WINDOWS\d3uc32.dll : laxpdt (7471 bytes)
C:\WINDOWS\d3ux32.dll : ebqufd (3567 bytes)
C:\WINDOWS\d3ux32.dll : zqjxvj (30022 bytes)
C:\WINDOWS\d3vx32.dll : dgzfry (30022 bytes)
C:\WINDOWS\d3vx32.dll : wcbizg (64000 bytes)
C:\WINDOWS\dahotfix.log : jluhuj (11592 bytes)
C:\WINDOWS\dahotfix.log : lnbpa (11197 bytes)
C:\WINDOWS\dahotfix.log : wtehp (30022 bytes)
C:\WINDOWS\desktop.ini : btukr (27901 bytes)
C:\WINDOWS\desktop.ini : ilznh (56320 bytes)
C:\WINDOWS\desktop.ini : rvqdol (11197 bytes)
C:\WINDOWS\Directx.log : kkoecq (30022 bytes)
C:\WINDOWS\DtcInstall.log : ngsii (27901 bytes)
C:\WINDOWS\DtcInstall.log : vebopp (11197 bytes)
C:\WINDOWS\dxayp.log : eoance (11336 bytes)
C:\WINDOWS\emvlk.log : ewkibg (11336 bytes)
C:\WINDOWS\emvlk.log : pxcwdq (29452 bytes)
C:\WINDOWS\epqdi.txt : irhcow (7471 bytes)
C:\WINDOWS\epqdi.txt : wkocpg (30022 bytes)
C:\WINDOWS\eqatp.dat : hozrzb (11736 bytes)
C:\WINDOWS\eqybk.log : sgphgh (3567 bytes)
C:\WINDOWS\eqybk.log : tlkvkq (64000 bytes)
C:\WINDOWS\explorer.scf : qrnyz (11591 bytes)
C:\WINDOWS\explorer.scf : yjkrso (7305 bytes)
C:\WINDOWS\FaxSetup.log : gubzm (3063 bytes)
C:\WINDOWS\FaxSetup.log : hczny (104142 bytes)
C:\WINDOWS\FaxSetup.log : pnqhll (11197 bytes)
C:\WINDOWS\FaxSetup.log : xnler (27901 bytes)
C:\WINDOWS\FeatherTexture.bmp : queuou (30022 bytes)
C:\WINDOWS\ftxyw.log : nvsjyh (7305 bytes)
C:\WINDOWS\gdniv.dat : jhrias (11197 bytes)
C:\WINDOWS\gfucs.txt : kictrq (29452 bytes)
C:\WINDOWS\glunh.dat : vctxeg (68096 bytes)
C:\WINDOWS\Gone Fishing.bmp : bahod (11591 bytes)
C:\WINDOWS\Gone Fishing.bmp : gjnjmf (30022 bytes)
C:\WINDOWS\Greenstone.bmp : edhdz (10330 bytes)
C:\WINDOWS\Greenstone.bmp : lpizp (11591 bytes)
C:\WINDOWS\gxhil.log : hafrs (93492 bytes)
C:\WINDOWS\hh.exe : ceuale (3567 bytes)
C:\WINDOWS\hh.exe : ialbm (30022 bytes)
C:\WINDOWS\hjqbs.log : ormej (29452 bytes)
C:\WINDOWS\hpinfo.lnk : djypqm (11197 bytes)
C:\WINDOWS\hpinfo.lnk : irabn (27901 bytes)
C:\WINDOWS\hpinfo.lnk : lszqt (56832 bytes)
C:\WINDOWS\hpinfo.lnk : zrwau (11197 bytes)
C:\WINDOWS\hqqaf.txt : okipyt (7471 bytes)
C:\WINDOWS\ieaq32.dll : rfxdzj (11197 bytes)
C:\WINDOWS\iecz32.dll : cgivve (30022 bytes)
C:\WINDOWS\iecz32.dll : frrtqa (11197 bytes)
C:\WINDOWS\iecz32.dll : qhdvox (68096 bytes)
C:\WINDOWS\iedi.dll : tdcpvy (68096 bytes)
C:\WINDOWS\iedo32.dll : pskysl (30022 bytes)
C:\WINDOWS\iehe.dll : graypj (11197 bytes)
C:\WINDOWS\iehe.dll : ptqtf (56832 bytes)
C:\WINDOWS\iehr32.dll : zstylc (11592 bytes)
C:\WINDOWS\ieiv32.dll : rsmefn (7305 bytes)
C:\WINDOWS\iejx32.dll : ktxjap (4354 bytes)
C:\WINDOWS\iejx32.dll : tfhesg (11197 bytes)
C:\WINDOWS\iemt.dll : cupoca (68096 bytes)
C:\WINDOWS\iemt.dll : mgaknr (11197 bytes)
C:\WINDOWS\iepk32.dll : ezuiyr (30022 bytes)
C:\WINDOWS\iesy32.dll : dfsycu (30022 bytes)
C:\WINDOWS\ietb32.dll : ojwrrx (11197 bytes)
C:\WINDOWS\ieuc.dll : htomoo (7305 bytes)
C:\WINDOWS\ieuc.dll : rchtfw (11197 bytes)
C:\WINDOWS\ieuc.dll : vobij (30022 bytes)
C:\WINDOWS\ieud32.dll : hkowti (30022 bytes)
C:\WINDOWS\ieuk.dll : auyrrq (3567 bytes)
C:\WINDOWS\ieuk.dll : juagiy (30022 bytes)
C:\WINDOWS\ievn.dll : ntfyzm (11197 bytes)
C:\WINDOWS\iexj32.dll : fuydbw (30022 bytes)
C:\WINDOWS\ihpgw.dll : txuear (30022 bytes)
C:\WINDOWS\iis6.log : sbzdd (30022 bytes)
C:\WINDOWS\iis6.log : skbsf (10330 bytes)
C:\WINDOWS\impborl.dll : ercyrr (30022 bytes)
C:\WINDOWS\impborl.dll : kyeww (56320 bytes)
C:\WINDOWS\ipff.dll : pirqt (11197 bytes)
C:\WINDOWS\ipff.dll : xmmhmw (30022 bytes)
C:\WINDOWS\iphu.dll : vtmvtk (11197 bytes)
C:\WINDOWS\iple32.dll : bdckv (7305 bytes)
C:\WINDOWS\iple32.dll : ecmptf (11592 bytes)
C:\WINDOWS\iplq32.dll : oexlu (11591 bytes)
C:\WINDOWS\iplq32.dll : xqvlq (7305 bytes)
C:\WINDOWS\ipnj32.dll : gfpqo (11388 bytes)
C:\WINDOWS\ipnj32.dll : pexipa (3567 bytes)
C:\WINDOWS\iprw32.dll : drmcbh (3567 bytes)
C:\WINDOWS\iprw32.dll : kbvdbf (30022 bytes)
C:\WINDOWS\ipuh32.dll : itidqh (11591 bytes)
C:\WINDOWS\IsUninst.exe : pyqbnt (7305 bytes)
C:\WINDOWS\jautoexp.dat : eipey (11197 bytes)
C:\WINDOWS\javabl.dll : nyoles (30022 bytes)
C:\WINDOWS\javaco.dll : krdoxk (11197 bytes)
C:\WINDOWS\javadt32.dll : medaew (30022 bytes)
C:\WINDOWS\javagg32.dll : cfttkz (11197 bytes)
C:\WINDOWS\javahn.dll : ugmgnb (30022 bytes)
C:\WINDOWS\javapd32.dll : lejxe (27901 bytes)
C:\WINDOWS\javapd32.dll : phjsr (27901 bytes)
C:\WINDOWS\javapd32.dll : pieah (56832 bytes)
C:\WINDOWS\javapd32.dll : qadkug (11197 bytes)
C:\WINDOWS\javapd32.dll : xkohh (10330 bytes)
C:\WINDOWS\javaqg32.dll : wkzurr (11197 bytes)
C:\WINDOWS\javarl32.dll : wuyavg (30022 bytes)
C:\WINDOWS\javawx.dll : hcrfxl (30022 bytes)
C:\WINDOWS\javaxk.dll : fzdec (10330 bytes)
C:\WINDOWS\javayr32.dll : pjsguy (11197 bytes)
C:\WINDOWS\KB823182.log : givrx (56832 bytes)
C:\WINDOWS\KB823182.log : hoflh (10752 bytes)
C:\WINDOWS\KB823182.log : vvocxp (30022 bytes)
C:\WINDOWS\KB824141.log : zgqqj (30022 bytes)
C:\WINDOWS\KB824146.log : nrrrhc (11197 bytes)
C:\WINDOWS\KB826939.log : fiaoed (11197 bytes)
C:\WINDOWS\KB826939.log : lsdll (11591 bytes)
C:\WINDOWS\KB828035.log : gskfbm (30022 bytes)
C:\WINDOWS\KB828035.log : yovrjx (11197 bytes)
C:\WINDOWS\KB828741.log : jtvxv (56320 bytes)
C:\WINDOWS\KB828741.log : oukeg (10330 bytes)
C:\WINDOWS\KB833330.log : etvqg (11388 bytes)
C:\WINDOWS\KB833330.log : xitugn (30022 bytes)
C:\WINDOWS\KB835732.log : ikouh (10330 bytes)
C:\WINDOWS\KB835732.log : ronxdh (30022 bytes)
C:\WINDOWS\KB835732.log : tepkw (10330 bytes)
C:\WINDOWS\KB835732.log : waaei (56832 bytes)
C:\WINDOWS\KB837001.log : hvcra (27901 bytes)
C:\WINDOWS\KB839645.log : blgzb (27901 bytes)
C:\WINDOWS\KB839645.log : mfzpy (27901 bytes)
C:\WINDOWS\KB839645.log : nttkc (10752 bytes)
C:\WINDOWS\KB839645.log : wlowi (3063 bytes)
C:\WINDOWS\KB841873.log : fumqw (30022 bytes)
C:\WINDOWS\KB841873.log : pmybc (56832 bytes)
C:\WINDOWS\KB885836.log : hynxmh (11736 bytes)
C:\WINDOWS\KB888113.log : zzykhs (7471 bytes)
C:\WINDOWS\KB890175.log : nlsvhc (11197 bytes)
C:\WINDOWS\kfnkc.txt : kbjvdf (3567 bytes)
C:\WINDOWS\kgimw.dat : cbuafp (66560 bytes)
C:\WINDOWS\kqwat.log : fhxuie (11592 bytes)
C:\WINDOWS\kqwat.log : lgnncp (3567 bytes)
C:\WINDOWS\kqwat.log : nfvovz (11197 bytes)
C:\WINDOWS\lfzxb.txt : nqtsgw (11736 bytes)
C:\WINDOWS\lrwer.dll : rgbdrk (3547 bytes)
C:\WINDOWS\mfcaw32.dll : rdsoou (30022 bytes)
C:\WINDOWS\mfccw.dll : mnnktf (30022 bytes)
C:\WINDOWS\mfccy.dll : ddtcyo (11197 bytes)
C:\WINDOWS\mfclb32.dll : qglxef (11197 bytes)
C:\WINDOWS\mfcmf.dll : igedgp (11197 bytes)
C:\WINDOWS\mfcpc.dll : oumxjd (30022 bytes)
C:\WINDOWS\mfcum32.dll : expde (11591 bytes)
C:\WINDOWS\mfcum32.dll : mnyxf (10752 bytes)
C:\WINDOWS\mfcvz.dll : acbhyq (11197 bytes)
C:\WINDOWS\mfcyv.dll : ybobqk (11197 bytes)
C:\WINDOWS\mozver.dat : jehhi (10752 bytes)
C:\WINDOWS\mozver.dat : tsmwz (104142 bytes)
C:\WINDOWS\mozver.dat : wqxom (56832 bytes)
C:\WINDOWS\msbb.exe.temp : dyhfq (10752 bytes)
C:\WINDOWS\msbb.exe.temp : nnxbf (3347 bytes)
C:\WINDOWS\msdd.dll : gsruyp (11197 bytes)
C:\WINDOWS\msds32.dll : nghjfp (11197 bytes)
C:\WINDOWS\mser32.dll : fhaozr (30022 bytes)
C:\WINDOWS\msgsocm.log : gzkqm (30022 bytes)
C:\WINDOWS\msgsocm.log : ttxyum (11197 bytes)
C:\WINDOWS\msgsocm.log : uvrdl (27901 bytes)
C:\WINDOWS\msic32.dll : uqzmmw (7305 bytes)
C:\WINDOWS\mskf32.dll : xhgpv (11388 bytes)
C:\WINDOWS\mskf32.dll : xwbvi (30022 bytes)
C:\WINDOWS\mskv.dll : ewnqib (11197 bytes)
C:\WINDOWS\msmn32.dll : meysmt (11197 bytes)
C:\WINDOWS\msmw.dll : tsizac (11592 bytes)
C:\WINDOWS\msmw.dll : xwfvce (30022 bytes)
C:\WINDOWS\mspc.dll : dsdpix (11197 bytes)
C:\WINDOWS\mspn32.dll : ijbfad (11592 bytes)
C:\WINDOWS\msrw.dll : lkmywq (3567 bytes)
C:\WINDOWS\msue32.dll : yastsj (68096 bytes)
C:\WINDOWS\msvo32.dll : gzhues (30022 bytes)
C:\WINDOWS\muninst.exe : xtzek (30022 bytes)
C:\WINDOWS\nbfyb.dat : zrvpv (104142 bytes)
C:\WINDOWS\netjh.dll : lnqetu (7305 bytes)
C:\WINDOWS\netta.dll : buiiz (10330 bytes)
C:\WINDOWS\netta.dll : dzqygd (70144 bytes)
C:\WINDOWS\nldwk.dat : mvmcaf (3567 bytes)
C:\WINDOWS\nlesc.dat : rswfc (104142 bytes)
C:\WINDOWS\notepad.exe : qkfcz (56832 bytes)
C:\WINDOWS\notepad.exe : tvkms (11591 bytes)
C:\WINDOWS\notepad.exe : wwuun (10752 bytes)
C:\WINDOWS\npeon.dat : vujsn (29452 bytes)
C:\WINDOWS\npethr.dat : fnciu (29452 bytes)
C:\WINDOWS\nrkvw.log : ubbyor (7471 bytes)
C:\WINDOWS\nsreg.dat : bnsti (7305 bytes)
C:\WINDOWS\nsreg.dat : kpaggy (11336 bytes)
C:\WINDOWS\nsreg.dat : odsir (11591 bytes)
C:\WINDOWS\ntdtcsetup.log : hdcom (3063 bytes)
C:\WINDOWS\ntdtcsetup.log : modme (68096 bytes)
C:\WINDOWS\nteu32.dll : eftunf (11592 bytes)
C:\WINDOWS\nteu32.dll : niyyd (30022 bytes)
C:\WINDOWS\ntmf32.dll : iouzbt (11197 bytes)
C:\WINDOWS\ntoc32.dll : apfewe (30022 bytes)
C:\WINDOWS\ntzl.dll : zbvxgj (11592 bytes)
C:\WINDOWS\ntzr32.dll : scnkbt (7305 bytes)
C:\WINDOWS\nvybq.dat : blozfb (30022 bytes)
C:\WINDOWS\nvybq.dat : gmjvqh (30022 bytes)
C:\WINDOWS\nxfhi.log : fssoya (11336 bytes)
C:\WINDOWS\n_apfsht.dat : vqdrdk (29452 bytes)
C:\WINDOWS\n_baglhr.log : hppvhf (11336 bytes)
C:\WINDOWS\n_mtntzc.dat : qsmft (104142 bytes)
C:\WINDOWS\ocgen.log : iejeq (10330 bytes)
C:\WINDOWS\ocgen.log : rnpnj (11591 bytes)
C:\WINDOWS\ocgen.log : xuanp (56320 bytes)
C:\WINDOWS\ODBCINST.INI : dazjk (11591 bytes)
C:\WINDOWS\ODBCINST.INI : gxspfb (11197 bytes)
C:\WINDOWS\ODBCINST.INI : iqwyd (7305 bytes)
C:\WINDOWS\ODBCINST.INI : jcvqe (11197 bytes)
C:\WINDOWS\ODBCINST.INI : tneet (30022 bytes)
C:\WINDOWS\oeuninst.exe : gvvhj (56320 bytes)
C:\WINDOWS\oeuninst.exe : qdpit (3063 bytes)
C:\WINDOWS\oeuninst.exe : qgvcl (30022 bytes)
C:\WINDOWS\oeuninst.exe : qjrjw (27901 bytes)
C:\WINDOWS\ojurl.log : mrxvro (7305 bytes)
C:\WINDOWS\onieg.txt : nvtcmj (3567 bytes)
C:\WINDOWS\otzmo.dat : relkjg (11336 bytes)
C:\WINDOWS\otzmo.dat : ybalgr (7471 bytes)
C:\WINDOWS\phhvs.dat : clhoma (64000 bytes)
C:\WINDOWS\PowerReg.dat : gttmy (56832 bytes)
C:\WINDOWS\PowerReg.dat : qehfr (27901 bytes)
C:\WINDOWS\PowerReg.dat : rejut (7305 bytes)
C:\WINDOWS\Prairie Wind.bmp : bglyo (11591 bytes)
C:\WINDOWS\Prairie Wind.bmp : wxexs (3063 bytes)
C:\WINDOWS\pvdir.log : ezkckp (11197 bytes)
C:\WINDOWS\pxiuu.log : hanvhc (30022 bytes)
C:\WINDOWS\pxiuu.log : obnly (30022 bytes)
C:\WINDOWS\pxkii.dat : sieedx (3567 bytes)
C:\WINDOWS\pztwp.log : shybtn (3347 bytes)
C:\WINDOWS\pztwp.log : wiwyg (11388 bytes)
C:\WINDOWS\Q819696.log : wfvpsn (3567 bytes)
C:\WINDOWS\Q828026.log : liqowx (70144 bytes)
C:\WINDOWS\Q828026.log : pigmi (56320 bytes)
C:\WINDOWS\qbnil.txt : ishfol (30022 bytes)
C:\WINDOWS\qchxs.dat : mmlnls (68096 bytes)
C:\WINDOWS\qchxs.dat : nzzsnb (30022 bytes)
C:\WINDOWS\qiqrn.txt : jwpxlo (11197 bytes)
C:\WINDOWS\qpdut.txt : zlwipu (30022 bytes)
C:\WINDOWS\qsmed.dat : rzfwmt (30022 bytes)
C:\WINDOWS\qyhqe.dll : latrhx (30022 bytes)
C:\WINDOWS\regedit.exe : vkumn (55808 bytes)
C:\WINDOWS\Rhododendron.bmp : bjpbk (11197 bytes)
C:\WINDOWS\Rhododendron.bmp : fxbkuk (11197 bytes)
C:\WINDOWS\Rhododendron.bmp : gehxc (11197 bytes)
C:\WINDOWS\River Sumida.bmp : ukihe (30022 bytes)
C:\WINDOWS\rrnsr.log : yshtmm (11197 bytes)
C:\WINDOWS\RtlRack.ini : ijyqy (30022 bytes)
C:\WINDOWS\rxacj.log : kcmdca (11197 bytes)
C:\WINDOWS\rylcd.txt : daked (7305 bytes)
C:\WINDOWS\rylcd.txt : xfwgpi (11592 bytes)
C:\WINDOWS\rzdwk.log : igzzmd (3567 bytes)
C:\WINDOWS\salwg.log : qjwkeq (11592 bytes)
C:\WINDOWS\satmat.ini : aguexd (3567 bytes)
C:\WINDOWS\satmat.ini : rjnnx (11197 bytes)
C:\WINDOWS\SchedLgU.Txt : adcwv (11591 bytes)
C:\WINDOWS\SchedLgU.Txt : jjgtr (30022 bytes)
C:\WINDOWS\sdkdb.dll : jptyb (10752 bytes)
C:\WINDOWS\sdkdb.dll : rcabe (10752 bytes)
C:\WINDOWS\sdkdb.dll : vlvme (10330 bytes)
C:\WINDOWS\sdkic32.dll : ctzzic (11197 bytes)
C:\WINDOWS\sdkip32.dll : ulsekm (30022 bytes)
C:\WINDOWS\sdkip32.dll : ztukes (11592 bytes)
C:\WINDOWS\sdklc32.dll : jwhbdh (30022 bytes)
C:\WINDOWS\sdklc32.dll : kuxvaf (3567 bytes)
C:\WINDOWS\sdklw32.dll : kkmlub (11197 bytes)
C:\WINDOWS\sdkmo.dll : busvf (104142 bytes)
C:\WINDOWS\sdknk32.dll : dnmlj (30022 bytes)
C:\WINDOWS\sdkqq32.dll : dhaze (30022 bytes)
C:\WINDOWS\sdkth.dll : hrevk (11591 bytes)
C:\WINDOWS\sdkth.dll : mvwnb (11336 bytes)
C:\WINDOWS\sdkye32.dll : ymtdmq (7471 bytes)
C:\WINDOWS\sdkzw32.dll : lacchb (11197 bytes)
C:\WINDOWS\setdebug.exe : ocyaxy (11592 bytes)
C:\WINDOWS\setdebug.exe : thejz (27901 bytes)
C:\WINDOWS\SETUP32.INI : yjthp (30022 bytes)
C:\WINDOWS\setupact.log : ctztb (3362 bytes)
C:\WINDOWS\setupact.log : xqcti (10752 bytes)
C:\WINDOWS\setupapi.log.0.old : gdjfab (7305 bytes)
C:\WINDOWS\setupapi.log.0.old : osqfkk (11197 bytes)
C:\WINDOWS\setupapi.log.1.old : zavhub (11336 bytes)
C:\WINDOWS\setuperr.log : prvyk (30022 bytes)
C:\WINDOWS\setuperr.log : vusyv (56320 bytes)
C:\WINDOWS\setuplog.txt : sbgmol (29452 bytes)
C:\WINDOWS\smvsh.txt : xfxqeh (7305 bytes)
C:\WINDOWS\snpp106.ini : cxido (11197 bytes)
C:\WINDOWS\snpp106.ini : dcrfly (11736 bytes)
C:\WINDOWS\snpp106.ini : qftxz (27901 bytes)
C:\WINDOWS\snpp106.ini : ynnpn (56832 bytes)
C:\WINDOWS\snpp106.ini : yuvta (3063 bytes)
C:\WINDOWS\snpp106.ini : zgykyj (30022 bytes)
C:\WINDOWS\snpp106.src : jdfgf (11591 bytes)
C:\WINDOWS\snpp106.src : pgiwhr (3547 bytes)
C:\WINDOWS\SOUNDMAN.EXE : ejkep (11591 bytes)
C:\WINDOWS\SOUNDMAN.EXE : hdxnj (10330 bytes)
C:\WINDOWS\SOUNDMAN.EXE : ueqzb (3347 bytes)
C:\WINDOWS\spupdsvc.log : joydw (56832 bytes)
C:\WINDOWS\spupdsvc.log : xqiik (10330 bytes)
C:\WINDOWS\svcpack.log : kcxrd (11591 bytes)
C:\WINDOWS\svcpack.log : qkmlt (27901 bytes)
C:\WINDOWS\sysiu32.dll : ljhrcz (68096 bytes)
C:\WINDOWS\syslq32.dll : wyipqu (11197 bytes)
C:\WINDOWS\sysmn32.dll : ozbusw (30022 bytes)
C:\WINDOWS\sysow.dll : skxjtg (11197 bytes)
C:\WINDOWS\sysqo.dll : hnjhvn (11197 bytes)
C:\WINDOWS\sysrm.dll : llhwvr (30022 bytes)
C:\WINDOWS\sysrm.dll : lsyfla (11197 bytes)
C:\WINDOWS\syssw.dll : zocvpp (30022 bytes)
C:\WINDOWS\system.ini : ecupc (30022 bytes)
C:\WINDOWS\system.ini : etikfl (30022 bytes)
C:\WINDOWS\system.ini : ijknod (3347 bytes)
C:\WINDOWS\system.ini : lybov (7305 bytes)
C:\WINDOWS\sysws32.dll : wahtrn (30022 bytes)
C:\WINDOWS\TASKMAN.EXE : hmgqo (30022 bytes)
C:\WINDOWS\TASKMAN.EXE : xnbkf (27901 bytes)
C:\WINDOWS\thqiu.dat : egjcfv (7305 bytes)
C:\WINDOWS\TLCUninstall.exe : ltqnm (3063 bytes)
C:\WINDOWS\TLCUninstall.exe : ohuss (11591 bytes)
C:\WINDOWS\tmupdate.ini : amsss (11197 bytes)
C:\WINDOWS\tmupdate.ini : sanht (30022 bytes)
C:\WINDOWS\tmupdate.ini : uzepb (11197 bytes)
C:\WINDOWS\twunk_16.exe : czudi (11591 bytes)
C:\WINDOWS\twunk_16.exe : nibqo (3347 bytes)
C:\WINDOWS\tzdjt.txt : dpqqul (11197 bytes)
C:\WINDOWS\ucczw.dat : yunefx (64000 bytes)
C:\WINDOWS\uksny.dat : ujqavw (3567 bytes)
C:\WINDOWS\UnGins.exe : normia (11197 bytes)
C:\WINDOWS\UnGins.exe : othmw (10752 bytes)
C:\WINDOWS\UnGins.exe : rnjlyn (7305 bytes)
C:\WINDOWS\UniFish3.exe : ktzxh (27901 bytes)
C:\WINDOWS\UniFish3.exe : mfsevp (3547 bytes)
C:\WINDOWS\UniFish3.exe : nghiy (55808 bytes)
C:\WINDOWS\uninst.exe : epyhzy (68096 bytes)
C:\WINDOWS\uninst.exe : hpgbne (30022 bytes)
C:\WINDOWS\UNINST16.EXE : gpkack (30022 bytes)
C:\WINDOWS\UNINST16.EXE : guazy (10752 bytes)
C:\WINDOWS\UNINST16.EXE : jfbqax (4402 bytes)
C:\WINDOWS\unvise32qt.exe : hofbn (27901 bytes)
C:\WINDOWS\unvise32qt.exe : rehquh (7305 bytes)
C:\WINDOWS\upias.txt : dviziv (11736 bytes)
C:\WINDOWS\upusl.txt : lhrbx (30022 bytes)
C:\WINDOWS\urqmm.dat : eidpaj (11197 bytes)
C:\WINDOWS\urqmm.dat : owsedy (7471 bytes)
C:\WINDOWS\uthsw(2).dll : bpzom (29452 bytes)
C:\WINDOWS\uthsw.dll : bpzom (29452 bytes)
C:\WINDOWS\vbaddin.ini : gxlkxi (3567 bytes)
C:\WINDOWS\vbaddin.ini : qvylo (11197 bytes)
C:\WINDOWS\vbaddin.ini : rtggc (11197 bytes)
C:\WINDOWS\vbaddin.ini : ukogks (11197 bytes)
C:\WINDOWS\VIDCAP32.EXE : dlvjc (10752 bytes)
C:\WINDOWS\VIDCAP32.EXE : gqxdf (27901 bytes)
C:\WINDOWS\VIDCAP32.EXE : sdmnn (56320 bytes)
C:\WINDOWS\vjvdn.txt : zyexzs (66560 bytes)
C:\WINDOWS\vminst.log : onicr (30022 bytes)
C:\WINDOWS\vminst.log : yomtj (10752 bytes)
C:\WINDOWS\vsnpp106.exe : zsyws (10752 bytes)
C:\WINDOWS\vubud.txt : xyulpb (11197 bytes)
C:\WINDOWS\waead.txt : bvkzqa (7305 bytes)
C:\WINDOWS\wiaservc.log : jwfzh (27901 bytes)
C:\WINDOWS\wiaservc.log : poyjg (7305 bytes)
C:\WINDOWS\Winamp.ini : ihkmm (3063 bytes)
C:\WINDOWS\Winamp.ini : rgoig (10330 bytes)
C:\WINDOWS\winampa.ini : aijcc (56320 bytes)
C:\WINDOWS\winampa.ini : rytzm (10752 bytes)
C:\WINDOWS\windm32.dll : sudkh (104142 bytes)
C:\WINDOWS\Windows Update.log : gsyfb (7305 bytes)
C:\WINDOWS\Windows Update.log : qoudi (30022 bytes)
C:\WINDOWS\WindowsUpdate.log : aivzo (56832 bytes)
C:\WINDOWS\WindowsUpdate.log : fncgn (10330 bytes)
C:\WINDOWS\WindowsUpdate.log : lunyj (11336 bytes)
C:\WINDOWS\winhlp32.exe : rlcqx (55808 bytes)
C:\WINDOWS\winhlp32.exe : youui (27901 bytes)
C:\WINDOWS\wininit.ini : avasj (10752 bytes)
C:\WINDOWS\wininit.ini : ilejy (11197 bytes)
C:\WINDOWS\wininit.ini : imadq (3347 bytes)
C:\WINDOWS\wininit.ini : nhlne (10752 bytes)
C:\WINDOWS\winmq.dll : gukjgx (30022 bytes)
C:\WINDOWS\winnt.bmp : cqlfd (10752 bytes)
C:\WINDOWS\winnt.bmp : ogehv (11197 bytes)
C:\WINDOWS\winnt256.bmp : gidsg (30022 bytes)
C:\WINDOWS\winnt256.bmp : ginhl (11591 bytes)
C:\WINDOWS\winpx32.dll : ggxnx (30022 bytes)
C:\WINDOWS\WORDPAD.INI : kcndb (3347 bytes)
C:\WINDOWS\WORDPAD.INI : kqkeh (3347 bytes)
C:\WINDOWS\WORDPAD.INI : lfniz (27901 bytes)
C:\WINDOWS\xkeyfb.dat : rrlzfz (11736 bytes)
C:\WINDOWS\xkqeoh.dat : ksweib (7471 bytes)
C:\WINDOWS\xlpsfq.dat : usoscm (3567 bytes)
C:\WINDOWS\xlwpms.dat : nlhxew (66560 bytes)
C:\WINDOWS\xpsp1hfm.log : kizgxj (11197 bytes)
C:\WINDOWS\xpsp1hfm.log : pgitna (30022 bytes)
C:\WINDOWS\xrxcd.log : pfrwpu (64000 bytes)
C:\WINDOWS\xuywh.dll : lgoend (11197 bytes)
C:\WINDOWS\xuywh.dll : pxsqmm (30022 bytes)
C:\WINDOWS\zvqyx.dat : gybvb (30022 bytes)
C:\WINDOWS\zvqyx.dat : togmb (10752 bytes)

Yuck.

Please download TDS-3 from http://tds.diamondcs.com.au/index.php?page=download and update it following the instructions here:
http://tds.diamondcs.com.au/index.php?page=update

Reboot into safe mode and rerun AdsSpy.

I will list the files you should not check to be deleted
Just to make sure you understand I will list the ones that are OK. Everything starting with other filenames should be checked and click Remove Selected.

C:\WINDOWS\AIMPR.INI
C:\WINDOWS\AMCAP.EXE
C:\WINDOWS\avrack.ini
C:\WINDOWS\clock.avi
C:\WINDOWS\FaxSetup.log
C:\WINDOWS\Gone Fishing.bmp
C:\WINDOWS\Greenstone.bmp
C:\WINDOWS\KB823182.log
C:\WINDOWS\KB824141.log
C:\WINDOWS\KB824146.log
C:\WINDOWS\KB826939.log
C:\WINDOWS\KB828035.log
C:\WINDOWS\KB828741.log
C:\WINDOWS\KB833330.log
C:\WINDOWS\KB835732.log
C:\WINDOWS\KB837001.log
C:\WINDOWS\KB839645.log
C:\WINDOWS\KB841873.log
C:\WINDOWS\KB885836.log
C:\WINDOWS\KB888113.log
C:\WINDOWS\KB890175.log
C:\WINDOWS\ODBCINST.INI
C:\WINDOWS\oeuninst.exe
C:\WINDOWS\Q819696.log
C:\WINDOWS\Q828026.log
C:\WINDOWS\Q828026.log
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system.ini
C:\WINDOWS\TASKMAN.EXE
C:\WINDOWS\TLCUninstall.exe
C:\WINDOWS\tmupdate.ini
C:\WINDOWS\twunk_16.exe
C:\WINDOWS\UnGins.exe
C:\WINDOWS\UniFish3.exe
C:\WINDOWS\uninst.exe
C:\WINDOWS\UNINST16.EXE
C:\WINDOWS\unvise32qt.exe
C:\WINDOWS\vbaddin.ini
C:\WINDOWS\VIDCAP32.EXE
C:\WINDOWS\wiaservc.log
C:\WINDOWS\Winamp.ini
C:\WINDOWS\winampa.ini
C:\WINDOWS\WindowsUpdate.log
C:\WINDOWS\winhlp32.exe
C:\WINDOWS\wininit.ini
C:\WINDOWS\winnt.bmp
C:\WINDOWS\winnt256.bmp
C:\WINDOWS\WORDPAD.INI
C:\WINDOWS\xpsp1hfm.log

Some of them should not show up in safe mode, just listing them for completeness sake.

Then start TDS-3 click System Testing > Full System scan.
It should find a bunch of files as Trojan.Agent.bi3 and bi4 plus some associated cr@pware.

Regards,

The computer always shuts down during the TDS-3 scan. I've tried at least 3 times. The scan didn't even go far enough to detect the expected trojans!
I've yet to follow the advice I got from the other thread (just been so busy lately, sorry), I will do that later today(I have to go to work now). Soon we'll get to the bottom of this!


I just noticed for this for the first time, while the comp was "shutdown" I pressed a key from the keyboard and the comp tried to start up, but it shut back down. After a couple of minutes I moved the mouse and the comp started.
After it started I tried to do another TDS-3 scan, but like I said, it would "shutdown" again. ......And after a couple of minutes I would press a key, it would start.
Is that normal? Maybe the comp isn't really completely shutting down?

Here's another program I'd like you to try:

http://www.sysinternals.com/Utilities/RootkitRevealer.html

Regards,

Hi guy's

Duke first follow Metallic's advice first but if the computer is not stable enough to run the scans and you guys think its hardware then follow my advice from your other thread and give it a good cleaning then see if the scans complete.

I will keep a eye on this thread so if you need hardware advice just holler

Rick