Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

A lot of problems...again [Solved]

Started by Casper_aa , Feb 02 2009 04:39 PM

  • This topic is locked This topic is locked

#1
Casper_aa
Posted 02 February 2009 - 04:39 PM

Casper_aa

    Member

  • Member
  • PipPip
  • 57 posts
Couple weeks back i fought off a bunch of nasty infections thanks to this site, but im afraid im in an even worse situation now. I am pretty sure something is still infected on my PC and it has managed to seriously mess a lot of things up.

Recently i had been getting scans of various infections that i promptly removed with avg, but every now and then i would get more, even when i wasnt doing anything. Then today i came on my PC then left it for a couple of hours and when i returned i was heavily infected with a ton of stuff.

I immediately started to try and fix things but my pc just switched off, it took a while before it let me turn it on again but it wouldnt let me log on properly (userinit.exe error). So i restart in safe mode and try to run a malwarebytes scan but it wouldnt let me use it or any other program, though i worked around to some help i found from a google search:

* Click on Start, click Run, and then type devmgmt.msc and click OK
* On the View menu click on Show hidden devices
* Browse to Non-Plug and Play Drivers and you should see something like TDSSserv.sys
* Highlight that driver and right click on it and select DISABLE
* Now RESTART your computer.
* Then running a scan

Which came up with 20 or so problems which i then removed, and on a second scan i just get the same two i always get recently. Those are two userinit infections in the registry.

So finally onto my current problem, i still cannot logon properly. The only way i can see my desktop is if i do ctrl+alt+del > new task(run) > c:/
And that seems to work, otherwise i just see my wallpaper. Also sometimes the internet randomly stops working and windows firewall will not let me turn it on. Im pretty sure theres more hidden problems too, i know theres something hiding just waiting to re-infect my computer just when i think its safe.

If i havent been clear enough just ask for details, i just feel so overwhelmed with all these infections and im getting really sick of having to fight them off all the time.

Link to last thread and HijackThis log:

http://www.geekstogo...le-t224836.html

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:18:53, on 02/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\USB Product Driver v2.33r005\shwicon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: (no name) - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\system32\WSBar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ShowIcon_JustRams_USB Product Driver v2.33r005] "C:\Program Files\USB Product Driver v2.33r005\shwicon.exe" -t"JustRams\USB Product Driver v2.33r005"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus C60 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C60 Series" /O5 "LPT1:" /M "Stylus C60"
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKUS\S-1-5-21-3920652299-1829061476-2836010259-1015\..\Run: [Power2GoExpress] (User 'Gina')
O4 - HKUS\S-1-5-21-3920652299-1829061476-2836010259-1015\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Gina')
O4 - HKUS\S-1-5-21-3920652299-1829061476-2836010259-1015\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all (User 'Gina')
O4 - HKUS\S-1-5-18\..\Run: [jsf8uiw3jnjgffght] C:\WINDOWS\TEMP\winlognn.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [jsf8uiw3jnjgffght] C:\WINDOWS\TEMP\winlognn.exe (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.dll (User 'SYSTEM')
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: Download with &Etomi - res://C:\Program Files\Etomi\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Search with Wanadoo - res://C:\WINDOWS\system32\WSBar.dll/VSearch.htm
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\King Ally\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} - https://authenticate...olInstaller.CAB
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....009/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - https://www.wanadoo....rs/sd0101_5.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co.../sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports....ommon/ieell.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.co...ALStreaming.cab
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoe...ggPublisher.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.na...pdatePortal.cab
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - http://www.earthetc....plugins/ncs.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epso...rg/ESTPTest.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.c...ureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/Ch...VideoContol.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15010/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: High Quality Decompress Service (HQDecompressService) - Unknown owner - C:\Program Files\Common Files\HQManager\hqdecsvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe (file missing)
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 11497 bytes

Edited by Casper_aa, 02 February 2009 - 04:41 PM.

  • 0

Advertisements

#2
emeraldnzl
Posted 06 February 2009 - 02:01 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Casper_aa,

Lets see if you can run this.

Please download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a new HijackThis log.
  • 0

#3
Casper_aa
Posted 07 February 2009 - 06:09 AM

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
My internets decided to stop working so im posting this from another machine, and i couldnt figure out how to disable avg properly but here are the log files:

ComboFix 09-02-06.02 - King Ally 2009-02-07 10:58:06.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.268 [GMT 0:00]
Running from: c:\documents and settings\King Ally\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\services.exe
c:\windows\system32\_003718_.tmp.dll
c:\windows\system32\_003719_.tmp.dll
c:\windows\system32\_003720_.tmp.dll
c:\windows\system32\_003721_.tmp.dll
c:\windows\system32\_003728_.tmp.dll
c:\windows\system32\_003729_.tmp.dll
c:\windows\system32\_003730_.tmp.dll
c:\windows\system32\_003732_.tmp.dll
c:\windows\system32\_003733_.tmp.dll
c:\windows\system32\_003736_.tmp.dll
c:\windows\system32\_003737_.tmp.dll
c:\windows\system32\_003739_.tmp.dll
c:\windows\system32\_003740_.tmp.dll
c:\windows\system32\_003741_.tmp.dll
c:\windows\system32\_003743_.tmp.dll
c:\windows\system32\_003746_.tmp.dll
c:\windows\system32\_003747_.tmp.dll
c:\windows\system32\_003751_.tmp.dll
c:\windows\system32\_003752_.tmp.dll
c:\windows\system32\_003754_.tmp.dll
c:\windows\system32\_003757_.tmp.dll
c:\windows\system32\_003759_.tmp.dll
c:\windows\system32\_003760_.tmp.dll
c:\windows\system32\_003761_.tmp.dll
c:\windows\system32\_003762_.tmp.dll
c:\windows\system32\_003765_.tmp.dll
c:\windows\system32\_003766_.tmp.dll
c:\windows\system32\_003767_.tmp.dll
c:\windows\system32\_003768_.tmp.dll
c:\windows\system32\_003769_.tmp.dll
c:\windows\system32\_003774_.tmp.dll
c:\windows\system32\_003776_.tmp.dll
c:\windows\system32\_003948_.tmp.dll
c:\windows\system32\_003949_.tmp.dll
c:\windows\system32\_003950_.tmp.dll
c:\windows\system32\_003951_.tmp.dll
c:\windows\system32\_003958_.tmp.dll
c:\windows\system32\_003959_.tmp.dll
c:\windows\system32\_003960_.tmp.dll
c:\windows\system32\_003962_.tmp.dll
c:\windows\system32\_003963_.tmp.dll
c:\windows\system32\_003966_.tmp.dll
c:\windows\system32\_003967_.tmp.dll
c:\windows\system32\_003969_.tmp.dll
c:\windows\system32\_003970_.tmp.dll
c:\windows\system32\_003971_.tmp.dll
c:\windows\system32\_003973_.tmp.dll
c:\windows\system32\_003976_.tmp.dll
c:\windows\system32\_003977_.tmp.dll
c:\windows\system32\_003981_.tmp.dll
c:\windows\system32\_003982_.tmp.dll
c:\windows\system32\_003984_.tmp.dll
c:\windows\system32\_003987_.tmp.dll
c:\windows\system32\_003989_.tmp.dll
c:\windows\system32\_003990_.tmp.dll
c:\windows\system32\_003991_.tmp.dll
c:\windows\system32\_003992_.tmp.dll
c:\windows\system32\_003995_.tmp.dll
c:\windows\system32\_003996_.tmp.dll
c:\windows\system32\_003997_.tmp.dll
c:\windows\system32\_003998_.tmp.dll
c:\windows\system32\_003999_.tmp.dll
c:\windows\system32\_004004_.tmp.dll
c:\windows\system32\_004006_.tmp.dll
c:\windows\system32\_004007_.tmp.dll
c:\windows\system32\_005950_.tmp.dll
c:\windows\system32\_005951_.tmp.dll
c:\windows\system32\_005952_.tmp.dll
c:\windows\system32\_005953_.tmp.dll
c:\windows\system32\_005960_.tmp.dll
c:\windows\system32\_005961_.tmp.dll
c:\windows\system32\_005962_.tmp.dll
c:\windows\system32\_005963_.tmp.dll
c:\windows\system32\_005965_.tmp.dll
c:\windows\system32\_005966_.tmp.dll
c:\windows\system32\_005969_.tmp.dll
c:\windows\system32\_005970_.tmp.dll
c:\windows\system32\_005972_.tmp.dll
c:\windows\system32\_005973_.tmp.dll
c:\windows\system32\_005974_.tmp.dll
c:\windows\system32\_005976_.tmp.dll
c:\windows\system32\_005979_.tmp.dll
c:\windows\system32\_005980_.tmp.dll
c:\windows\system32\_005984_.tmp.dll
c:\windows\system32\_005985_.tmp.dll
c:\windows\system32\_005987_.tmp.dll
c:\windows\system32\_005990_.tmp.dll
c:\windows\system32\_005992_.tmp.dll
c:\windows\system32\_005993_.tmp.dll
c:\windows\system32\_005994_.tmp.dll
c:\windows\system32\_005995_.tmp.dll
c:\windows\system32\_005996_.tmp.dll
c:\windows\system32\_005999_.tmp.dll
c:\windows\system32\_006000_.tmp.dll
c:\windows\system32\_006001_.tmp.dll
c:\windows\system32\_006002_.tmp.dll
c:\windows\system32\_006003_.tmp.dll
c:\windows\system32\_006008_.tmp.dll
c:\windows\system32\_006010_.tmp.dll
c:\windows\system32\7.tmp
c:\windows\system32\8.tmp
c:\windows\system32\autochk.dll
c:\windows\system32\B.tmp
c:\windows\system32\CMMGR32.EXE
c:\windows\system32\FM20(2).DLL
c:\windows\system32\ipflr.dll
c:\windows\system32\Show Pink Zone.ico
c:\windows\system32\spzax.ocx
c:\windows\system32\spzico.ico
c:\windows\system32\spzico.ico.bak0
c:\windows\system32\TDSSmtve.dat
c:\windows\system32\tmp.reg
c:\windows\system32\twex.exe
c:\windows\system32\u2g.f
c:\windows\system32\uninstall.exe

----- BITS: Possible infected sites -----

hxxp://bgbtorlopos.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PROTECT
-------\Legacy_TDSSSERV.SYS
-------\Service_Passthru
-------\Service_TDSSserv.sys


((((((((((((((((((((((((( Files Created from 2009-01-07 to 2009-02-07 )))))))))))))))))))))))))))))))
.

2009-02-06 16:03 . 2009-02-06 16:03 22,016 --ahs---- c:\documents and settings\Gina\protect.dll
2009-02-05 21:38 . 2009-02-05 21:38 33,920 --a------ c:\windows\system32\drivers\yyhxtnod.sys
2009-02-05 21:29 . 2009-02-05 21:29 33,920 --a------ c:\windows\system32\drivers\kbyflrta.sys
2009-02-05 21:10 . 2009-02-05 21:10 2,677 --a------ c:\windows\system32\1B.tmp
2009-02-05 21:10 . 2009-02-05 21:10 168 --a------ c:\windows\system32\1A.tmp
2009-02-05 21:09 . 2009-02-05 21:09 67,585 --a------ c:\windows\system32\16.tmp
2009-02-05 21:09 . 2009-02-05 21:09 67,585 --a------ c:\windows\system32\15.tmp
2009-02-05 21:09 . 2009-02-05 21:09 67,585 --a------ c:\windows\system32\11.tmp
2009-02-05 21:09 . 2009-02-05 21:09 32,768 --ah----- c:\documents and settings\Mike Allen\aubcvr.exe
2009-02-05 21:09 . 2009-02-05 21:09 23,553 --a------ c:\windows\system32\14.tmp
2009-02-05 21:09 . 2009-02-05 21:09 23,553 --a------ c:\windows\system32\13.tmp
2009-02-05 21:09 . 2009-02-06 16:03 130 --a------ c:\windows\adobe.bat
2009-02-05 21:09 . 2009-02-05 21:20 6 --a------ c:\windows\_id.dat
2009-02-05 21:09 . 2009-02-05 21:09 0 --a------ c:\windows\system32\18.tmp
2009-02-05 21:09 . 2009-02-05 21:09 0 --a------ c:\windows\system32\17.tmp
2009-02-05 21:08 . 2009-02-05 21:08 168 --a------ c:\windows\system32\E.tmp
2009-02-05 21:08 . 2009-02-05 21:08 0 --a------ c:\windows\system32\F.tmp
2009-02-05 21:07 . 2009-02-05 21:07 168 --a------ c:\windows\system32\A.tmp
2009-02-05 21:07 . 2009-02-05 21:07 168 --a------ c:\windows\system32\4.tmp
2009-02-05 13:13 . 2009-02-05 21:09 66,560 ---h----- c:\windows\system32\secupdat.dat
2009-02-05 13:13 . 2009-02-05 21:09 53,248 --a------ c:\windows\system32\drivers\ndisio.sys
2009-02-05 13:13 . 2009-02-05 13:13 32,768 --ah----- c:\documents and settings\King Ally\qtmx.exe
2009-02-05 13:12 . 2009-02-05 13:12 30,848 --a------ c:\windows\system32\drivers\weltkpxyjuvphk.sys
2009-02-05 13:12 . 2009-02-05 13:12 168 --a------ c:\windows\system32\3.tmp
2009-02-05 13:12 . 2009-02-05 13:12 0 --a------ c:\windows\system32\6.tmp
2009-02-03 19:51 . 2009-02-03 19:51 22,016 --ahs---- c:\documents and settings\LocalService\protect.dll
2009-02-03 19:25 . 2009-02-03 19:25 22,016 --ahs---- c:\documents and settings\Mike Allen\protect.dll
2009-02-03 19:22 . 2009-02-03 19:22 22,016 --ahs---- c:\documents and settings\NetworkService\protect.dll
2009-02-02 22:05 . 2009-02-02 22:05 0 --a------ c:\windows\system32\31.tmp
2009-02-02 20:46 . 2009-02-02 20:46 0 --a------ C:\New RecoveryFix Document.RFX
2009-02-02 20:38 . 2009-02-02 20:38 0 --a------ c:\windows\system32\5.tmp
2009-02-02 14:39 . 2009-02-02 14:39 0 --a------ c:\windows\system32\44.tmp
2009-02-02 13:22 . 2009-02-02 13:22 22,016 --ahs---- c:\windows\system32\config\systemprofile\protect.dll
2009-02-02 13:22 . 2009-02-02 13:22 22,016 --ahs---- c:\documents and settings\King Ally\protect.dll
2009-02-02 13:20 . 2009-02-07 10:46 <DIR> d--hs---- c:\windows\system32\twain32
2009-02-02 13:07 . 2009-02-02 13:12 164,100 --a------ c:\windows\system32\116.tmp
2009-02-01 14:03 . 2009-02-01 14:03 <DIR> d-------- c:\program files\COMODO
2009-02-01 14:03 . 2009-02-01 15:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\comodo
2009-01-31 21:39 . 2009-02-01 15:16 <DIR> d-------- c:\program files\Return to Castle Wolfenstein
2009-01-31 21:37 . 2009-01-31 21:44 810 --a------ c:\windows\Rtcw.INI
2009-01-31 12:09 . 2009-02-01 17:16 54,156 --ah----- c:\windows\QTFont.qfn
2009-01-31 12:09 . 2009-01-31 12:09 1,409 --a------ c:\windows\QTFont.for
2009-01-28 11:21 . 2009-01-28 11:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2009-01-27 20:27 . 2009-01-27 20:27 <DIR> d-------- c:\program files\Sunflowers
2009-01-19 14:32 . 2009-01-19 14:32 <DIR> d-------- c:\program files\Square Soft, Inc
2009-01-17 14:46 . 2007-10-26 03:36 8,454,656 --a------ c:\windows\system32\dllcache\shell32.dll
2009-01-17 14:45 . 2008-08-14 10:00 2,180,352 --a------ c:\windows\system32\ntoskrnl.exe
2009-01-13 17:47 . 2009-01-13 17:47 <DIR> d-------- c:\program files\Trend Micro
2009-01-13 16:24 . 2009-01-13 16:24 <DIR> d-------- c:\windows\system32\XPSViewer
2009-01-13 16:24 . 2009-01-13 16:24 <DIR> d-------- c:\program files\MSBuild
2009-01-13 16:23 . 2009-01-13 16:23 <DIR> d-------- c:\program files\Reference Assemblies
2009-01-13 16:20 . 2009-01-13 16:23 <DIR> d-------- C:\a2c71828c439325f27c314
2009-01-13 16:20 . 2008-07-06 12:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-01-13 16:20 . 2008-07-06 12:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll
2009-01-13 16:20 . 2008-07-06 10:50 614,912 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-01-13 16:20 . 2008-07-06 12:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-01-13 16:20 . 2008-07-06 12:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll
2009-01-13 16:20 . 2008-07-06 12:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-01-13 16:20 . 2008-07-06 12:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-01-13 16:18 . 2009-01-13 16:55 <DIR> d-------- c:\windows\SxsCaPendDel
2009-01-13 16:05 . 2009-01-13 16:05 <DIR> d-------- c:\program files\MSXML 6.0
2009-01-13 14:56 . 2004-08-04 05:00 71,040 --------- c:\windows\system32\drivers\_003923_.tmp.dll
2009-01-09 22:01 . 2009-01-09 22:09 <DIR> d-------- C:\WORMSCD
2009-01-09 21:52 . 2009-01-10 18:14 <DIR> d-------- c:\program files\VDMSound
2009-01-07 18:55 . 2009-01-07 19:00 <DIR> d-------- C:\jdk
2009-01-07 18:54 . 2009-01-07 19:03 <DIR> d-------- c:\documents and settings\King Ally\.SunDownloadManager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 19:25 --------- d-----w c:\program files\CCleaner
2009-02-01 19:18 --------- d-----w c:\documents and settings\King Ally\Application Data\uTorrent
2009-02-01 19:17 --------- d-----w c:\documents and settings\King Ally\Application Data\LimeWire
2009-02-01 17:08 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-02-01 15:16 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-01-31 21:29 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-27 22:17 --------- d-----w c:\program files\ATI Technologies
2009-01-10 18:45 --------- d-----w c:\program files\DOSBox-0.72
2009-01-07 19:19 --------- d-----w c:\program files\Java
2009-01-04 11:16 --------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-03 19:26 --------- d-----w c:\program files\MSN Messenger
2009-01-03 16:18 --------- d-----w c:\documents and settings\King Ally\Application Data\Lavasoft
2009-01-02 21:58 --------- d-----w c:\documents and settings\King Ally\Application Data\Malwarebytes
2009-01-02 21:58 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-30 12:28 --------- d-----w c:\documents and settings\All Users\Application Data\SecTaskMan
2008-12-17 11:57 --------- d-----w c:\program files\Steam
2008-12-13 13:06 --------- d-----w c:\program files\Bonjour
2008-12-13 12:37 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2008-12-11 11:57 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 18:03 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-09 19:21 --------- d-----w c:\program files\Common Files\Macromedia
2008-12-09 19:20 --------- d-----w c:\program files\Macromedia
2006-09-07 20:19 32,768 -csha-w c:\windows\system32\config\systemprofile\Application Data\Microsoft\Internet Explorer\UserData\index.dat
2006-09-04 16:19 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012006082820060904\index.dat
2006-09-04 17:20 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012006090420060905\index.dat
2006-09-05 20:01 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012006090520060906\index.dat
.

------- Sigcheck -------

2004-08-04 06:56 31744 99e1d082e99be4e803e4a32f843c1d30 c:\windows\ServicePackFiles\i386\svchost.exe
2008-04-14 00:12 31744 2435527bf2926cd8affc973c68b2e42d c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe
2004-08-04 06:56 31744 6661627d1633e23099c7354c83330f9b c:\windows\system32\svchost.exe

2007-06-13 10:23 1050624 76a293f4112e51c30838ea5e5450cc83 c:\windows\explorer.exe
2007-06-13 11:26 1050624 e0be8d7d7e03ec33f2b602364376e673 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 06:56 1049600 e4b6b87e0167ebcb6ede0e1ff93fecb1 c:\windows\$NtUninstallKB938828$\explorer.exe
2004-08-04 06:56 1049600 dc7c68470133d149abd25c80bdf5ae7a c:\windows\ServicePackFiles\i386\explorer.exe
2008-04-14 00:12 1051136 82ad828eda7bc782977097e723c3773c c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
2007-06-13 10:23 1050624 65a0900749903289723249f86d35531f c:\windows\system32\dllcache\explorer.exe

2004-08-04 06:56 32768 bf66f175ddaa15f81d97afe56144392e c:\windows\ServicePackFiles\i386\ctfmon.exe
2008-04-14 00:12 32768 f6d200c3efc4b8baf5fee7c9661c822c c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe
2004-08-04 06:56 32768 46f99f2387ed706f425767445d6840a4 c:\windows\system32\ctfmon.exe
2004-08-04 06:56 32768 4fe000a4ba543bcc95f745e5de0a978c c:\windows\system32\dllcache\ctfmon.exe

2005-06-11 00:17 75264 d349d23fa21935d46bd23dcdd06c7140 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 06:56 75264 a6b4b1a7f4be58ecd07b27113e8e1c6b c:\windows\$NtUninstallKB896423$\spoolsv.exe
2004-08-04 06:56 75264 57a71f1929490d8e8a5fd760d5f1e551 c:\windows\ServicePackFiles\i386\spoolsv.exe
2008-04-14 00:12 75264 76910dac2e8c18f3ac3a841f53cfa625 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\spoolsv.exe
2005-06-10 23:53 75264 0648f131974b402041840d414b990145 c:\windows\system32\spoolsv.exe

2004-08-04 06:56 41984 9c6a37580a75499093e2673648db30e5 c:\windows\ServicePackFiles\i386\userinit.exe
2008-04-14 00:12 43520 0d1767756412cbd4dcb3b90901d346a1 c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe
2009-01-23 15:05 53248 0fe6d008e541ae1c16c0f90235f956c0 c:\windows\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-08 136600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-06-01 86016]
"ShowIcon_JustRams_USB Product Driver v2.33r005"="c:\program files\USB Product Driver v2.33r005\shwicon.exe" [2005-04-22 102400]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-04-05 98304]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 81920]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 c:\windows\SOUNDMAN.EXE]
"CARPService"="carpserv.exe" [2003-06-11 c:\windows\system32\carpserv.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"autochk"="c:\docume~1\LOCALS~1\protect.dll" [2009-02-03 22016]

c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\
ChkDisk.dll [2009-02-02 22016]

c:\documents and settings\Gina\Start Menu\Programs\Startup\
ChkDisk.dll [2009-02-06 22016]
ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-01-22 50688]

c:\documents and settings\Mike Allen\Start Menu\Programs\Startup\
ChkDisk.dll [2009-02-03 22016]
ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-01-22 50688]

c:\documents and settings\King Ally\Start Menu\Programs\Startup\
ChkDisk.dll [2009-02-05 22016]
ChkDisk.lnk - c:\windows\system32\rundll32.exe [2004-01-22 50688]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
EPSON Status Monitor 3 Environment Check 2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2005-01-23 144896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2008-07-09 21:53 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"msacm.ctmp3"= c:\windows\system32\ctmp3.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^LimeWire 4.2.6.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\LimeWire 4.2.6.lnk
backup=c:\windows\pss\LimeWire 4.2.6.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^King Ally^Start Menu^Programs^Startup^YouTube Uploader.lnk]
path=c:\documents and settings\King Ally\Start Menu\Programs\Startup\YouTube Uploader.lnk
backup=c:\windows\pss\YouTube Uploader.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\4oD]
--a------ 2007-04-23 09:23 1032640 c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Etomi]
--a------ 2005-01-21 12:46 3878912 c:\program files\Etomi\Shareaza.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-08-14 12:13 119280 c:\documents and settings\King Ally\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
--a------ 2007-04-23 09:23 1032640 c:\program files\Kontiki\KHost.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 15:24 1711616 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-04-05 19:58 98304 c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 18:42 53248 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
--a------ 2004-01-26 10:38 884224 c:\program files\Thomson\SpeedTouch USB\dragdiag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-06-01 16:22 1540096 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\System32\\dpnsvr.exe"=
"c:\\WINDOWS\\System32\\dxdiag.exe"=
"c:\\WINDOWS\\System32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Etomi\\Shareaza.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\HelpCtr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\system32\\ccapp.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\jambojames\\half-life 2\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\jambojames\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Steam\\steamapps\\jambojames\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2007\\fm.exe"=
"c:\\Program Files\\Steam\\steamapps\\jambojames\\the ship\\ship.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Steam\\steamapps\\jambojames\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\jambojames\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Sid Meier's Civilization Chronicles\\Sid Meier's Civilization II Multiplayer Gold\\civ2.exe"=
"c:\\Program Files\\LimeWire\\LimeWire 4.2.6\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\Gina\\Desktop\\incredimail_install.exe"=
"c:\\Team17\\Worms Armageddon\\wa.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-05-25 97928]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-05-25 231704]
S1 ethwagkg;ethwagkg;c:\windows\system32\drivers\ethwagkg.sys --> c:\windows\system32\drivers\ethwagkg.sys [?]
S2 HQDecompressService;High Quality Decompress Service;c:\program files\Common Files\HQManager\hqdecsvc.exe --> c:\program files\Common Files\HQManager\hqdecsvc.exe [?]
S2 oornafgazewr;oornafgazewr;c:\windows\system32\drivers\weltkpxyjuvphk.sys [2009-02-05 30848]
S3 bizkcsit;bizkcsit;\??\c:\windows\System32\Drivers\bizkcsit.sys --> c:\windows\System32\Drivers\bizkcsit.sys [?]
S3 boirhhia;boirhhia;\??\c:\windows\System32\Drivers\boirhhia.sys --> c:\windows\System32\Drivers\boirhhia.sys [?]
S3 cdkbkjvx;cdkbkjvx;\??\c:\windows\System32\Drivers\cdkbkjvx.sys --> c:\windows\System32\Drivers\cdkbkjvx.sys [?]
S3 cjmwbvgp;cjmwbvgp;\??\c:\windows\System32\Drivers\cjmwbvgp.sys --> c:\windows\System32\Drivers\cjmwbvgp.sys [?]
S3 dcuuhsxp;dcuuhsxp;\??\c:\windows\System32\Drivers\dcuuhsxp.sys --> c:\windows\System32\Drivers\dcuuhsxp.sys [?]
S3 dkkpgtbm;dkkpgtbm;\??\c:\windows\System32\Drivers\dkkpgtbm.sys --> c:\windows\System32\Drivers\dkkpgtbm.sys [?]
S3 dqethnye;dqethnye;\??\c:\windows\System32\Drivers\dqethnye.sys --> c:\windows\System32\Drivers\dqethnye.sys [?]
S3 ewdmaudn;ewdmaudn;\??\c:\docume~1\MIKEAL~1\LOCALS~1\Temp\ewdmaudn.sys --> c:\docume~1\MIKEAL~1\LOCALS~1\Temp\ewdmaudn.sys [?]
S3 expjroxc;expjroxc;\??\c:\windows\System32\Drivers\expjroxc.sys --> c:\windows\System32\Drivers\expjroxc.sys [?]
S3 fwsrwofh;fwsrwofh;\??\c:\windows\System32\Drivers\fwsrwofh.sys --> c:\windows\System32\Drivers\fwsrwofh.sys [?]
S3 ggxzqvkq;ggxzqvkq;\??\c:\windows\System32\Drivers\ggxzqvkq.sys --> c:\windows\System32\Drivers\ggxzqvkq.sys [?]
S3 gpjcqavl;gpjcqavl;\??\c:\windows\System32\Drivers\gpjcqavl.sys --> c:\windows\System32\Drivers\gpjcqavl.sys [?]
S3 hgtzjfne;hgtzjfne;\??\c:\windows\System32\Drivers\hgtzjfne.sys --> c:\windows\System32\Drivers\hgtzjfne.sys [?]
S3 hjbjwmso;hjbjwmso;\??\c:\windows\System32\Drivers\hjbjwmso.sys --> c:\windows\System32\Drivers\hjbjwmso.sys [?]
S3 hppjwiiu;hppjwiiu;\??\c:\windows\System32\Drivers\hppjwiiu.sys --> c:\windows\System32\Drivers\hppjwiiu.sys [?]
S3 irnxyhvz;irnxyhvz;\??\c:\windows\System32\Drivers\irnxyhvz.sys --> c:\windows\System32\Drivers\irnxyhvz.sys [?]
S3 iwmujwol;iwmujwol;\??\c:\windows\System32\Drivers\iwmujwol.sys --> c:\windows\System32\Drivers\iwmujwol.sys [?]
S3 jvicthai;jvicthai;\??\c:\windows\System32\Drivers\jvicthai.sys --> c:\windows\System32\Drivers\jvicthai.sys [?]
S3 jxwniott;jxwniott;\??\c:\windows\System32\Drivers\jxwniott.sys --> c:\windows\System32\Drivers\jxwniott.sys [?]
S3 kbyflrta;kbyflrta;c:\windows\system32\drivers\kbyflrta.sys [2009-02-05 33920]
S3 kdtgkioz;kdtgkioz;\??\c:\windows\System32\Drivers\kdtgkioz.sys --> c:\windows\System32\Drivers\kdtgkioz.sys [?]
S3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [2005-01-11 23296]
S3 nghrbhsq;nghrbhsq;\??\c:\windows\System32\Drivers\nghrbhsq.sys --> c:\windows\System32\Drivers\nghrbhsq.sys [?]
S3 nipqnzwp;nipqnzwp;\??\c:\windows\System32\Drivers\nipqnzwp.sys --> c:\windows\System32\Drivers\nipqnzwp.sys [?]
S3 oiodmuye;oiodmuye;\??\c:\windows\System32\Drivers\oiodmuye.sys --> c:\windows\System32\Drivers\oiodmuye.sys [?]
S3 ojxrnytc;ojxrnytc;\??\c:\windows\System32\Drivers\ojxrnytc.sys --> c:\windows\System32\Drivers\ojxrnytc.sys [?]
S3 osjneqjp;osjneqjp;\??\c:\windows\System32\Drivers\osjneqjp.sys --> c:\windows\System32\Drivers\osjneqjp.sys [?]
S3 QCEmerald;Logitech QuickCam Web;c:\windows\system32\drivers\OVCE.sys [2005-04-09 31872]
S3 rjncqemj;rjncqemj;\??\c:\windows\System32\Drivers\rjncqemj.sys --> c:\windows\System32\Drivers\rjncqemj.sys [?]
S3 tiejgddh;tiejgddh;\??\c:\windows\System32\Drivers\tiejgddh.sys --> c:\windows\System32\Drivers\tiejgddh.sys [?]
S3 tunvwvpx;tunvwvpx;\??\c:\windows\System32\Drivers\tunvwvpx.sys --> c:\windows\System32\Drivers\tunvwvpx.sys [?]
S3 twjjsyok;twjjsyok;\??\c:\windows\System32\Drivers\twjjsyok.sys --> c:\windows\System32\Drivers\twjjsyok.sys [?]
S3 txfxulib;txfxulib;\??\c:\windows\System32\Drivers\txfxulib.sys --> c:\windows\System32\Drivers\txfxulib.sys [?]
S3 uulxgqxu;uulxgqxu;\??\c:\windows\System32\Drivers\uulxgqxu.sys --> c:\windows\System32\Drivers\uulxgqxu.sys [?]
S3 uwludhgp;uwludhgp;\??\c:\windows\System32\Drivers\uwludhgp.sys --> c:\windows\System32\Drivers\uwludhgp.sys [?]
S3 vblbxxgk;vblbxxgk;\??\c:\windows\System32\Drivers\vblbxxgk.sys --> c:\windows\System32\Drivers\vblbxxgk.sys [?]
S3 vznbvkod;vznbvkod;\??\c:\windows\System32\Drivers\vznbvkod.sys --> c:\windows\System32\Drivers\vznbvkod.sys [?]
S3 wtxrjyfu;wtxrjyfu;\??\c:\windows\System32\Drivers\wtxrjyfu.sys --> c:\windows\System32\Drivers\wtxrjyfu.sys [?]
S3 xftehils;xftehils;\??\c:\windows\System32\Drivers\xftehils.sys --> c:\windows\System32\Drivers\xftehils.sys [?]
S3 yyhxtnod;yyhxtnod;c:\windows\system32\drivers\yyhxtnod.sys [2009-02-05 33920]
S3 zmsozdnc;zmsozdnc;\??\c:\windows\System32\Drivers\zmsozdnc.sys --> c:\windows\System32\Drivers\zmsozdnc.sys [?]
S3 zvoxtbcn;zvoxtbcn;\??\c:\windows\System32\Drivers\zvoxtbcn.sys --> c:\windows\System32\Drivers\zvoxtbcn.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f48c8fc-4396-11dd-9744-001109aa659d}]
\Shell\AutoRun\command - e:\wd_windows_tools\WDSetup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-07 c:\windows\Tasks\User_Feed_Synchronization-{A9C82955-5237-4C25-A479-404FB557E434}.job
- c:\windows\system32\msfeedssync.exe [2006-04-13 22:14]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-services - c:\windows\services.exe
HKCU-Run-WebCamRT.exe - (no file)
HKU-Default-Run-jsf8uiw3jnjgffght - c:\windows\TEMP\winlognn.exe
HKU-Default-Run-services - c:\windows\services.exe
HKLM-Explorer_Run-services - c:\windows\services.exe
HKCU-Explorer_Run-services - c:\windows\services.exe
HKU-Default-Explorer_Run-services - c:\windows\services.exe
MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
MSConfigStartUp-Clean Space 10 trayagent - c:\progra~1\TEOSOFT.COM\trayagent.exe
MSConfigStartUp-Power2GoExpress - c:\program files\Ares\Ares.exe
MSConfigStartUp-Spyware Cleaner - c:\program files\Spyware Cleaner\SpywareCleaner.Exe
MSConfigStartUp-STYLEXP - c:\program files\TGTSoft\StyleXP\StyleXP.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\King Ally\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} - hxxps://authenticate.gateway.gov.uk/ClientObjects/SignatureControlInstaller.CAB
DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - hxxp://www.earthetc.com/ecwplugins/ncs.cab
DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} - hxxp://img.funtigo.com/images/uploader/ssiPictureUploader.cab
FF - ProfilePath - c:\documents and settings\King Ally\Application Data\Mozilla\Firefox\Profiles\4frr4xzb.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\documents and settings\King Ally\Local Settings\Application Data\Google\Update\1.2.121.17\npGoogleOneClick.dll
FF - plugin: c:\program files\GameTap\bin\Release\npgametaptool.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npvideoegg-loader.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.08
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-07 11:23:09
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3920652299-1829061476-2836010259-1011\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-3920652299-1829061476-2836010259-1011\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*Ô*,%\OpenWithList]
@Class="Shell"
"a"="CTCMS.exe"
"MRUList"="a"

[HKEY_USERS\S-1-5-21-3920652299-1829061476-2836010259-1011\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*Ô*,%\OpenWithProgids]
"%Ô-_auto_file"=hex(0):

[HKEY_USERS\S-1-5-21-3920652299-1829061476-2836010259-1011\Software\Microsoft\Windows\CurrentVersion\UnreadMail]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-3920652299-1829061476-2836010259-1011\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]]
"MessageCount"=dword:00000000
"TimeStamp"=hex:a2,2a,54,95,01,34,c7,01
"Application"="msimn"

[HKEY_USERS\S-1-5-21-3920652299-1829061476-2836010259-1011\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]]
"MessageCount"=dword:00000003
"TimeStamp"=hex:0c,a5,44,36,11,89,c9,01
"Application"="http://www.hotmail.com/"

[HKEY_USERS\S-1-5-21-3920652299-1829061476-2836010259-1011\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]]
"MessageCount"=dword:00000000
"TimeStamp"=hex:b0,8f,9b,26,f0,ca,c8,01
"Application"="http://www.hotmail.com/"

[HKEY_USERS\S-1-5-21-3920652299-1829061476-2836010259-1011\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]]
"MessageCount"=dword:00000000
"TimeStamp"=hex:f4,fc,b3,f2,68,27,c7,01
"Application"="http://www.hotmail.com/"

[HKEY_USERS\S-1-5-21-3920652299-1829061476-2836010259-1011\Software\Microsoft\Windows\CurrentVersion\UnreadMail\[email protected]]
"MessageCount"=dword:00000001
"TimeStamp"=hex:aa,6c,3b,9f,8a,e6,c8,01
"Application"="http://www.hotmail.com/"

[HKEY_USERS\S-1-5-21-3920652299-1829061476-2836010259-1011\Software\SecuROM\License information*]
"datasecu"=hex:8f,8b,f6,cf,f4,cb,36,ce,a9,5a,dd,46,f1,d1,df,3d,86,d6,bd,82,19,
80,57,ae,26,f6,20,22,d6,ad,f0,36,5e,b3,6b,3c,50,c4,ed,0a,a9,d8,9c,68,7f,c0,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(356)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\avgrsstx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\MsPMSPSv.exe
c:\windows\system32\spool\drivers\w32x86\3\E_A10IC2.EXE
c:\program files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2009-02-07 11:32:42 - machine was rebooted [King Ally]
ComboFix-quarantined-files.txt 2009-02-07 11:32:37

Pre-Run: 91,689,623,552 bytes free
Post-Run: 95,307,595,776 bytes free

534 --- E O F --- 2009-01-17 22:59:55


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:48:22, on 07/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\USB Product Driver v2.33r005\shwicon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgtray.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\system32\WSBar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ShowIcon_JustRams_USB Product Driver v2.33r005] "C:\Program Files\USB Product Driver v2.33r005\shwicon.exe" -t"JustRams\USB Product Driver v2.33r005"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKUS\S-1-5-18\..\Run: [jsf8uiw3jnjgffght] C:\WINDOWS\TEMP\winlognn.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [autochk] rundll32.exe C:\DOCUME~1\LOCALS~1\protect.dll,_IWMPEvents@16 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [jsf8uiw3jnjgffght] C:\WINDOWS\TEMP\winlognn.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [services] C:\WINDOWS\services.exe (User 'Default user')
O4 - S-1-5-18 Startup: ChkDisk.dll (User 'SYSTEM')
O4 - S-1-5-18 Startup: ChkDisk.lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: ChkDisk.dll (User 'Default user')
O4 - .DEFAULT Startup: ChkDisk.lnk = ? (User 'Default user')
O4 - Startup: ChkDisk.dll
O4 - Startup: ChkDisk.lnk = ?
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\King Ally\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {00000000-A6C3-4023-AE3A-22F2983D851D} - https://authenticate...olInstaller.CAB
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....009/CTSUEng.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.co.../sysreqlab3.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zon...kr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.mess.../Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {33288993-5664-11D4-8B5B-00D0B73B3518} (ell Class) - http://www.easports....ommon/ieell.cab
O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.co...ALStreaming.cab
O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoe...ggPublisher.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail....es/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {5F0C30E4-1E72-4DCC-85E5-57810F1CA97B} (McUpdatePortalFactory Class) - https://mysupport.na...pdatePortal.cab
O16 - DPF: {76A2A0AB-38B7-46DB-8E47-F10CDE4D7920} - http://www.earthetc....plugins/ncs.cab
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://esupport.epso...rg/ESTPTest.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.c...ureUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O16 - DPF: {B9A296D4-38AC-4566-8168-F7ACAF7D35E6} (Eyeball Video Session Control) - http://imlive.com/Ch...VideoContol.cab
O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemreq...m/sysreqlab.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.on...e/en/crlocx.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15010/CTPID.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...wn.cab31267.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: High Quality Decompress Service (HQDecompressService) - Unknown owner - C:\Program Files\Common Files\HQManager\hqdecsvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe (file missing)
O23 - Service: McAfee SpamKiller Server (MskService) - Unknown owner - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 10692 bytes

Edited by Casper_aa, 07 February 2009 - 06:11 AM.

  • 0

#4
emeraldnzl
Posted 07 February 2009 - 01:23 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Casper_aa,

i couldnt figure out how to disable avg


Try this:

How to disable AVG's Resident Shield.

Right click the AVG icon and click Open.

In the Overview panel click on Resident Sheild > Uncheck the Resident Sheild Active box > Save Changes.

Now

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

http://www.geekstogo...42#entry1453042
KillAll::

Collect::
c:\windows\system32\drivers\yyhxtnod.sys
c:\windows\system32\drivers\kbyflrta.sys
c:\windows\system32\1B.tmp
c:\windows\system32\16.tmp
c:\windows\system32\15.tmp
c:\windows\system32\11.tmp
c:\windows\system32\14.tmp
c:\windows\system32\13.tmp
c:\documents and settings\Mike Allen\aubcvr.exe
c:\windows\system32\18.tmp
c:\windows\system32\17.tmp
c:\windows\system32\E.tmp
c:\windows\system32\F.tmp
c:\windows\system32\A.tmp
c:\windows\system32\4.tmp
c:\windows\system32\secupdat.dat
c:\windows\system32\drivers\ndisio.sys
c:\documents and settings\King Ally\qtmx.exe
c:\windows\system32\drivers\weltkpxyjuvphk.sys
c:\windows\system32\5.tmp
c:\windows\system32\44.tmp
c:\windows\system32\drivers\ethwagkg.sys
c:\windows\system32\drivers\weltkpxyjuvphk.sys
c:\windows\System32\Drivers\bizkcsit.sys
c:\windows\System32\Drivers\boirhhia.sys
c:\windows\System32\Drivers\cdkbkjvx.sys
c:\windows\System32\Drivers\cjmwbvgp.sys
c:\windows\System32\Drivers\dcuuhsxp.sys
c:\windows\System32\Drivers\dkkpgtbm.sys
c:\windows\System32\Drivers\dqethnye.sys
c:\docume~1\MIKEAL~1\LOCALS~1\Temp\ewdmaudn.sys
c:\windows\System32\Drivers\expjroxc.sys
c:\windows\System32\Drivers\fwsrwofh.sys
c:\windows\System32\Drivers\ggxzqvkq.sys
c:\windows\System32\Drivers\gpjcqavl.sys
c:\windows\System32\Drivers\hgtzjfne.sys
c:\windows\System32\Drivers\hjbjwmso.sys
c:\windows\System32\Drivers\hppjwiiu.sys
c:\windows\System32\Drivers\irnxyhvz.sys
c:\windows\System32\Drivers\iwmujwol.sys
c:\windows\System32\Drivers\jvicthai.sys
c:\windows\System32\Drivers\jxwniott.sys
c:\windows\system32\drivers\kbyflrta.sys
c:\windows\System32\Drivers\kdtgkioz.sys
c:\windows\System32\Drivers\nghrbhsq.sys
c:\windows\System32\Drivers\nipqnzwp.sys
c:\windows\System32\Drivers\oiodmuye.sys
c:\windows\System32\Drivers\ojxrnytc.sys
c:\windows\System32\Drivers\osjneqjp.sys
c:\windows\System32\Drivers\rjncqemj.sys
c:\windows\System32\Drivers\tiejgddh.sys
c:\windows\System32\Drivers\tunvwvpx.sys
c:\windows\System32\Drivers\twjjsyok.sys
c:\windows\System32\Drivers\txfxulib.sys
c:\windows\System32\Drivers\uulxgqxu.sys
c:\windows\System32\Drivers\uwludhgp.sys
c:\windows\System32\Drivers\vblbxxgk.sys
c:\windows\System32\Drivers\vznbvkod.sys
c:\windows\System32\Drivers\wtxrjyfu.sys
c:\windows\System32\Drivers\xftehils.sys
c:\windows\system32\drivers\yyhxtnod.sys
c:\windows\System32\Drivers\zmsozdnc.sys
c:\windows\System32\Drivers\zvoxtbcn.sys

FCopy::
c:\windows\ServicePackFiles\i386\userinit.exe | c:\windows\system32\userinit.exe

REGNULL::
[HKEY_USERS\S-1-5-21-3920652299-1829061476-2836010259-1011\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*Ô*,%\OpenWithList]
[HKEY_USERS\S-1-5-21-3920652299-1829061476-2836010259-1011\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*%*Ô*,%\OpenWithProgids]

Driver::
ethwagkg
oornafgazewr
bizkcsit
boirhhia
cdkbkjvx
cjmwbvgp
dcuuhsxp
dkkpgtbm
dqethnye
ewdmaudn
expjroxc
fwsrwofh
ggxzqvkq
gpjcqavl
hgtzjfne
hjbjwmso
hppjwiiu
irnxyhvz
iwmujwol
jvicthai
jxwniott
kbyflrta
kdtgkioz
nghrbhsq
nipqnzwp
oiodmuye
ojxrnytc
osjneqjp
rjncqemj
tiejgddh
tunvwvpx
twjjsyok
txfxulib
uulxgqxu
uwludhgp
vblbxxgk
vznbvkod
wtxrjyfu
xftehils
yyhxtnod
zmsozdnc
zvoxtbcn


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt which I will require together with a new HijackThis log in your next reply.
  • 0

#5
Casper_aa
Posted 07 February 2009 - 04:08 PM

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I did exactly what you said but it starts up and the green bar fills but then closes and nothing else happens and im unable to find any log file. Also at this point i can barely even right click anything without waiting forever for something to load ugh...
  • 0

#6
emeraldnzl
Posted 07 February 2009 - 04:36 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Your machine is terribly infected. I am amazed you were able to do anything at all on it.

There can be no guarantees we will get it back to normal but we will do our best.

Lets see if you can run this one.

Please read this post completely, it may make it easier if you copy and paste this post to a new text document or print it for reference later. This will especially help you when your computer is off line.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum.

edited to add frontis piece

Edited by emeraldnzl, 07 February 2009 - 04:45 PM.

  • 0

#7
Casper_aa
Posted 08 February 2009 - 05:43 AM

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Ok i did most of that up until it was supposed to prompt me to reboot, but instead it just closed down after a while (was doing something though cause txt files were being made). While it was running registry errors kept coming up, im not sure if it was supposed to do that but im thinking it might because i did not recognize them and they seemed malicious (SteelWerx for example).

I think what i should do is just get a backup copy of any files i want to keep and put them on my flash drive or external harddrive and call it quits. Im not too bothered about losing this machine as i have always hated it. :)

But if theres anything else i can do i might as well give it a try.
  • 0

#8
emeraldnzl
Posted 08 February 2009 - 01:43 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
SteelWerx is part of one of the tools we use. I wonder if your security programs were not turned off.

I think what i should do is just get a backup copy of any files i want to keep and put them on my flash drive or external harddrive and call it quits. Im not too bothered about losing this machine as i have always hated it. tongue.gif


Well your machine is very badly infected but there are things we can do. I think probably some of your system files are corrupted too as a result of the infection.

This one might be a good one to try at this point.

It is a pretty big download at 28mb's but is very useful at detecting\cleaning rootkits or whatever it finds.

Please click here to download AVP Tool by Kaspersky.
  • Save it to your desktop.
  • Reboot your computer into SafeMode.

    You can do this by restarting your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter    .

  • Double click the setup file to run it.
  • Click Next to continue.
  • It will by default install it to your desktop folder.Click Next.
  • Hit ok at the prompt for scanning in Safe Mode.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • System Memory
  • Startup Objects
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)


After that click on Security level then choose Customize then click on the tab that says Heuristic Analyzer then choose Enable Deep rootkit search then choose ok.
Then choose OK again then you are back to the main screen.

  • Then click on Scan at the to right hand Corner.
  • It will automatically Neutralize any objects found.
  • If some objects are left un-neutralized then click the button that says Neutralize all
  • If it says it cannot be Neutralized then chooose The delete option when prompted.
  • After that is done click on the reports button at the bottom and save it to file, name it Kas.
  • Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

    Note: This tool will self uninstall when you close it so please save the log before closing it.


  • 0

#9
Casper_aa
Posted 08 February 2009 - 04:13 PM

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Would it be alright to leave this running overnight? It's getting late here and i didnt realise the scan would take this long heh...

Been scanning for 25mins at 1% and it has already found and neutralized over 200 infections, crazy!
  • 0

#10
emeraldnzl
Posted 08 February 2009 - 07:13 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Yep, I had one that went for 36 hrs last week.

200 infections. Hmm...that's a lot.

I wonder whether we might not be facing a very nasty infection here. :)

There are a couple around at the moment that are especially bad and one that is impossible to remove. Only a reformat will fix that one.

Be interesting to see.

Look forward to your scan results. :)
  • 0

#11
Casper_aa
Posted 09 February 2009 - 01:37 PM

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
200's nothing, compared to 11343!!! :)

I have never seen a txt file so big before, i think the detections alone are bigger than the internet! :)

Infact it's so big i cant post it all so i had to delete a lot of them from this post, most of them similar as you will be able to see.

Detected
--------
Status Object
------ ------
will be deleted when the computer is restarted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\system32\svchost.exe
will be deleted when the computer is restarted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Explorer.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\mshta.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\notepad.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\regedit.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\creative\mediasource\ctcms.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\accwiz.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\windows media player\wmplayer.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\rundll32.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\outlook express\wab.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\hh.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\clipbrd.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\notepad.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\fontview.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\winhlp32.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\winhlp32.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\windows nt\hypertrm.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\internet explorer\iexplore.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\wscript.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\mmc.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\cyberlink\power2go\power2go.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\perfmon.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\cyberlink\powerdvd\powerdvd.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\cyberlink\powerproducer\producer.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\windows nt\accessories\wordpad.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\cyberlink\common\updateipr.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\wpnpinst.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\creative\zencast organizer\ctzencu.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\drwtsn32.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\soundman.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\carpserv.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\usb product driver v2.33r005\shwicon.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\quicktime\qttask.exe
deleted: Trojan program Rootkit.Win32.Small.sy File: c:\windows\system32\autochk.dll
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\alg.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\microsoft.net\framework\v1.1.4322\aspnet_state.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\ati2sgag.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\bonjour\mdnsresponder.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\cisvc.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\clipsrv.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\dllhost.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\ctsvccda.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\dmadmin.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\common files\epson\ebapi\sagent2.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\imapi.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\mnmsrvc.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\common files\sony shared\avlib\mscsptisrv.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\msdtc.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\msiexec.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\netdde.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\nvsvc32.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\common files\sony shared\avlib\pacsptisvr.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\sessmgr.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\locator.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\rsvp.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\scardsvr.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\spoolsv.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\smlogsvc.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\ups.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\vssvc.exe
deleted: new threat Type_Win32 (modification) File: c:\windows\system32\mspmspsv.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\wbem\wmiapsrv.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\ati2evxx.exe
deleted: Trojan program Rootkit.Win32.Pakes.gb File: c:\windows\system32\drivers\kbyflrta.sys
deleted: virus Virus.Win32.Virut.ce File: c:\program files\windows media player\wmpnetwk.exe
deleted: Trojan program Rootkit.Win32.Pakes.gb File: c:\windows\system32\drivers\yyhxtnod.sys
deleted: virus Virus.Win32.Virut.ce File: c:\windows\inf\unregmp2.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\ie4uinit.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\shmgrate.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\regsvr32.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\outlook express\setup50.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\progman.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\logon.scr
deleted: virus Virus.Win32.Virut.ce File: c:\program files\creative\mediasource\wizard\audiocvt\audiocvt.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\msn gaming zone\windows\bckgzm.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\msn gaming zone\windows\chkrzm.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\netmeeting\conf.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\creative\mediasource\audio device selection\ctaudsel.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\creative\mediasource\wizard\audiosyn\ctaudsyn.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\creative\cd ripping wizard\ctcdrip.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\creative\mediasource5\ctcmsu.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\creative\video converter\ctconvu.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\creative\splash screen\cteaxspl.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\creative\mediasource\wizard\importplaylist\cteplimp.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\creative\mediasource\wizard\import\ctimport.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\creative\nomad jukebox zen (usb2.0)\playcenter2\ctplay2.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\creative\mediasource\wizard\quickstart\ctqswiz.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\creative\shared files\ctregsvr.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\creative\cd ripping wizard unicode 2\ctripu2.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\creative\support\system information\ctsi.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\creative\shared files\ctsuapp.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\windows nt\dialer.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\dxdiag.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\macromedia\extension manager\extension manager.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\pchealth\helpctr\binaries\helpctr.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\trend micro\hijackthis\hijackthis.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\msn gaming zone\windows\hrtzzm.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\internet explorer\connection wizard\icwconn1.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\internet explorer\connection wizard\icwconn2.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\internet explorer\connection wizard\isignup.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\javasoft\jre\1.3.1_04\bin\javaw.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\malwarebytes' anti-malware\mbam.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\usmt\migwiz.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\movie maker\moviemk.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\windows media player\mplayer2.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\pchealth\helpctr\binaries\msconfig.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\outlook express\msimn.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\common files\microsoft shared\msinfo\msinfo32.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\messenger\msmsgs.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\creative\shared files\media sniffer\mtdacq.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\common files\sony shared\openmg\omgstartup.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\mspaint.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\windows nt\pinball\pinball.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\cyberlink\power2go\power2goexpress.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\common files\real\update_ob\rnxproc.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\msn gaming zone\windows\rvsezm.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\msn gaming zone\windows\shvlzm.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\creative\shared files\media sniffer\startms.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\common files\sony shared\stopmusicserver\stopmusicserver.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\outlook express\wabmig.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\winrar\winrar.exe
deleted: virus Virus.Win32.Virut.ce File: c:\program files\winzip\winzip32.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\ntsd.exe
deleted: virus Virus.Win32.Virut.ce File: c:\windows\system32\spool\drivers\w32x86\3\e_srcv02.exe
deleted: Trojan program Rootkit.Win32.Small.sy File: C:\Documents and Settings\King Ally\Start Menu\Programs\Startup\ChkDisk.dll
deleted: virus Virus.Win32.Virut.ce File: c:\documents and settings\king ally\desktop\virus removal tool\is-pbhu6\startup.exe
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\1.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\spybotsd14.htm
deleted: virus Virus.Win32.Virut.ce File: C:\StubInstaller.exe
deleted: virus Virus.Win32.Virut.ce File: C:\32788R22FWJFW\swreg.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-11_xp32_dd_54435\Driver\AtiCimUn.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-11_xp32_dd_54435\Driver\DrvUI64A.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-11_xp32_dd_54435\Driver\issetup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-11_xp32_dd_54435\Driver\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-11_xp32_dd_54435\Driver\BIN\atiicdxx.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-11_xp32_dd_54435\Driver\BIN\EnumDev.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-11_xp32_dd_54435\Driver\BIN\UpdatPnP.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-11_xp32_dd_54435\Driver\Driver\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-11_xp32_dd_54435\Driver\GARTnt\atiicdxx.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-12_xp32_dd_ccc_wdm_enu_55811\Driver\AtiCimUn.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-12_xp32_dd_ccc_wdm_enu_55811\Driver\CheckVer.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-12_xp32_dd_ccc_wdm_enu_55811\Driver\DrvUI64A.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-12_xp32_dd_ccc_wdm_enu_55811\Driver\issetup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-12_xp32_dd_ccc_wdm_enu_55811\Driver\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-12_xp32_dd_ccc_wdm_enu_55811\Driver\BIN\atiicdxx.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-12_xp32_dd_ccc_wdm_enu_55811\Driver\BIN\EnumDev.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-12_xp32_dd_ccc_wdm_enu_55811\Driver\BIN\UpdatPnP.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-12_xp32_dd_ccc_wdm_enu_55811\Driver\Driver\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-12_xp32_dd_ccc_wdm_enu_55811\Driver\SBDrv\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-12_xp32_dd_ccc_wdm_enu_55811\Driver\WDM_ALL\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-1_xp_dd_ccc_wdm_enu_40211\AtiCimUn.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-1_xp_dd_ccc_wdm_enu_40211\DrvUI64A.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-1_xp_dd_ccc_wdm_enu_40211\issetup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-1_xp_dd_ccc_wdm_enu_40211\makensisw.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-1_xp_dd_ccc_wdm_enu_40211\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-1_xp_dd_ccc_wdm_enu_40211\BIN\atiicdxx.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-1_xp_dd_ccc_wdm_enu_40211\BIN\EnumDev.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-1_xp_dd_ccc_wdm_enu_40211\BIN\UpdatPnP.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-1_xp_dd_ccc_wdm_enu_40211\Driver\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-1_xp_dd_ccc_wdm_enu_40211\WDM_ALL\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-2_xp_dd_ccc_wdm_enu_41238\AtiCimUn.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-2_xp_dd_ccc_wdm_enu_41238\CheckVer.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-2_xp_dd_ccc_wdm_enu_41238\DrvUI64A.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-2_xp_dd_ccc_wdm_enu_41238\issetup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-2_xp_dd_ccc_wdm_enu_41238\makensisw.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-2_xp_dd_ccc_wdm_enu_41238\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-2_xp_dd_ccc_wdm_enu_41238\BIN\atiicdxx.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-2_xp_dd_ccc_wdm_enu_41238\BIN\EnumDev.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-2_xp_dd_ccc_wdm_enu_41238\BIN\UpdatPnP.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-2_xp_dd_ccc_wdm_enu_41238\Driver\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-2_xp_dd_ccc_wdm_enu_41238\SBDrv\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-2_xp_dd_ccc_wdm_enu_41238\WDM_ALL\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-6_xp_dd_ccc_wdm_enu_48640\Driver\AtiCimUn.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-6_xp_dd_ccc_wdm_enu_48640\Driver\CheckVer.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-6_xp_dd_ccc_wdm_enu_48640\Driver\DrvUI64A.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-6_xp_dd_ccc_wdm_enu_48640\Driver\issetup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-6_xp_dd_ccc_wdm_enu_48640\Driver\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-6_xp_dd_ccc_wdm_enu_48640\Driver\BIN\atiicdxx.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-6_xp_dd_ccc_wdm_enu_48640\Driver\BIN\EnumDev.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-6_xp_dd_ccc_wdm_enu_48640\Driver\BIN\UpdatPnP.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-6_xp_dd_ccc_wdm_enu_48640\Driver\Driver\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-6_xp_dd_ccc_wdm_enu_48640\Driver\SBDrv\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\7-6_xp_dd_ccc_wdm_enu_48640\Driver\WDM_ALL\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-12_xp32_dd_72271\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-12_xp32_dd_ccc_wdm_enu_72271\Driver\CheckVer.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-12_xp32_dd_ccc_wdm_enu_72271\Driver\DrvUI64A.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-12_xp32_dd_ccc_wdm_enu_72271\Driver\issetup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-12_xp32_dd_ccc_wdm_enu_72271\Driver\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-12_xp32_dd_ccc_wdm_enu_72271\Driver\BIN\atiicdxx.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-12_xp32_dd_ccc_wdm_enu_72271\Driver\BIN\EnumDev.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-12_xp32_dd_ccc_wdm_enu_72271\Driver\BIN\UpdatPnP.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-12_xp32_dd_ccc_wdm_enu_72271\Driver\Driver\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-12_xp32_dd_ccc_wdm_enu_72271\Driver\WDM_ALL\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-1_xp32_dd_ccc_wdm_enu_57717\Driver\AtiCimUn.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-1_xp32_dd_ccc_wdm_enu_57717\Driver\CheckVer.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-1_xp32_dd_ccc_wdm_enu_57717\Driver\DrvUI64A.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-1_xp32_dd_ccc_wdm_enu_57717\Driver\issetup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-1_xp32_dd_ccc_wdm_enu_57717\Driver\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-1_xp32_dd_ccc_wdm_enu_57717\Driver\BIN\atiicdxx.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-1_xp32_dd_ccc_wdm_enu_57717\Driver\BIN\EnumDev.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-1_xp32_dd_ccc_wdm_enu_57717\Driver\BIN\UpdatPnP.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-1_xp32_dd_ccc_wdm_enu_57717\Driver\Driver\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-1_xp32_dd_ccc_wdm_enu_57717\Driver\GARTnt\atiicdxx.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-1_xp32_dd_ccc_wdm_enu_57717\Driver\GARTnt\setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-1_xp32_dd_ccc_wdm_enu_57717\Driver\SBDrv\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-1_xp32_dd_ccc_wdm_enu_57717\Driver\WDM_ALL\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-2_xp32_dd_ccc_wdm_enu_58128\Driver\AtiCimUn.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-2_xp32_dd_ccc_wdm_enu_58128\Driver\CheckVer.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-2_xp32_dd_ccc_wdm_enu_58128\Driver\DrvUI64A.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-2_xp32_dd_ccc_wdm_enu_58128\Driver\issetup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-2_xp32_dd_ccc_wdm_enu_58128\Driver\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-2_xp32_dd_ccc_wdm_enu_58128\Driver\BIN\atiicdxx.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-2_xp32_dd_ccc_wdm_enu_58128\Driver\BIN\EnumDev.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-2_xp32_dd_ccc_wdm_enu_58128\Driver\BIN\UpdatPnP.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-2_xp32_dd_ccc_wdm_enu_58128\Driver\Driver\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-2_xp32_dd_ccc_wdm_enu_58128\Driver\SBDrv\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ATI\SUPPORT\8-2_xp32_dd_ccc_wdm_enu_58128\Driver\WDM_ALL\Setup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\ComboFix\Attrib.cfexe
deleted: virus Virus.Win32.Virut.ce File: C:\ComboFix\FINDSTR.cfexe
deleted: virus Virus.Win32.Virut.ce File: C:\ComboFix\regt.cfexe
deleted: virus Virus.Win32.Virut.ce File: C:\ComboFix\SWREG.cfexe
deleted: virus Virus.Win32.Virut.ce File: C:\ComboFix\swreg.exe
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\addr_file.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Creative\ZENcast\Program Guide\ZenCastGuide.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Creative\ZENcast\Program Guide\ZenCastGuide2.html
deleted: virus Virus.Win32.Virut.ce File: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_0_227fab3\Setup.exe
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\CCS\program files\Kodak\Kodak EasyShare software\enu\ReadMeCamera.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\ESSini\program files\Kodak\Kodak EasyShare software\enu\ReadMe.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\essvatgt\program files\Kodak\Kodak EasyShare software\bin\data\vatgtmm\enu\page1.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\essvcpt\program files\Kodak\Kodak EasyShare software\bin\data\vcptmm\enu\page1.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\ESS\essvcpt\program files\Kodak\Kodak EasyShare software\bin\data\vcptmm\enu\page2.html
deleted: virus Virus.Win32.Virut.ce File: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\Ksu\KSUStop.exe
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\Ksu\program files\KODAK\KODAK Software Updater\7288971\Program\README\Updater_Readme_1033.HTM
deleted: virus Virus.Win32.Virut.ce File: C:\Documents and Settings\All Users\Application Data\Kodak\EasyShareSetup\What the...\finish.exe
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006D\autoscroll.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006D\documentflip.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006D\keystrokes.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006D\media.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006D\search.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006D\universalscroll.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Logitech\SetPoint\Devices\PointingDevice\100006D\volume.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Macromedia\Flash 8\en\Configuration\HelpPanel\Help\ExtendingFlash\00004947.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Macromedia\Flash 8\en\Configuration\HelpPanel\Help\ExtendingFlash\00004948.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Macromedia\Flash 8\en\Configuration\HelpPanel\Help\ExtendingFlash\00004949.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Macromedia\Flash 8\en\Configuration\HelpPanel\Help\ExtendingFlash\00004950.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Macromedia\Flash 8\en\Configuration\HelpPanel\Help\ExtendingFlash\00004951.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Macromedia\Flash 8\en\Configuration\HelpPanel\Help\ExtendingFlash\00004952.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Macromedia\Flash 8\en\Configuration\HelpPanel\Help\ExtendingFlash\00004953.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Macromedia\Flash 8\en\Configuration\HelpPanel\Help\UsingFlash\00000972.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Macromedia\Flash 8\en\Configuration\HelpPanel\Help\UsingFlash\00000973.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Macromedia\Flash 8\en\Configuration\HelpPanel\Help\UsingFlash\00000974.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Macromedia\Flash 8\en\Configuration\HelpPanel\Help\UsingFlash\00000975.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Macromedia\Flash 8\en\Configuration\HelpPanel\Help\UsingFlash\00000976.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Macromedia\Flash 8\en\Configuration\HelpPanel\Help\UsingFlash\00000977.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Macromedia\Flash 8\en\Configuration\HelpPanel\Help\UsingFlash\00000978.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Macromedia\Flash 8\en\Configuration\HelpPanel\Help\UsingFlash\00000979.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Macromedia\Flash 8\en\Configuration\HelpPanel\Help\UsingFlash\00000980.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Macromedia\Flash 8\en\Configuration\HelpPanel\Help\UsingFlash\00000981.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Macromedia\Flash 8\en\Configuration\HelpPanel\Help\UsingFlash\00000982.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Macromedia\Flash 8\en\Configuration\HelpPanel\Help\UsingFlash\00000983.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Macromedia\Flash 8\en\Configuration\HelpPanel\Help\UsingFlash\00000984.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Macromedia\Flash 8\en\Configuration\HelpPanel\Help\UsingFlash\00000985.html
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\Documents and Settings\All Users\Application Data\Macromedia\Flash 8\en\Configuration\HelpPanel\Help\UsingFlash\00000986.html

deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\I386\COMPDATA\OKIPG1.HTM
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\I386\COMPDATA\OKIPG2.HTM
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\I386\COMPDATA\OKIPG8W.HTM
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\I386\COMPDATA\OMC.HTM
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\I386\COMPDATA\OMNIPG10.HTM
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\I386\COMPDATA\ONSTREAM.HTM
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\I386\COMPDATA\ORB.HTM
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\I386\COMPDATA\XEROX4.HTM
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\I386\COMPDATA\XEROX5.HTM
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\I386\COMPDATA\XEROX6.HTM
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\I386\COMPDATA\XEROXWCT.HTM
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\I386\COMPDATA\XLINK.HTM
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\I386\COMPDATA\YACXG.HTM
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\I386\COMPDATA\YMHSYNTH.HTM
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\I386\COMPDATA\ZIPMAGIC.HTM
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\Installer\$PatchCache$\Managed\9040211900063D11C8EF10054038389C\11.0.5614\INTLBAND.HTM_0001
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Installer\{2BD5C305-1B27-4D41-B690-7A61172D2FEB}\ARPPRODUCTICONFL8.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Installer\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}\icon.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Installer\{59C4F14F-7590-45FC-BE9F-A67AB3590709}\NewShortcut4_8C3BCD70236347B8A53EEE8A82FD5C78.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Installer\{8BF2C401-02CE-424D-BC26-6C4F9FB446B6}\ARPPRODUCTICONFLV1.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Installer\{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}\EasyShareStartMenu.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Installer\{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}\EasyShareStartupShortcut.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Installer\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}\icon.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Installer\{FCDB1C92-03C6-4C76-8625-371224256091}\NewShortcut2.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Installer\{FCDB1C92-03C6-4C76-8625-371224256091}\PdockShortcut4.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Installer\{FCDB1C92-03C6-4C76-8625-371224256091}\PdockShortcut5.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CONFIG\DefaultWsdlHelpGenerator.aspx
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\jsc.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\ASP.NETWebAdminFiles\error.aspx
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CONFIG\DefaultWsdlHelpGenerator.aspx
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\msagent\agentsvr.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\PCHealth\HelpCtr\Binaries\helpsvc.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\PCHealth\HelpCtr\Binaries\hscupd.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\PCHealth\HelpCtr\Binaries\notiflag.exe
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\System\blurbs\searchtips.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\AboutCompat.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\CompatMode.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\CompatOffline.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\LearnCompat.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\System\ErrMsg\ErrorMessagesOffline.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\System\errors\connection.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\dglogshelp.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\ConnIssue.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\System\Remote deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\RAChatServer.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\RAServer.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\RAServerToolBar.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\SettingServer.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\TakeControlMsgs.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\RSoP.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysComponentInfo.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\learnWU.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\updatecenter.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Connection.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\OfflineDC.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\pss_getting_worldwide_help.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\confirm.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\rcstatus.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\ConnIssue.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\LearnInternet.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\RAHelp.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\RCMoreInfo.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcConnection.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen2.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\escalationhelp.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcDetails.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcInviteStatus.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen4.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen5.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen7.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen8.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen9.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\ShieldsUpMsg.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Unsolicited\UnSolicitedRCUI.htm
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\PCHealth\UploadLB\Binaries\uploadm.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\setup_wm.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\setup_wm.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dplaysvr.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdiag.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\RegisteredPackages\{44BBA855-CC51-11CF-AAFA-00AA00B6015C}\dxdllreg.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\migrate.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\unregmp2.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmplayer.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\migrate.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\unregmp2.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmpenc.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\Resources\ScreenSavers\Cyclone.scr
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\ServicePackFiles\i386\iexpress.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\ServicePackFiles\i386\imapi.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\ServicePackFiles\i386\ipconfig.exe
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\ServicePackFiles\i386\ipp_0001.asp
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\ServicePackFiles\i386\ipp_0002.asp
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\ServicePackFiles\i386\ipp_0005.asp
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\ServicePackFiles\i386\ipp_0006.asp
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\ServicePackFiles\i386\ipp_0007.asp
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\ServicePackFiles\i386\ipp_0010.asp
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\ServicePackFiles\i386\ipp_0013.asp
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\ServicePackFiles\i386\ipp_0014.asp
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\ServicePackFiles\i386\ipv6.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\ServicePackFiles\i386\msmsgs.exe
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\ServicePackFiles\i386\msobshel.htm
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\ServicePackFiles\i386\mspaint.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\ServicePackFiles\i386\mstinit.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\ServicePackFiles\i386\mstsc.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\ServicePackFiles\i386\muisetup.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\ServicePackFiles\i386\narrator.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\ServicePackFiles\i386\nddeapir.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\ServicePackFiles\i386\net.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\ServicePackFiles\i386\lang\tintsetp.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SoftwareDistribution\Download\9093e8d3e790b5dec631e4416d3eb283\spuninst.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SoftwareDistribution\Download\9093e8d3e790b5dec631e4416d3eb283\update\update.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\accwiz.exe
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\actconn.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\actdone.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\acterror.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\activate.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\activerr.htm
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\actmovie.exe
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\actshell.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\act_plcy.htm
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\admin.exe
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\adrdyreg.htm
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agentsvr.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ahui.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\alg.exe
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\apolicy.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\aprvcyms.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\areg1.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\aregdial.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\aregdone.htm
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\at.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atmadm.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\attrib.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\auditusr.exe
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\badeula.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\badpkey.htm
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\blastcln.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cacls.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cmmon32.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cmstp.exe
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cnncterr.htm
deleted: Trojan program Trojan-Clicker.HTML.IFrame.acy File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\compname.htm
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\comrepl.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\comrereg.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\dfrgfat.exe
deleted: virus Virus.Win32.Virut.ce File: C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\dfrgntfs.exe
deleted: virus Virus.Win32.Virut.ce File
  • 0

#12
emeraldnzl
Posted 09 February 2009 - 03:00 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Casper_aa,

Unfortunately Casper_aa I am the bringer of bad news. :)

I am sorry to have to tell you that your machine has the Virut.ce infection.

It infects all the exe files. :)

The only way to deal with that is to wipe your computer and start again. It means a complete re-format I am afraid.
  • 0

#13
Casper_aa
Posted 10 February 2009 - 03:11 AM

Casper_aa

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
I dont think i can reformat as i no longer have the XP OS instalation disc.

As i said earlier though, i was never a fan of this machine so im quite happy to get a new one.

You have been magnificent help though, very much appreciated. :)

I was wondering if you had any recommendations on any antivirus and firewall software? On this machine i had been using AVG antivirus and Windows firewall a long with Spybot, which i used for the occasional scan.
  • 0

#14
emeraldnzl
Posted 10 February 2009 - 12:40 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

As i said earlier though, i was never a fan of this machine so im quite happy to get a new one.


I am very sorry we couldn't give you better news.

Here are my thoughts on anti-virus programs for what they are worth.

Most of the well known anti-virus products are good. Some perform better in some aspects than others but if you were to look at the overall picture they are mostly good.

Sometimes one will be on top of the pops one month and another on another month. Of course there are some rogue programs out there too that you must steer clear of because they bring infection with them.

Some of the free ones are good but you do not get the full service. The sound "pay for products" out there have packages which include anti-spyware, firewalls and adware blocking so you get the whole lot in one go.

This link will take you to an independant site showing comparatives for Anti-virus products. Look at comparatives with caution because one month a program may do well and in another not so well.

http://www.av-comparatives.org/

All of the ones shown there are good products. Sometimes it comes down to your personal taste. In other words you like a particular product because to you it is user friendly or looks good.

Ones I personally like at the moment are Avast, Avira and Kaspersky but that is only a personal preference and my preferences do change as products undergo improvement.

Of the free ones I recommend Avast, Avira and AVG. All are good.

Here are three good antivirus (these are free for personal use):
  • It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

    Here are two good firewalls free for personal use:
  • Comodo Note:Comodo Firewall is no longer available as a stand-alone download and you should choose firewall only during installation.
  • PC Tools Firewall Plus
regards
emeraldnzl
  • 0

#15
emeraldnzl
Posted 15 February 2009 - 09:05 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP