Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

X popping up in taskbar warning about infection [RESOLVED]

Started by darkshadow1227 , May 22 2006 03:58 PM

  • This topic is locked This topic is locked

#16
darkshadow1227
Posted 16 June 2006 - 09:52 AM

darkshadow1227

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:50:45 AM, on 6/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,mfuxady.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [anti-malware] C:\Program Files\ewido anti-malware\SecuritySuite.exe
O4 - HKCU\..\Run: [guard] C:\Program Files\ewido anti-malware\ewidoguard.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Save Flash In This Page - C:\DOCUME~1\MYCHIH~1\MYDOCU~1\FLASHS~1.0\save.htm
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\DOCUME~1\MYCHIH~1\MYDOCU~1\FLASHS~1.0\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\DOCUME~1\MYCHIH~1\MYDOCU~1\FLASHS~1.0\save.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin6.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1147050385312
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7501E02-4246-480C-AD14-99811D8ADE56}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

Advertisements

#17
Jayzeee
Posted 17 June 2006 - 01:56 AM

Jayzeee

    Member 1K

  • Member
  • PipPipPipPip
  • 1,238 posts
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe,mfuxady.exe

Now close all windows other than HiJackThis, then click Fix Checked.

Close HijackThis, and reboot your machine.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report and a new HijackThis log

  • 0

#18
darkshadow1227
Posted 22 June 2006 - 02:29 PM

darkshadow1227

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hey Jayzeee, I'm having some trouble with the Panda Active Scan. I click the scan now button, it shows a bar with how many percent is done, which sometimes goes up tp 50%, but then it stops and loads an error saying that it could not scan because the ActiveX control was not installed, which I did hit the button to install it. What should I do?
  • 0

#19
Jayzeee
Posted 23 June 2006 - 05:41 PM

Jayzeee

    Member 1K

  • Member
  • PipPipPipPip
  • 1,238 posts
Okay, please try the online scan with the Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Post back with the Kaspersky log, and a new HijackThis log.

Also let me know how you are running?
  • 0

#20
darkshadow1227
Posted 24 June 2006 - 01:56 PM

darkshadow1227

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Hi Jayzeee! Everything has been running much more smoothly. No adware popping up, and no more X in the corner thing. Hopefuly any or most malware has been removed from my computer, which I'm satisfied with. Thank you so much for the help! I'm not sure if everything is removed, so I will post the logs, so if there is anything really serious still lurking around, I can remove it.





Logfile of HijackThis v1.99.1
Scan saved at 3:52:47 PM, on 6/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\AIM\aim_c002.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {cf1cba5e-ea4e-4cf0-89b0-75c44f1ed50c} - C:\WINDOWS\system32\mlltup.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [anti-malware] C:\Program Files\ewido anti-malware\SecuritySuite.exe
O4 - HKCU\..\Run: [guard] C:\Program Files\ewido anti-malware\ewidoguard.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Save Flash In This Page - C:\DOCUME~1\MYCHIH~1\MYDOCU~1\FLASHS~1.0\save.htm
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\DOCUME~1\MYCHIH~1\MYDOCU~1\FLASHS~1.0\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\DOCUME~1\MYCHIH~1\MYDOCU~1\FLASHS~1.0\save.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim_c002.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1147050385312
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7501E02-4246-480C-AD14-99811D8ADE56}: NameServer = 205.188.146.145
O20 - AppInit_DLLs: c:\windows\system32\mllkkij.dll
O20 - Winlogon Notify: mlltup - C:\WINDOWS\SYSTEM32\mlltup.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe











-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, June 24, 2006 3:51:01 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 24/06/2006
Kaspersky Anti-Virus database records: 202480
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 72958
Number of viruses found: 66
Number of infected objects: 332
Number of suspicious objects: 2
Duration of the scan process: 01:04:47

Infected Object Name / Virus Name / Last Action
C:\!KillBox\comdio.exe Infected: Trojan-Spy.Win32.VB.eh skipped
C:\!KillBox\inicfg32.dll Infected: not-a-virus:AdWare.Win32.E2Give.e skipped
C:\!KillBox\nsc10.dll Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\!KillBox\pop06ap2.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.l skipped
C:\!KillBox\webHancer\Programs\webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\Avenger\cknup.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Avenger\mfuxady.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC23.zip/qvxgamet4.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC23.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Mychi Hoang\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5f22f99-1310037a.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Mychi Hoang\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5f22f99-1310037a.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Mychi Hoang\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-5f22f99-1310037a.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Mychi Hoang\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-1ab62644-6853d755.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\Mychi Hoang\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-1ab62644-6853d755.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Mychi Hoang\Incomplete\T-245841-_working_ machiavelli vs. castiglione.zip/YSB_toolBar.exe/stream Infected: Trojan-Downloader.Win32.IstBar.no skipped
C:\Documents and Settings\Mychi Hoang\Incomplete\T-245841-_working_ machiavelli vs. castiglione.zip/YSB_toolBar.exe Infected: Trojan-Downloader.Win32.IstBar.no skipped
C:\Documents and Settings\Mychi Hoang\Incomplete\T-245841-_working_ machiavelli vs. castiglione.zip ZIP: infected - 2 skipped
C:\Program Files\AIM\UninstallMM.exe/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Program Files\AIM\UninstallMM.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP419\A0106417.exe Infected: Trojan-Downloader.Win32.Delf.ang skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP420\A0107485.dll Infected: not-a-virus:AdWare.Win32.BHO.ah skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP420\A0107495.dll Infected: Trojan-Spy.Win32.Goldun.jt skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP420\A0107533.dll Infected: not-a-virus:AdWare.Win32.BHO.ah skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP420\A0107535.exe Infected: not-a-virus:AdWare.Win32.BHO.ah skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP420\A0107536.exe/EXE-file Infected: not-a-virus:AdWare.Win32.BHO.ah skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP420\A0107536.exe Embedded EXE: infected - 1 skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP420\A0107536.exe PECompact: infected - 1 skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP420\A0107536.exe PecBundle: infected - 1 skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP420\A0107536.exe PE_Patch.PECompact: infected - 1 skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP420\A0107537.exe Infected: Trojan-Downloader.Win32.Small.cul skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP420\A0107538.exe Infected: Trojan-Dropper.Win32.Agent.ako skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP420\A0107539.exe Infected: Trojan-Proxy.Win32.Agent.jw skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP420\A0107540.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP420\A0107541.exe Infected: Packed.Win32.Tibs skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP420\A0107542.exe Infected: Packed.Win32.Tibs skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP420\A0107543.exe Infected: Packed.Win32.Tibs skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP420\A0107544.exe Infected: Packed.Win32.Tibs skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP420\A0107545.sys Infected: Trojan-Spy.Win32.Goldun.jy skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107619.dll Infected: not-virus:Hoax.Win32.Renos.dh skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107620.dll Infected: not-virus:Hoax.Win32.Renos.dd skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107621.exe Infected: Trojan-Downloader.Win32.Zlob.pn skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107628.exe Infected: Trojan-Proxy.Win32.Wopla.r skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107629.dll Infected: Backdoor.Win32.Agent.uu skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107630.exe Infected: Packed.Win32.Tibs skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107631.exe Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107632.exe Infected: Packed.Win32.Tibs skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107633.exe Infected: Packed.Win32.Tibs skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107634.exe Infected: Trojan.Win32.Agent.nl skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107635.exe Infected: Net-Worm.Win32.Bobic.am skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107636.exe Infected: Trojan-Proxy.Win32.Wopla.r skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107637.dll Infected: Packed.Win32.Tibs skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107638.dll Infected: Trojan-Proxy.Win32.Wopla.s skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107639.exe Infected: Backdoor.Win32.Rbot.aeu skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107640.sys Infected: Trojan-Downloader.Win32.Hanlo.r skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107641.exe Infected: Trojan.Win32.Dialer.ay skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107642.exe Infected: Net-Worm.Win32.Bobic.am skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107643.exe Infected: Trojan-Downloader.Win32.Small.cul skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107644.exe Infected: SpamTool.Win32.Agent.h skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107645.exe Infected: Packed.Win32.Tibs skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107646.dll Infected: Trojan-Downloader.Win32.Agent.afl skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107647.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107648.exe Infected: Trojan-Spy.Win32.Goldun.jy skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107649.exe Infected: Packed.Win32.Tibs skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP421\A0107651.dll Infected: Trojan.Win32.Agent.qt skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0108807.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0108809.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0108846.exe Infected: Trojan-Downloader.Win32.Zlob.qg skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0109803.dll Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0112143.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0112144.exe Infected: Trojan-Downloader.Win32.Dyfuca.ey skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0112149.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0112150.exe Infected: not-a-virus:AdWare.Win32.NetNucleus skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0112151.exe Infected: Trojan-Downloader.Win32.Dyfuca.ey skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0112152.dll Infected: not-a-virus:AdWare.Win32.Mirar.a skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0112153.exe/data.rar/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0112153.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0112153.exe/data.rar/WhSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0112153.exe/data.rar/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0112153.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0112153.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0112153.exe RarSFX: infected - 6 skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0112154.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0112156.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0112157.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0112160.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0112162.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0112164.dll Infected: not-a-virus:AdWare.Win32.Mirar.b skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0112166.dll Infected: not-a-virus:AdWare.Win32.Mirar.e skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0112192.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0112193.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0112194.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP425\A0112195.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP426\A0112249.dll Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP426\A0112252.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.l skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP426\A0112253.exe Infected: Trojan-Spy.Win32.VB.eh skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP435\A0112649.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP435\A0112650.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP435\A0112651.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP435\A0112652.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP435\A0112658.exe Infected: Trojan-Downloader.Win32.Zlob.pw skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP435\A0112660.tlb Infected: Trojan-Downloader.Win32.Zlob.qi skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP435\A0112687.tlb Infected: Trojan-Downloader.Win32.Zlob.qi skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP436\A0112744.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP436\A0112748.tlb Infected: Trojan-Downloader.Win32.Zlob.qi skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP436\A0112749.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP436\A0112759.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP436\A0112810.tlb Infected: Trojan-Downloader.Win32.Zlob.qi skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP438\A0113810.exe Infected: Trojan-Downloader.Win32.Zlob.qi skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP448\A0118558.dll Infected: not-a-virus:AdWare.Win32.E2Give.d skipped
C:\System Volume Information\_restore{1C83D26D-BBBD-43D0-8754-E07CF513167A}\RP448\A0118564.dll Infected: not-a-virus:AdWare.Win32.E2Give.e skipped
C:\WINDOWS\chadch.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\WINDOWS\chadch.exe/stream Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\WINDOWS\chadch.exe NSIS: infected - 2 skipped
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\gdnUS2339.exe Infected: Trojan-Downloader.Win32.Small.cxg skipped
C:\WINDOWS\file1.exe Infected: Trojan-Proxy.Win32.Xorpix.v skipped
C:\WINDOWS\pi1_36.exe Infected: Trojan-Downloader.Win32.Small.cqy skipped
C:\WINDOWS\system\DRIVER\csrss.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.gen skipped
C:\WINDOWS\system\DRIVER\ntauth.dll Infected: Backdoor.IRC.Zapchast skipped
C:\WINDOWS\system\DRIVER\services.exe Infected: Backdoor.Win32.Iroffer.14b2 skipped
C:\WINDOWS\system\DRIVER\setup.bat Infected: Trojan.BAT.Zapchast skipped
C:\WINDOWS\system32\1024\ld107.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld1071.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld1278.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld1336.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld13CC.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld14BE.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld1554.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld15CC.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld1860.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld1900.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld1978.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld19BF.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld19D.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld1A0F.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld1AA5.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld1E29.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld1E5C.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld1E98.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld1EAB.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld1EDE.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld1EE7.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld2444.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld2461.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld24ED.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld24EE.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld2579.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld258E.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld299F.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld29EF.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld2A16.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld2A85.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld2AB7.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld2B43.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld2F9A.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld3012.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld306C.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld313F.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld31B7.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld31E9.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld3545.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld35A9.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld3636.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld3745.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld378B.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld37C7.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld3B55.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld3B9B.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld3C27.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld3DB9.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld3E09.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld3E45.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld4092.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld4129.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld41AB.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld4441.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld4491.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld44CD.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld4897.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld4923.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld495F.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld4A64.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld4AAA.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld4B04.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld4D8E.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld4E1A.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld4E6E.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld4EA6.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld51E6.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld51FE.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld52.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld5237.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld5273.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld5276.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld5311.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld5358.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld5394.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld58BD.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld58FA.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld593F.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld5941.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld597D.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld5A39.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld5E54.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld5EB9.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld5F9F.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld5FC8.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld6037.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld6113.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld63B0.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld6478.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld650E.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld67F5.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld6831.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld68C.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld68D1.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld6DE5.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld6E2B.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld6F2F.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld6F9F.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld6FD.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld6FEF.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld702B.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld722.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld74A9.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld74C8.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld752B.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld7541.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld757D.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld75C1.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld75E.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld775.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld7979.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld79CA.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld7A22.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld7A7E.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld7A91.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld7B13.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld7EB7.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld7F2F.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld7FB1.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld8044.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld80EE.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld83FC.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld85C.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld880C.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld88CB.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld8907.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld8DE.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld91F.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld946B.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld953E.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld95CA.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld9606.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld96D8.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ld9DD.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldA1A.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldA643.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldA6C5.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldA70B.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldA747.tmp Infected: not-virus:Hoax.Win32.Renos.cw skipped
C:\WINDOWS\system32\1024\ldAB4E.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldABE4.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldAC85.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldAF41.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldAF91.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldB045.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldB063.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldB09F.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldB0B3.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldB12C.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldB47.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldB5DD.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldB637.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldB6D7.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldB8D.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldBB2E.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldBBA6.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldBC33.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldBCA.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldC039.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldC0C6.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldC13E.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldC6B7.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldC711.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldC78A.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldCE6C.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldCEE4.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldCF66.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldD424.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldD460.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldD5C6.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldD5E6.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldD648.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldD69B.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldD6D4.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldDD7A.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldDDFC.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldDE9C.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldE203.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldE249.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldE27B.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldE651.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldE755.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldE7D7.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldECDC.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldEDFF.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldEE95.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldEEF5.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldEFB4.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldF044.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldF054.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldF58.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldF7C2.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldF844.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldF89E.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\1024\ldFDA.tmp Infected: Trojan-Downloader.Win32.Zlob.gen skipped
C:\WINDOWS\system32\byxxuvt.dll Infected: Trojan-Downloader.Win32.Agent.anm skipped
C:\WINDOWS\system32\comdlg64.dll Infected: Rootkit.Win32.Agent.bk skipped
C:\WINDOWS\system32\dllcache\lock.exe Infected: Trojan-Downloader.Win32.Delf.ang skipped
C:\WINDOWS\system32\ipod.raw.exe Infected: Packed.Win32.Tibs skipped
C:\WINDOWS\system32\mllkkij.dll Infected: Trojan-Downloader.Win32.Agent.anm skipped
C:\WINDOWS\system32\mlltup.dll Infected: Trojan-Downloader.Win32.ConHook.aa skipped
C:\WINDOWS\system32\opnkl.exe Infected: Trojan-Dropper.Win32.Agent.amr skipped
C:\WINDOWS\system32\qxltb.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\WINDOWS\system32\simpole.tlb Infected: Trojan-Downloader.Win32.Zlob.qi skipped
C:\WINDOWS\system32\taskdir.exe Infected: Packed.Win32.Tibs skipped
C:\WINDOWS\system32\tuststr.dll Infected: Trojan-Downloader.Win32.Agent.anm skipped
C:\WINDOWS\system32\vxgame6.exe3072.exe Infected: Trojan-Downloader.Win32.Tiny.cl skipped
C:\WINDOWS\system32\winmuse.exe Infected: Trojan-Downloader.Win32.Delf.ang skipped
C:\WINDOWS\system32\xxywxvt.dll Infected: Trojan-Downloader.Win32.Agent.anm skipped
C:\WINDOWS\system32\yaywusq.dll Infected: Trojan-Downloader.Win32.Agent.anm skipped
C:\WINDOWS\tcontext.dll Infected: Trojan-Clicker.Win32.Agent.gd skipped
C:\WINDOWS\TDKT2891.exe Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\WINDOWS\unstall.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.o skipped

Scan process completed.
  • 0

#21
Jayzeee
Posted 27 June 2006 - 04:33 AM

Jayzeee

    Member 1K

  • Member
  • PipPipPipPip
  • 1,238 posts
There are a lot of leftover files shown in your kaspersky log.

Please go to start > Control Panel > Add/Remove Programs and unistall Ewido Anti-malware (A new version has just been realeased). Then reboot your PC.

Download ewido anti-spyware (4.0) from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess:
  • Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido and reboot your system back into Normal Mode and post the results of the ewido report scan.
Next, please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Close all other open windows and click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Close all other open windows and click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Close all other open windows and click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Post back with the Ewido log and a new HijackThis log
  • 0

#22
darkshadow1227
Posted 27 June 2006 - 07:56 PM

darkshadow1227

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Here's the Ewido and HijackThis log. Thanks for sticking with me and helping me through this!





---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:30:12 PM 6/27/2006

+ Scan result:



C:\!KillBox\irsmggzg.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\!KillBox\inicfg32.dll -> Adware.E2give : Cleaned with backup (quarantined).
C:\!KillBox\nsc10.dll -> Adware.Ezula : Cleaned with backup (quarantined).
C:\!KillBox\pop06ap2.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\unstall.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\WINDOWS\up9.exe -> Adware.MediaMotor : Cleaned with backup (quarantined).
C:\!KillBox\webHancer\Programs\webhdll.dll -> Adware.WebHancer : Cleaned with backup (quarantined).
C:\WINDOWS\system\DRIVER\services.exe -> Backdoor.Iroffer.14b2 : Cleaned with backup (quarantined).
C:\WINDOWS\system\DRIVER\ntauth.dll -> Backdoor.Zapchast : Cleaned with backup (quarantined).
C:\WINDOWS\system32\byxxuvt.dll -> Downloader.Agent.anm : Cleaned with backup (quarantined).
C:\WINDOWS\system32\tuststr.dll -> Downloader.Agent.anm : Cleaned with backup (quarantined).
C:\WINDOWS\system32\xxywxvt.dll -> Downloader.Agent.anm : Cleaned with backup (quarantined).
C:\WINDOWS\system32\yaywusq.dll -> Downloader.Agent.anm : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dllcache\lock.exe -> Downloader.Delf.ang : Cleaned with backup (quarantined).
C:\WINDOWS\system32\winmuse.exe -> Downloader.Delf.ang : Cleaned with backup (quarantined).
C:\Documents and Settings\Mychi Hoang\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-1ab62644-6853d755.zip/Matrix.class -> Downloader.OpenStream.c : Cleaned with backup (quarantined).
C:\Avenger\cknup.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\Avenger\mfuxady.exe -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qxltb.dat -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINDOWS\pi1_36.exe -> Downloader.Small.cqy : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vxgame6.exe3072.exe -> Downloader.Tiny.cl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\opnkl.exe -> Dropper.Agent.amr : Cleaned with backup (quarantined).
C:\!KillBox\comdio.exe -> Logger.VB.eh : Cleaned with backup (quarantined).
C:\Documents and Settings\Mychi Hoang\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-1ab62644-6853d755.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned with backup (quarantined).
C:\Documents and Settings\Mychi Hoang\Cookies\mychi [email protected][2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup (quarantined).
C:\Documents and Settings\Mychi Hoang\Cookies\mychi hoang@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Mychi Hoang\Cookies\mychi [email protected][2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\Mychi Hoang\Cookies\mychi hoang@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Mychi Hoang\Cookies\mychi [email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Mychi Hoang\Cookies\mychi [email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Mychi Hoang\Cookies\mychi [email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Mychi Hoang\Cookies\mychi hoang@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Mychi Hoang\Cookies\mychi [email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld107.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1071.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1278.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1336.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld13CC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld14BE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1554.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld15CC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1860.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1900.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1978.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld19BF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld19D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1A0F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1AA5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1E29.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1E5C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1E98.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1EAB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1EDE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld1EE7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2444.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2461.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld24ED.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld24EE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2579.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld258E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld299F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld29EF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2A16.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2A85.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2AB7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2B43.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld2F9A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld3012.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld306C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld313F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld31B7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld31E9.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld3545.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld35A9.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld3636.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld3745.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld378B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld37C7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld3B55.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld3B9B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld3C27.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld3DB9.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld3E09.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld3E45.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4092.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4129.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld41AB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4441.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4491.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld44CD.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4897.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4923.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld495F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4A64.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4AAA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4B04.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4D8E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4E1A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4E6E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld4EA6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld51E6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld51FE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld52.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5237.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5273.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5276.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5311.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5358.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5394.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld58BD.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld58FA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld593F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5941.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld597D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5A39.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5E54.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5EB9.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5F9F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld5FC8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6037.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6113.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld63B0.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6478.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld650E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld67F5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6831.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld68C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld68D1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6DE5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6E2B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6F2F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6F9F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6FD.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld6FEF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld702B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld722.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld74A9.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld74C8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld752B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7541.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld757D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld75C1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld75E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld775.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7979.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld79CA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7A22.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7A7E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7A91.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7B13.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7EB7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7F2F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld7FB1.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld8044.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld80EE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld83FC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld85C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld880C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld88CB.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld8907.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld8DE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld91F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld946B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld953E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld95CA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld9606.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld96D8.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ld9DD.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA1A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA643.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA6C5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA70B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldA747.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldAB4E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldABE4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldAC85.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldAF41.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldAF91.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB045.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB063.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB09F.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB0B3.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB12C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB47.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB5DD.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB637.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB6D7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldB8D.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldBB2E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldBBA6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldBC33.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldBCA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC039.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC0C6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC13E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC6B7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC711.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldC78A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldCE6C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldCEE4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldCF66.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldD424.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldD460.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldD5C6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldD5E6.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldD648.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldD69B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldD6D4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldDD7A.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldDDFC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldDE9C.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE203.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE249.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE27B.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE651.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE755.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldE7D7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldECDC.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldEDFF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldEE95.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldEEF5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldEFB4.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldF044.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldF054.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldF58.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldF7C2.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldF844.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldF89E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\1024\ldFDA.tmp -> Trojan.Small : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta\{f79fd28e-36ee-4989-aa61-9dd8e30a82fa} -> Trojan.Small : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\kernel32.dll -> Trojan.Small : Cleaned with backup (quarantined).
HKU\S-1-5-21-936469059-2576150063-676198886-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F79FD28E-36EE-4989-AA61-9DD8E30A82FA} -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system\DRIVER\setup.bat -> Trojan.Zapchast : Cleaned with backup (quarantined).


::Report end





-----------------------------------------------------------------------------------------------------------------------------





Logfile of HijackThis v1.99.1
Scan saved at 9:54:22 PM, on 6/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Sony\HotKey Utility\HKWnd.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.meloco.com/index.php?i=sm
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: (no name) - {cf1cba5e-ea4e-4cf0-89b0-75c44f1ed50c} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [VAIO Recovery] C:\WINDOWS\Sonysys\VAIO Recovery\PartSeal.exe
O4 - HKLM\..\Run: [SonyPowerCfg] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~2\Ad-Watch.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2006\MemOptimizer.exe" autostart
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Save Flash In This Page - C:\DOCUME~1\MYCHIH~1\MYDOCU~1\FLASHS~1.0\save.htm
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\DOCUME~1\MYCHIH~1\MYDOCU~1\FLASHS~1.0\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\DOCUME~1\MYCHIH~1\MYDOCU~1\FLASHS~1.0\save.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1147050385312
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://download.shoc...otoy/OTOYAX.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.web...otoUploader.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{C7501E02-4246-480C-AD14-99811D8ADE56}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: VAIO Entertainment Aggregation and Control Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzRs\VzRs.exe
O23 - Service: VAIO Entertainment File Import Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCdb\VzFw.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment\VCSW\VCSW.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  • 0

#23
Jayzeee
Posted 28 June 2006 - 08:40 AM

Jayzeee

    Member 1K

  • Member
  • PipPipPipPip
  • 1,238 posts
:whistling: Your log looks clean :blink:

Your system restore point is infected, please follow these instructions.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein
  • 0

#24
darkshadow1227
Posted 29 June 2006 - 12:47 PM

darkshadow1227

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Thank you so much! I greatly appreciate your help! I was reading through your list of tools and utilities, and saw that I should do my Windows Updates, as I haven't done them in a while. I clicked onto the site, clicked custom updates, and this error comes up. " Files required to use Microsoft Update are no longer registered or installed on your computer. " So then I click one of the two options, which was "Register or reinstall the files for me now (Recommended)" It downloads and it registers, and then it brings me back to the main page, asking custom or express. I click custom, and the same error message comes. What could be the problem?? :whistling:
  • 0

#25
Jayzeee
Posted 30 June 2006 - 04:16 PM

Jayzeee

    Member 1K

  • Member
  • PipPipPipPip
  • 1,238 posts
Okay try this:

Click Start > Run and type "regsvr32 MSXML3.dll" (without the quotes) and click Ok.

Reboot and try the update again.

Let me know of any problems.
  • 0

Advertisements

#26
darkshadow1227
Posted 30 June 2006 - 10:05 PM

darkshadow1227

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
Brilliant! It worked! I'm fully updated, and I hvae Ad-Aware, Ewido, Spyware Doctor, Spybot Search and Destroy, and CleanUp! I should be protected from the problems I had before. I'll be sure to take care of my laptop. Thank you so much for all the help you have given. You guys are so great! :whistling:
  • 0

#27
Jayzeee
Posted 01 July 2006 - 03:35 AM

Jayzeee

    Member 1K

  • Member
  • PipPipPipPip
  • 1,238 posts
Excellent, glad we could help :whistling:
  • 0

#28
therock247uk
Posted 01 July 2006 - 07:47 AM

therock247uk

    Expert

  • Expert
  • 14,672 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP