View Full Version : Can't Run Clean Disk hijackthis[inactive]
hateXlime
17 May 2006, 02:16pm
Please help me resolving this issue. when I login into my computer, I get all the pop-ups then the mouse pointer becomes very slow. I tried to do clean disk but nothing happens. I want to post hijackthis log which i have done it last year when i had problems with the other computer. Safemode didn't work either. sorry for making this too long, any kind of help or suggestions are greatly appreciated.
chiaz
18 May 2006, 01:11pm
Please download SilentRunners from here:
http://www.silentrunners.org/Silent%20Runners.zip
Unzip it to the desktop and double-click on it. If you get any kind of warning message about scripts, please choose to allow the script to run. When the scan is finished, a message will pop up and a logfile will have been created on the desktop. Please post the entire contents of this logfile for me to see.
hateXlime
19 May 2006, 07:16am
Thank you Chiawaikian. this way is much easier than hijackthis since my computer is hardly working.
here is the post anf thanks again:
"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" ["Yahoo! Inc."]
"Volume Controller" = "VolumeControl.exe" [null data]
"Register Manager" = "RegistryManage.exe" [null data]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"LDM" = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [file not found]
"vodko" = "C:\WINDOWS\system32\aarrnn.exe reg_run" [null data]
"SurfSideKick 3" = "C:\Program Files\SurfSideKick 3\Ssk.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]
"Winamp Player 6" = "WINAMP6.EXE" [null data]
"AOL 9.0 Optimized" = "AOLCLIENT.EXE" [null data]
"Volume Controller" = "VolumeControl.exe" [null data]
"Register Manager" = "RegistryManage.exe" [null data]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"WinampAgent" = "C:\Documents and Settings\Ewan\My Documents\Winamp\winampa.exe" [file not found]
"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"Winamp Sound System" = "winampcss.exe" [null data]
"YOP" = "C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart" ["Yahoo! Inc."]
"keyboard" = "C:\\keyboard20.exe" ["."]
"TheMonitor" = "C:\WINDOWS\SYSC00.exe" [null data]
"yrvjnl" = "C:\WINDOWS\System32\aarrnn.exe reg_run" [null data]
"w05ad610.dll" = "RUNDLL32.EXE w05ad610.dll,I2 000bccde005ad610" [MS]
"{09-96-61-1C-ZN}" = "C:\windows\system32\psdsregk.exe CORN004" [empty string]
"dsfzyc" = "C:\WINDOWS\system32\dsfzyc.exe" [empty string]
"pop06ap" = "C:\WINDOWS\pop06ap2.exe" [null data]
"sys02534028260-1" = "C:\WINDOWS\sys02534028260-1.exe" [null data]
"Configuration Manager" = "C:\WINDOWS\cfg32.exe" [empty string]
"ZPoint" = "C:\WINDOWS\System32\winmuse.exe" [null data]
"SurfSideKick 3" = "C:\Program Files\SurfSideKick 3\Ssk.exe" [null data]
"BrowserUpdateSched" = "C:\WINDOWS\system32\twintqaf.exe CORN004" [empty string]
"webHancer Agent" = "C:\Program Files\webHancer\Programs\whagent.exe" ["webHancer Corporation"]
"webHancer Survey Companion" = "C:\Program Files\webHancer\Programs\whsurvey.exe" ["webHancer Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
chiaz
19 May 2006, 08:00am
SurfSideKick is an adware component that downloads and displays advertisements. If you want to remove it:
Click Start > Control Panel.
In the Control Panel window, double-click Add or Remove Programs.
Click Surf Sidekick.
(Note: You may need to use the scroll bar to view the whole list.)
Click Add/Remove. Follow the prompts.
Then download, install, and update the free version of Ewido Anti-Malware (http://www.ewido.net/en/download/):
When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
From the main Ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes, the status bar at the bottom will display "Update successful"
Exit Ewido. DO NOT run a scan yet.
Now download Brute Force Uninstaller (http://www.merijn.org/files/bfu.zip) to your desktop.
Right click the BFU folder on your desktop, and choose Extract All
Click "Next"
In the box to choose where to extract the files to, click "Browse"
Click on the + sign next to "My Computer"
Click on "Local Disk (C:) or whatever your primary drive is
Click "Make New Folder"
Type in BFU
Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
RIGHT-CLICK HERE (http://metallica.geekstogo.com/alcanshorty.bfu) and choose "Save As" (in IE it's "Save Target As") in order to download Alcan worm remover.
Save it in the same folder you made earlier (c:\BFU).
Do not do anything with these yet!
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit Enter.
Once in Safe Mode, please go to Start > My Computer and navigate to the C:\BFU folder.
Start the Brute Force Uninstaller by doubleclicking BFU.exe
Next to the scriptline to execute field click the folder icon http://metallica.geekstogo.com/foldericon.png and select alcanshorty.bfu
Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
Open Ewido:
Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti-malware.
Reboot into normal Windows and post the contents of the Ewido text report that you saved and a new Silent Runners log.
chiaz
19 May 2006, 08:07am
Also, your log doesn't seem to be a complete one. Did something get cut off?
hateXlime
20 May 2006, 08:36am
Thanks again 4 the quick reply. Yes something cut off , alot of pop-ups.
here is the post:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 2:24:21 AM, 5/20/2006
+ Report-Checksum: CC6EBE6C
+ Scan result:
HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Adware.BookedSpace : Cleaned with backup
HKLM\SOFTWARE\Classes\Bho8.adlog -> Adware.Adlogix : Error during cleaning
HKLM\SOFTWARE\Classes\Bho8.adlog.1 -> Adware.Adlogix : Error during cleaning
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Adware.BookedSpace : Error during cleaning
HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 -> Adware.BookedSpace : Error during cleaning
HKLM\SOFTWARE\Classes\IeBHOs.Control -> Adware.E2G : Error during cleaning
HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Adware.E2G : Error during cleaning
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame -> Adware.IEPlugin : Error during cleaning
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame.1 -> Adware.IEPlugin : Error during cleaning
HKLM\SOFTWARE\Classes\IMIToolbar.imiTool -> Adware.IEPlugin : Error during cleaning
HKLM\SOFTWARE\Classes\IMIToolbar.imiTool.1 -> Adware.IEPlugin : Error during cleaning
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame -> Adware.IEPlugin : Error during cleaning
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame.1 -> Adware.IEPlugin : Error during cleaning
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser -> Adware.IEPlugin : Error during cleaning
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser.1 -> Adware.IEPlugin : Error during cleaning
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow -> Adware.IEPlugin : Error during cleaning
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow.1 -> Adware.IEPlugin : Error during cleaning
HKLM\SOFTWARE\Classes\KBBar.KBBarBand -> Adware.PowerStrip : Error during cleaning
HKLM\SOFTWARE\Classes\KBBar.KBBarBand.1 -> Adware.PowerStrip : Error during cleaning
HKLM\SOFTWARE\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup
HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup
HKU\S-1-5-21-1454471165-113007714-854245398-1005\Software\SurfSideKick3 -> Adware.SurfSide : Cleaned with backup
HKU\S-1-5-21-1454471165-113007714-854245398-1005\Software\SurfSideKick3\Internet Explorer -> Adware.SurfSide : Cleaned with backup
C:\503_617.exe -> Trojan.Small : Cleaned with backup
C:\bintheredunthat\LottoFun.exe -> Dropper.Agent.hl : Cleaned with backup
C:\bintheredunthat\shsagoq.exe -> Hijacker.VB.ij : Cleaned with backup
C:\bintheredunthat\w0111674.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\bintheredunthat\w05ad610.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\djiejrjk.exe/sc2.reg -> Trojan.LowZones.f : Error during cleaning
C:\djiorj.exe/sc2.reg -> Trojan.LowZones.f : Cleaned with backup
C:\dk0eokr.exe/sc2.reg -> Trojan.LowZones.f : Cleaned with backup
C:\dkeopke.exe/sc2.reg -> Trojan.LowZones.f : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@cartoonnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@chicagosuntimes.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@cz5.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@e-2dj6wfkiwjdjegp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@e-2dj6wfkoomazcho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@e-2dj6wgkosicjwdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@e-2dj6wgkyggc5klo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@e-2dj6wgkyopcjchp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@e-2dj6wjk4soazmgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@e-2dj6wjk4undjkdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@e-2dj6wjkoalcpebp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@e-2dj6wjliajdpibo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@e-2dj6wjlyqgc5wao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@e-2dj6wjnyshazwgq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@eztracks.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@maxim.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@meijer.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@prizeamerica.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@stats3.porntrack[1].txt -> TrackingCookie.Porntrack : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@stubhub.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@tribuneinteractive.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@vitacost.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Ewan\Cookies\ewan@ysbweb[2].txt -> TrackingCookie.Ysbweb : Cleaned with backup
C:\Documents and Settings\Ewan\Local Settings\Temp\Cookies\ewan@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Ewan\Local Settings\Temp\Cookies\ewan@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Ewan\Local Settings\Temp\Cookies\ewan@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Ewan\Local Settings\Temp\Cookies\ewan@banner.paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Ewan\Local Settings\Temp\Cookies\ewan@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Ewan\Local Settings\Temp\Cookies\ewan@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Ewan\Local Settings\Temp\Cookies\ewan@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Ewan\Local Settings\Temp\Cookies\ewan@freeringtonesnow.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Ewan\Local Settings\Temp\Cookies\ewan@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Ewan\Local Settings\Temp\Cookies\ewan@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Ewan\Local Settings\Temp\Cookies\ewan@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Ewan\Local Settings\Temp\Cookies\ewan@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ewan\Local Settings\Temp\Cookies\ewan@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Ewan\Local Settings\Temp\Cookies\ewan@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Ewan\Local Settings\Temp\Cookies\ewan@try.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Ewan\Local Settings\Temp\Cookies\ewan@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Ewan\Local Settings\Temp\Temporary Internet Files\Content.IE5\3P5FVE6Y\r3[1].exe/sc2.reg -> Trojan.LowZones.f : Cleaned with backup
C:\Documents and Settings\Ewan\Local Settings\Temporary Internet Files\Content.IE5\K5YRCPAN\ie0604[2].htm -> Not-A-Virus.Exploit.JS.CVE20061359.b : Cleaned with backup
C:\Documents and Settings\Ewan\msdirectx.sys -> Rootkit.Agent.l : Cleaned with backup
C:\Documents and Settings\Ewan\sc2.reg -> Trojan.LowZones.f : Cleaned with backup
C:\Documents and Settings\Izis\Desktop\sc2.reg -> Trojan.LowZones.f : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\010N83A070\2116.tmp -> Downloader.VB.ada : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\010N83A070\2124.tmp -> Downloader.Qoologic.at : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Cookies\izis@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Cookies\izis@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Cookies\izis@ads.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Cookies\izis@anat.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Cookies\izis@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Cookies\izis@banner.paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Cookies\izis@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Cookies\izis@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Cookies\izis@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Cookies\izis@epilot[1].txt -> TrackingCookie.Epilot : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Cookies\izis@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Cookies\izis@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Cookies\izis@lovefreegames.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Cookies\izis@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Cookies\izis@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Cookies\izis@popuptraffic[1].txt -> TrackingCookie.Popuptraffic : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Cookies\izis@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Cookies\izis@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Cookies\izis@www.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Cookies\izis@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Cookies\izis@www.epilot[1].txt -> TrackingCookie.Epilot : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Cookies\izis@www.popuptraffic[1].txt -> TrackingCookie.Popuptraffic : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Cookies\izis@yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\f110338.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\f131619.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\f162723.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\f481211.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\f98701.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\gxoykv.exe -> Worm.SpyBot.dg : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\hbgfi.exe -> Worm.SpyBot.dg : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\iB.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\migconf2.exe -> Downloader.Agent.aaf : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\pre.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\TBPS.exe -> Adware.WebSearch : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\tb_setup.exe -> Adware.WebSearch : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Temporary Internet Files\Content.IE5\8PS7Y9M3\phpxi[1].txt -> Backdoor.Haxdoor.il : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTI74P6N\installerwnus[1].exe -> Downloader.Qoologic.at : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Temporary Internet Files\Content.IE5\GTI74P6N\ponvgqnxql[1].txt -> Trojan.Sinowal.n : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\Temporary Internet Files\Content.IE5\WB2N4J4X\defender19a[1].exe -> Hijacker.VB.nh : Cleaned with backup
C:\Documents and Settings\Izis\Local Settings\Temp\toolbar.dll -> Adware.WebSearch : Cleaned with backup
C:\Documents and Settings\Izis\msdirectx.sys -> Rootkit.Agent.l : Cleaned with backup
C:\Documents and Settings\Izis\sc2.reg -> Trojan.LowZones.f : Cleaned with backup
C:\Documents and Settings\Izis\Start Menu\Programs\SpySheriff -> Adware.SpySheriff : Cleaned with backup
C:\Documents and Settings\Izis\Start Menu\Programs\SpySheriff\SpySheriff.lnk -> Adware.SpySheriff : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\LocalService\Cookies\system@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Mike\Cookies\mike@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Mike\msdirectx.sys -> Rootkit.Agent.l : Cleaned with backup
C:\ehcaowl.exe -> Hijacker.Small.kr : Cleaned with backup
C:\gulgdum.exe -> Trojan.Sinowal.n : Cleaned with backup
C:\Install.exe/trufkz.html -> Hijacker.Linker.g : Error during cleaning
C:\Install.exe/x.bat -> Trojan.LowZones.f : Error during cleaning
C:\Install.exe/kans.reg -> Trojan.LowZones.f : Error during cleaning
C:\Install.exe/kansup.reg -> Trojan.LowZones.f : Error during cleaning
C:\kans.reg -> Trojan.LowZones.f : Cleaned with backup
C:\kansup.reg -> Trojan.LowZones.f : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.dll -> Trojan.Sinowal.m : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe -> Trojan.Sinowal.m : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00004.dll -> Trojan.Sinowal.m : Cleaned with backup
C:\Program Files\Common Files\misc001\webhc1.exe/whAgent.exe -> Adware.WebHancer : Error during cleaning
C:\Program Files\Internet Explorer\loader.exe -> Downloader.Agent.akj : Cleaned with backup
C:\Program Files\Uninstall Information\horeho.dll -> Downloader.Small.ctp : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C.tmp\Zango Toolbar\ZangoTBUninstaller.exe -> Adware.180Solutions : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38.tmp -> TrackingCookie.247realmedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq39.tmp -> TrackingCookie.Paypopup : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A.tmp -> TrackingCookie.Zedo : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3B.tmp -> TrackingCookie.Adserver : Cleaned with backup
C:\qbriulb.exe -> Adware.BHO : Cleaned with backup
C:\RECYCLER\S-1-5-21-1454471165-113007714-854245398-1007\Dc285.exe -> Hijacker.Small : Cleaned with backup
C:\trufkz.html -> Hijacker.Linker.g : Cleaned with backup
C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
C:\WINDOWS\876056.exe -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\ac2_0009.exe -> Downloader.Small.cpu : Cleaned with backup
C:\WINDOWS\cfg32o.dll -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfg32r.dll -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfg32s.dll -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\amm06.ocx -> Downloader.VB.bo : Cleaned with backup
C:\WINDOWS\drsmartload45a.exe -> Downloader.Adload.bo : Cleaned with backup
C:\WINDOWS\drsmartload46a.exe -> Downloader.Adload.bo : Cleaned with backup
C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup
C:\WINDOWS\ieunst.exe -> Adware.IEPlug : Cleaned with backup
C:\WINDOWS\installerwnus.exe -> Downloader.Qoologic.at : Cleaned with backup
C:\WINDOWS\ms0628260-153402006.exe -> Adware.Enbrow : Cleaned with backup
C:\WINDOWS\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
C:\WINDOWS\pi1_36.exe -> Downloader.Small.cqy : Cleaned with backup
C:\WINDOWS\pop06ap2.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINDOWS\RmFkaSBFd2FuIA\asappsrv.dll -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\RmFkaSBFd2FuIA\command.exe -> Adware.CommAd : Cleaned with backup
C:\WINDOWS\SS1001.exe -> Dropper.Small.qn : Cleaned with backup
C:\WINDOWS\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\WINDOWS\sys02534028260-1.exe -> Adware.Enbrow : Cleaned with backup
C:\WINDOWS\system32\adstartup.exe -> Adware.Adstart : Cleaned with backup
C:\WINDOWS\system32\AOLClient.exe -> Worm.SpyBot.dg : Cleaned with backup
C:\WINDOWS\system32\ASL70.DLL -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\aza4093qe.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\bdpanui.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\cesetacl.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\GLUVWLUB\AppWrap[1].exe -> Adware.AdURL : Cleaned with backup
C:\WINDOWS\system32\danmpntw.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\dmonwv.dll -> Downloader.Agent.agw : Cleaned with backup
C:\WINDOWS\system32\dsfzy.dll -> Adware.Adstart : Cleaned with backup
C:\WINDOWS\system32\dsfzyc.exe -> Adware.Adstart : Cleaned with backup
C:\WINDOWS\system32\dsfzyd.exe -> Adware.Adstart : Cleaned with backup
C:\WINDOWS\system32\dsfzyf.exe -> Adware.Adstart : Cleaned with backup
C:\WINDOWS\system32\dsreg.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\e4020edoeh0c0.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\en66l1js1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\enn6l15s1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ennul1591.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\f8j20i1oe8.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\fcs.exe -> Adware.Adlog : Cleaned with backup
C:\WINDOWS\system32\fn0021dmg.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\fplm0331e.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\fxhuy.dat -> Downloader.Qoologic.bj : Cleaned with backup
C:\WINDOWS\system32\guard.tmp -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\h00qlad51d0.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\h6j4lg1q16.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\hdiueeg.sys -> Trojan.Painwin.a : Cleaned with backup
C:\WINDOWS\system32\hjakyao.exe -> Trojan.Painwin.a : Cleaned with backup
C:\WINDOWS\system32\hmalefs.vxd -> Trojan.Painwin.a : Cleaned with backup
C:\WINDOWS\system32\HPPhotoManager.exe -> Backdoor.Rbot.adf : Cleaned with backup
C:\WINDOWS\system32\hsajebc.exe -> Trojan.Painwin.a : Cleaned with backup
C:\WINDOWS\system32\htaueco.exe -> Trojan.Painwin.a : Cleaned with backup
C:\WINDOWS\system32\i0lola331d.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\i606lgds1606.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ir0ql5d51.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ir2ml5f11.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ir66l5js1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ir8ql5l51.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\irl4l53q1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\irr0l59m1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\iv50_32.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\MOCTFP.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\modgxyz.exe -> Adware.Adstart : Cleaned with backup
C:\WINDOWS\system32\mv2ml9f11.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mv4ql9h51.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mvn2l95o1.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\mwinnag.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\p06slaj71do.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\p08qlal51dq.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\p0r4la9q1d.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\pldsregl.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\psdsregk.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\q0nu0a59ed.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\q4860elsehq60.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\r46u0ej9eho.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\r4p8le7u1h.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\redist1.dll -> Trojan.Agent.sx : Cleaned with backup
C:\WINDOWS\system32\redistributor.exe -> Trojan.Agent.sx : Cleaned with backup
C:\WINDOWS\system32\RegistryManage.exe -> Backdoor.Rbot.adf : Cleaned with backup
C:\WINDOWS\system32\rnoc3260.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\srdpsrv.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\szcpack.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\szdpsrv.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\s_install_ID8.exe -> Downloader.Small.aav : Cleaned with backup
C:\WINDOWS\system32\TheMatrixHasYou.exe -> Proxy.Small.bo : Cleaned with backup
C:\WINDOWS\system32\tmp_q2.dll -> Downloader.Small.crd : Cleaned with backup
C:\WINDOWS\system32\twintqaf.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\system32\tyemeui.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\unpack.exe -> Trojan.Painwin.a : Cleaned with backup
C:\WINDOWS\system32\VolumeControl.exe -> Backdoor.SdBot.yx : Cleaned with backup
C:\WINDOWS\system32\whploc.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\Winamp6.exe -> Worm.SpyBot.dg : Cleaned with backup
C:\WINDOWS\system32\winampcss.exe -> Backdoor.Agent.rk : Cleaned with backup
C:\WINDOWS\system32\WinATS.dll -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\system32\winbrume.dll -> Adware.BHO : Cleaned with backup
C:\WINDOWS\system32\WinDmy.dll -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\system32\winmuse.exe -> Downloader.Agent.akj : Cleaned with backup
C:\WINDOWS\system32\WinNB57.dll -> Adware.Mirar : Cleaned with backup
C:\WINDOWS\system32\win_e10.exe -> Downloader.Small.cqs : Cleaned with backup
C:\WINDOWS\system32\wrvdmoe.dll -> Adware.Look2Me : Cleaned with backup
C:\WINDOWS\ts.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\unwn.exe -> Trojan.Qoologic : Cleaned with backup
C:\WINDOWS\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
C:\WINDOWS\zigi.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINDOWS\Тasks\rundll32.exe -> Downloader.PurityScan.cl : Cleaned with backup
C:\x.bat -> Trojan.LowZones.f : Cleaned with backup
::Report End
chiaz
20 May 2006, 09:12am
A new Silent Runners log as well. :)
hateXlime
20 May 2006, 06:29pm
"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" ["Yahoo! Inc."]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"LDM" = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [file not found]
"vodko" = "C:\WINDOWS\system32\aarrnn.exe reg_run" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"WinampAgent" = "C:\Documents and Settings\Ewan\My Documents\Winamp\winampa.exe" [file not found]
"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"YOP" = "C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart" ["Yahoo! Inc."]
"yrvjnl" = "C:\WINDOWS\System32\aarrnn.exe reg_run" [null data]
"w05ad610.dll" = "RUNDLL32.EXE w05ad610.dll,I2 000bccde005ad610" [MS]
"NwCplMonitor" = "C:\WINDOWS\System32\redistributor.exe" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}\(Default) = (no title provided)
-> {HKLM...CLSID} = "CExtension Object"
\InProcServer32\(Default) = "C:\WINDOWS\cfg32p.dll" ["TODO: <Company name>"]
chiaz
21 May 2006, 07:07am
Your computer is really badly infected. Do you use this computer for any kind of online banking or shopping where a credit card has been used? If you do, I would suggest to cease doing so immediately, and also contact your financial institution and make them aware of a possiblity of fraudulent transactions.
Meanwhile, let's try cleaning:
Please download Ad-Aware SE Personal (http://lavasoft.element5.com/support/download/) and install it. If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.
1) Run Ad-Aware, and click Check for updates now.
2) Select Configurations (click the Gear wheel at the top) as follows:
General Button > Safety & Settings: Check (Green) all three.
Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
Click Proceed.
3) To start the scan, Click > "Scan Now" at left
Deselect "Search for negligible risk entries" as negligible risk entries (MRU's) are not considered to be a threat.
Select "Search for low-risk threats"
Select "Perform full system scan"
Click Next
4) When the scan has completed, select Next.
In the Scanning Results window, select the "Critical Objects" tab.
Right-click on the screen and choose "Select all objects"
Click Next to remove the infections found, and click OK to the prompt.
Restart the computer.
Now create a folder on your desktop called Sysclean.
Go to http://www.trendmicro.com/download/dcs.asp and download sysclean package to the folder you made.
Go to http://www.trendmicro.com/download/pattern.asp and download the Official Pattern Release for windows to your desktop.
This file will be called lptXXX.zip (XXX represents the version number)
Unzip lptXXX.zip and you'll get the file lpt$vpn.XXX.
Move the lpt$vpn.XXX to that Sysclean-folder you created on your desktop.
Turn off your antivirus which is installed on your system because it can interfere with the Sysclean-scan.
Open the sysclean-folder and doubleclick sysclean.com.
Check: Automatically clean or delete detected files.
Click scan and wait for the scan to complete. Then restart the computer.
Now rescan with Silent Runners. When the log opens up: press Ctrl+A... then Ctrl+C... then Ctrl+V to paste it into your next reply.
hateXlime
22 May 2006, 03:02am
Hi,
Thank you for your advice. I couldn't find Sysclean when clicked on the link: http://www.trendmicro.com/download/dcs.asp
hateXlime
22 May 2006, 03:09am
This what I got after running Ad-Aware:
"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" ["Yahoo! Inc."]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"LDM" = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [file not found]
"vodko" = "C:\WINDOWS\system32\aarrnn.exe reg_run" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"WinampAgent" = "C:\Documents and Settings\Ewan\My Documents\Winamp\winampa.exe" [file not found]
"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"YOP" = "C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart" ["Yahoo! Inc."]
"yrvjnl" = "C:\WINDOWS\System32\aarrnn.exe reg_run" [null data]
"w05ad610.dll" = "RUNDLL32.EXE w05ad610.dll,I2 000bccde005ad610" [MS]
"NwCplMonitor" = "C:\WINDOWS\System32\redistributor.exe" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
hateXlime
22 May 2006, 07:53am
I always get these pop-ups when login into the computer, How do I solve this please?
((((Rundll:
Error loading w05ad610.dll
The specified module could not be found))))
and this:
((((yop.exe - Unable To Locate Component
This application has failed to start because ISafeIf.dll was not found. Re-installing the application may fix the problem))))
I did try re-install yahooSBC anti Virus system again but still having the same problem. the virus scan can't be turned on!
I have not been able to install any anyvirus software what so ever since almost 2 years. This computer doesn't allow me to install virus scan software. I tried Norton, Mccafee and last one is the YahooSBC...
Thanks in advance for your help and pation..
chiaz
22 May 2006, 09:16am
Restart the computer.Aas the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press your Enter key.
Once in safe mode, click Start.Open My Computer. Select the Tools menu and click Folder Options. Select the View Tab. Under the Hidden files and folders heading select Show hidden files and folders. Uncheck the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK.
Navigate to and delete the following files:
C:\WINDOWS\system32\aarrnn.exe
C:\WINDOWS\System32\redistributor.exe
Restart the computer. Try running HijackThis again. Does it work, and produce a log?
hateXlime
23 May 2006, 06:16am
I couldn't find the 2 files in neither C nor my computer. Yes i did safemod and did follow the procedure to show hidden files and so on.. the following is the hijackthis log: thank you,
Logfile of HijackThis v1.99.1
Scan saved at 12:11:48 AM, on 5/23/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\Mike\Desktop\Short Media\Hijackthis_fadi\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.short-media.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\qjjvn.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,bfpaxso.exe
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Ewan\My Documents\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [w05ad610.dll] RUNDLL32.EXE w05ad610.dll,I2 000bccde005ad610
O4 - HKLM\..\Run: [NwCplMonitor] C:\WINDOWS\System32\redistributor.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120277899389
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\hrr8059ue.dll (file missing)
O20 - Winlogon Notify: logons - C:\WINDOWS\system32\redist1.dll (file missing)
O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll
O23 - Service: CAISafe - Unknown owner - C:\Program Files\Yahoo!\Antivirus\ISafe.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
hateXlime
23 May 2006, 06:20am
this is the log for the silent runners:
"Silent Runners.vbs", revision 45, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet" ["Yahoo! Inc."]
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"LDM" = "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [file not found]
"vodko" = "C:\WINDOWS\system32\aarrnn.exe reg_run" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"NeroCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]
"C-Media Mixer" = "Mixer.exe /startup" ["C-Media Electronic Inc. (www.cmedia.com.tw)"]
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" ["Sun Microsystems, Inc."]
"WinampAgent" = "C:\Documents and Settings\Ewan\My Documents\Winamp\winampa.exe" [file not found]
"Adobe Photo Downloader" = ""C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"" ["Adobe Systems Incorporated"]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"YOP" = "C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart" ["Yahoo! Inc."]
"yrvjnl" = "C:\WINDOWS\System32\aarrnn.exe reg_run" [null data]
"w05ad610.dll" = "RUNDLL32.EXE w05ad610.dll,I2 000bccde005ad610" [MS]
"NwCplMonitor" = "C:\WINDOWS\System32\redistributor.exe" [file not found]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {HKLM...CLSID} = "Display Panning CPL Extension"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
chiaz
23 May 2006, 09:15am
Download About:Buster to the desktop:
http://aboutbuster.clickhereformoreinfo.com/
Now run it and follow the directions. Have the program search the system for offending files and remove them. This program will also reset your homepage (so you'll have to set it back later).
Next download the attached zip file and unzip it to your desktop.
http://www.mvps.org/winhelp2002/DelDomains.inf
Right-click on the deldomains.inf file and select 'Install'
Wait for around five minutes, then restart the computer.
Download haxfix.exe (http://users.telenet.be/marcvn/tools/haxfix.exe)
and save it to your desktop.
Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
Checkmark "Create a desktop icon"
Click "Next"
When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed
Click "Finish"
A red "dos window" (dos box) will open with options:
1. Make logfile
2. Run auto fix
3. Run manual fix
E. Exit Haxfix
Select option 1. Make logfile by typing 1 and then pressing Enter
Haxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txt
Copy the contents of that logfile and paste it into this thread(c:\haxfix.txt), along with a new HijackThis log
hateXlime
6 Jun 2006, 04:53am
HAXFIX logfile - by Marckie
--------------
version 2.43
Mon 06/05/2006 22:49:34.63
checking for a3d files....
a3d files found
ps.a3d
checking for matching notify keys....
matching notify keys found
xptp
checking for matching services....
matching services found
xptptt
xptpmm
checking for matching safeboot services....
matching safeboot services found
xptptt.sys
xptpmm.sys
This is Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 10:50:53 PM, on 6/5/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Mike\Desktop\Short Media\Hijackthis_fadi\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.short-media.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\qjjvn.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,bfpaxso.exe
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Ewan\My Documents\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [w05ad610.dll] RUNDLL32.EXE w05ad610.dll,I2 000bccde005ad610
O4 - HKLM\..\Run: [NwCplMonitor] C:\WINDOWS\System32\redistributor.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120277899389
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\hrr8059ue.dll (file missing)
O20 - Winlogon Notify: logons - C:\WINDOWS\system32\redist1.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll
O23 - Service: CAISafe - Unknown owner - C:\Program Files\Yahoo!\Antivirus\ISafe.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
Thak you,
Double click on My Computer -> C:\ -> Program Files > haxfix and double click on fix.bat (or double click on fix.bat desktop icon)
Close all other open windows since this step requires a reboot
Select option 2. Run auto fix by typing 2 and then pressing Enter
If an infection is found, you'll get a message to close all other open windows.
Close all open windows except the red dos window from haxfix and then press Enter
The computer will reboot
After reboot a logfile will open > (c:\haxfix.txt)
Please post this log later on.
Now launch HijackThis and place a checkmark by the following entries if they still exist:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\qjjvn.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,bfpaxso. exe
O4 - HKLM\..\Run: [w05ad610.dll] RUNDLL32.EXE w05ad610.dll,I2 000bccde005ad610
O20 - Winlogon Notify: Dynamic Directory - C:\WINDOWS\system32\hrr8059ue.dll (file missing)
O20 - Winlogon Notify: logons - C:\WINDOWS\system32\redist1.dll (file missing)
O20 - Winlogon Notify: xptptt - C:\WINDOWS\SYSTEM32\xptptt.dll
Close all other windows and press "Fix Checked". Then close HijackThis and restart the computer again.
Rescan with HijackThis and post the new log here.
hateXlime
6 Jun 2006, 11:38pm
HAXFIX logfile - by Marckie
--------------
version 2.43
Tue 06/06/2006 17:13:33.05
Auto Haxdoorfix
haxdoor key: xptp
searching for services....
services found
deleting services.....
[SWSC] DeleteService SUCCESS
[SWSC] DeleteService SUCCESS
rebooting the computer.....
haxdoor key: xptp
searching for services....
services not found
checking if files are found.....
xptptt.dll
xptpmm.sys
deleting files.....
checking if files are deleted.....
checking for other files.....
klgcptini.dat
sd.dll
sd.sys
klo5.sys
fux87.ini
deleting other files.....
checking if the files are deleted.....
Finished
Logfile of HijackThis v1.99.1
Scan saved at 5:35:04 PM, on 6/6/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Documents and Settings\Mike\Desktop\Short Media\Hijackthis_fadi\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.short-media.com/
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\qjjvn.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,bfpaxso.exe
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Documents and Settings\Ewan\My Documents\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [NwCplMonitor] C:\WINDOWS\System32\redistributor.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: InterVideo WinScheduler.lnk = C:\Program Files\InterVideo\WinDVR\WinScheduler.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4AD73894-A895-4FC2-B233-299867E08753} (Cadwkzctl Object) - http://apps.deskwizz.com/ax/adwerkz.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120277899389
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1149566364571
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/SymAData.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Unknown owner - C:\Program Files\Yahoo!\Antivirus\ISafe.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: VET Message Service (VETMSGNT) - Unknown owner - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe (file missing)
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
Things are much better now; however still not completely clean.
Download Avenger from here:
http://swandog46.geekstogo.com/
Open the program. Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens, paste this:
Files to delete:
C:\WINDOWS\System32\qjjvn.exe
C:\WINDOWS\SYSTEM32\bfpaxso.exe
and click 'Done'
Click the Traffic Light icon to start the program, and OK the prompts to reboot your PC.
Now scan with HijackThis and place a checkmark by the following entries:
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\qjjvn.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,bfpaxso. exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis and restart the computer.
Now run a free online scan with Kaspersky AntiVirus (works only with MS Internet Explorer 5.0 or higher).
Go to http://www.kaspersky.com/virusscanner and click the "Kaspersky Online Scanner" button (NOT "Kaspersky File Scanner").
In the new window that opens, click the "Accept" button to accept the user agreement, install the ActiveX control, and download the program.
When you get the Windows dialog asking if you want to install this software, click the "Install" button.
When the "Update progress" line changes to "Ready" and the "NEXT ->" button lights up with a green arrow, click it.
Click on the "Scan Settings" button, and in the next window select the "extended" database, and click Ok.
Under "Please select a target to scan:", click My Computer to start the scan.
When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window, and post the text in kavscan.txt in your next reply.
chiaz
13 Jun 2006, 06:42am
Empty out the following folder by deleting eerything in it:
C:\Documents and Settings\Izis\Local Settings\Temp\
Download the trial version of Spy Sweeper from
Here (http://www.webroot.com/shoppingcart/tryme.php?bjpc=64011&vcode=DT14)
Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)
You will be prompted to check for updated definitions, please do so.
(This may take several minutes)
Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.
Click on Sweep and allow it to fully scan your system.
When the sweep has finished, click Remove. Click Select All and then Next
From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.
Exit Spy Sweeper.
Restart your computer.
Then download Avenger from here:
http://swandog46.geekstogo.com/
Open the program. Check the 'Input script manually' option.
Click the Magnifying Glass icon.
In the box that opens, paste this:
Files to delete:
D:\BSINSTALL.exe
C:\WINDOWS\Тasks\rundll32.exe
C:\WINDOWS\zytanyiv.exe
C:\WINDOWS\WPRE.exe
C:\WINDOWS\system32\scmt16.exe
C:\WINDOWS\system32\run.exe
C:\WINDOWS\system32\install_id6.exe
C:\WINDOWS\system32\fxhuy.dat
C:\WINDOWS\pf78.exe
C:\WINDOWS\money.exe
C:\WINDOWS\cfg32p.dll
C:\Trelew.exe
C:\djiejrjk.exe
C:\Documents and Settings\Ewan\esys44.exe
and click 'Done'
Click the Traffic Light icon to start the program, and OK the prompts to reboot your PC.
Post the Avenger output.txt, which you can find at C:\Avenger\.txt; along with a new Kaspersky Online Scanner log.
hateXlime
14 Jun 2006, 04:47am
I couldn't get the avenger (i get an error) is there anyother way to delete the files u mentioned above than avenger.
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, June 13, 2006 10:43:53 PM
Operating System: Microsoft Windows XP Home Edition, (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 14/06/2006
Kaspersky Anti-Virus database records: 200318
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
Scan Statistics:
Total number of scanned objects: 49608
Number of viruses found: 81
Number of infected objects: 274
Number of suspicious objects: 2
Duration of the scan process: 00:50:40
Infected Object Name / Virus Name / Last Action
C:\djiejrjk.exe/data.rar/esys44.exe Infected: Trojan-Downloader.Win32.Adload.ap skipped
C:\djiejrjk.exe/data.rar/sc2.reg Infected: Trojan.WinREG.LowZones.f skipped
C:\djiejrjk.exe/data.rar Infected: Trojan.WinREG.LowZones.f skipped
C:\djiejrjk.exe RarSFX: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient8.zip/cas2stub.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CASClient8.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Ewan\esys44.exe Infected: Trojan-Downloader.Win32.Adload.ap skipped
C:\Documents and Settings\Ewan\Local Settings\Temp\tp7543.exe Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\Documents and Settings\Izis\esys44.exe Infected: Trojan-Downloader.Win32.Adload.ap skipped
C:\Install.exe/data.rar/trufkz.html Infected: Trojan-Clicker.JS.Linker.g skipped
C:\Install.exe/data.rar/x.bat Infected: Trojan.WinREG.LowZones.f skipped
C:\Install.exe/data.rar/kans.reg Infected: Trojan.WinREG.LowZones.f skipped
C:\Install.exe/data.rar/kansup.reg Infected: Trojan.WinREG.LowZones.f skipped
C:\Install.exe/data.rar Infected: Trojan.WinREG.LowZones.f skipped
C:\Install.exe RarSFX: infected - 5 skipped
C:\My Downloads\BSPROINSTALL.exe/WISE0023.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\My Downloads\BSPROINSTALL.exe/WISE0023.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\My Downloads\BSPROINSTALL.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\My Downloads\BSPROINSTALL.exe/WISE0027.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
C:\My Downloads\BSPROINSTALL.exe WiseSFX: infected - 4 skipped
C:\My Downloads\BSPROINSTALL.exe WiseSFX Dropper: infected - 4 skipped
C:\Program Files\BSINSTALL.exe/WISE0024.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\BSINSTALL.exe/WISE0024.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\BSINSTALL.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\BSINSTALL.exe WiseSFX: infected - 3 skipped
C:\Program Files\BSINSTALL.exe WiseSFX Dropper: infected - 3 skipped
C:\Program Files\Common Files\simtest\sysstall.exe Infected: Trojan.Win32.Zapchast.bl skipped
C:\Program Files\Common Files\svchostsys\svchostsys.exe Infected: Trojan-Downloader.MSIL.Agent.a skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP0\A0000003.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP1\A0000017.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP1\A0000018.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP1\A0000197.exe Infected: not-a-virus:AdWare.Win32.AdURL.c skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP2\A0000201.exe Infected: Trojan-Downloader.Win32.VB.adb skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP2\A0000209.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP2\A0000235.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP2\A0000240.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP2\A0000241.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP2\snapshot\MFEX-3.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP2\snapshot\MFEX-4.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP2\snapshot\MFEX-5.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP29\A0002394.dll Infected: Backdoor.Win32.Haxdoor.im skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP29\A0002400.sys Infected: Backdoor.Win32.Haxdoor.im skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP29\A0002402.dll Infected: Backdoor.Win32.Haxdoor.im skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP29\A0002403.sys Infected: Backdoor.Win32.Haxdoor.im skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000255.exe Infected: Trojan-Downloader.Win32.VB.adb skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000261.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000271.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000278.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000322.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000369.exe/data0002/data0004 Infected: Trojan-Downloader.MSIL.Agent.a skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000369.exe/data0002/data0010 Infected: Trojan.Win32.Zapchast.bl skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000369.exe/data0002/data0011/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000369.exe/data0002/data0011/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000369.exe/data0002/data0011/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000369.exe/data0002/data0011/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000369.exe/data0002/data0011/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000369.exe/data0002/data0011/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000369.exe/data0002/data0011 Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000369.exe/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000369.exe NSIS: infected - 10 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000370.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000388.dll Infected: not-a-virus:AdWare.Win32.SurfSide.at skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000389.dll Infected: not-a-virus:AdWare.Win32.SurfSide.at skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000390.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ao skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000391.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.at skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000391.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.at skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000391.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ao skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000391.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000391.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000391.exe CAB: infected - 5 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000393.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000394.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000410.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000411.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000412.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000413.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000414.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000417.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000418.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000419.dll Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000420.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000421.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000432.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000449.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000450.exe Infected: Trojan-Clicker.Win32.VB.lv skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000454.exe Infected: not-a-virus:AdWare.Win32.SmartLoad.c skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000455.exe Infected: Trojan-Downloader.Win32.Adload.az skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000456.exe Infected: Trojan-Downloader.Win32.Adload.az skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000458.exe Infected: Trojan-Downloader.Win32.VB.ys skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000459.exe Infected: Trojan-Downloader.Win32.VB.ada skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000460.exe Infected: Trojan-Downloader.Win32.VB.ada skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000461.exe Infected: Trojan-Clicker.Win32.VB.lv skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000462.exe Infected: Trojan-Downloader.Win32.VB.aci skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000463.exe Infected: Trojan-Downloader.Win32.VB.adb skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000464.exe Infected: Trojan-Clicker.Win32.VB.nh skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000465.exe Infected: Trojan-Clicker.Win32.VB.ly skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000466.exe Infected: Trojan-Clicker.Win32.VB.ly skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000468.exe Infected: Backdoor.Win32.Haxdoor.il skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000470.exe Infected: Trojan-PSW.Win32.Sinowal.n skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000471.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000473.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000474.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000478.exe Infected: Trojan-Dropper.Win32.Agent.amf skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000479.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000480.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000481.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000482.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000483.exe/data.rar/sc2.reg Infected: Trojan.WinREG.LowZones.f skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000483.exe/data.rar Infected: Trojan.WinREG.LowZones.f skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000483.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000484.exe/data.rar/esys44.exe Infected: Trojan-Downloader.Win32.Adload.ap skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000484.exe/data.rar/sc2.reg Infected: Trojan.WinREG.LowZones.f skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000484.exe/data.rar Infected: Trojan.WinREG.LowZones.f skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000484.exe RarSFX: infected - 3 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000485.exe/data.rar/sc2.reg Infected: Trojan.WinREG.LowZones.f skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000485.exe/data.rar Infected: Trojan.WinREG.LowZones.f skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000485.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000486.sys Infected: Rootkit.Win32.Agent.l skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000487.reg Infected: Trojan.WinREG.LowZones.f skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000488.reg Infected: Trojan.WinREG.LowZones.f skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000489.sys Infected: Rootkit.Win32.Agent.l skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000490.reg Infected: Trojan.WinREG.LowZones.f skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000492.sys Infected: Rootkit.Win32.Agent.l skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000493.exe Infected: Trojan-Clicker.Win32.Small.kr skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000494.exe Infected: Trojan-PSW.Win32.Sinowal.n skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000495.reg Infected: Trojan.WinREG.LowZones.f skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000496.reg Infected: Trojan.WinREG.LowZones.f skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000497.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000499.dll Infected: Trojan-PSW.Win32.Sinowal.m skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000500.exe Infected: Trojan-PSW.Win32.Sinowal.m skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000501.dll Infected: Trojan-PSW.Win32.Sinowal.m skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000502.exe Infected: Trojan-Downloader.Win32.Agent.akj skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000503.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000504.exe Infected: not-a-virus:AdWare.Win32.180Solutions.an skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000505.exe Infected: not-a-virus:AdWare.Win32.BHO.ah skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000507.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000508.exe Infected: not-a-virus:AdWare.Win32.Mirar.d skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000509.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000510.dll Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000511.dll Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000512.dll Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000513.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000514.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000515.exe Infected: not-a-virus:AdWare.Win32.AdURL.c skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000516.exe Infected: not-a-virus:AdWare.Win32.Iebar.j skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000517.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000518.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000520.exe Infected: Trojan-Downloader.Win32.Small.cqy skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000521.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.l skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000526.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000527.exe Infected: not-a-virus:AdWare.Win32.Adstart.h skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000528.exe Infected: P2P-Worm.Win32.SpyBot.gl skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000529.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000530.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000531.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000532.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000533.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000534.dll Infected: not-a-virus:AdWare.Win32.Adstart.i skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000535.exe Infected: not-a-virus:AdWare.Win32.Adstart.h skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000536.exe Infected: not-a-virus:AdWare.Win32.Adstart.b skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000537.exe Infected: not-a-virus:AdWare.Win32.Adstart.d skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000538.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000539.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000540.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000541.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000542.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000543.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000545.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000546.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000547.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000548.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000549.sys Infected: Trojan.Win32.Painwin.a skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000550.exe Infected: Trojan.Win32.Painwin.a skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000551.vxd Infected: Trojan.Win32.Painwin.a skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000552.exe Infected: Backdoor.Win32.Rbot.aqo skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000553.exe Infected: Trojan.Win32.Painwin.a skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000554.exe Infected: Trojan.Win32.Painwin.a skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000555.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000556.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000557.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000558.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000559.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000560.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000561.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000562.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000563.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000565.exe Infected: not-a-virus:AdWare.Win32.Adstart.d skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000566.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000567.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000568.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000569.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000570.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000571.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000572.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000573.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000574.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000575.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000576.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000577.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000578.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000579.exe Infected: Trojan.Win32.Agent.sx skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000580.exe Infected: Backdoor.Win32.Rbot.adf skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000581.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000582.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000583.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000584.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000585.exe Infected: Trojan-Downloader.Win32.Small.aav skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000586.exe Infected: Trojan-Proxy.Win32.Small.bo skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000587.dll Infected: Trojan-Downloader.Win32.Small.crd skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000588.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000589.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000590.exe Infected: Trojan.Win32.Painwin.a skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000591.exe Infected: Backdoor.Win32.SdBot.yx skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000592.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000593.exe Infected: P2P-Worm.Win32.SpyBot.gl skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000594.exe Infected: Trojan.Win32.Inject.t skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000595.dll Infected: not-a-virus:AdWare.Win32.Mirar.e skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000596.dll Infected: not-a-virus:AdWare.Win32.BHO.ah skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000598.exe Infected: Trojan-Downloader.Win32.Agent.akj skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000599.dll Infected: not-a-virus:AdWare.Win32.Mirar.b skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000600.exe Infected: Trojan-Downloader.Win32.Small.cqs skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000601.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000602.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000603.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000604.exe Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000605.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000606.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000607.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000608.exe Infected: Trojan-Downloader.Win32.PurityScan.cl skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000609.bat Infected: Trojan.WinREG.LowZones.f skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000612.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\A0000613.dll Infected: Trojan.Win32.Agent.sx skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\snapshot\MFEX-3.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\snapshot\MFEX-4.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP3\snapshot\MFEX-5.DAT Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP30\A0003459.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Adstart.i skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP30\A0003459.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Adstart.h skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP30\A0003459.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Adstart.d skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP30\A0003459.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.Adstart.b skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP30\A0003459.exe/stream Infected: not-a-virus:AdWare.Win32.Adstart.b skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP30\A0003459.exe NSIS: infected - 5 skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP30\A0003460.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP30\A0003461.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP30\A0003463.exe Infected: Trojan-Downloader.Win32.PurityScan.co skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP30\A0003464.exe Infected: Trojan-Downloader.Win32.Harnig.bn skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP30\A0003476.dll Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP30\A0003477.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP30\A0003478.exe Infected: not-a-virus:AdWare.Win32.BookedSpace.h skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2-42572BA8912F}\RP30\A0003479.exe Infected: Trojan-Downloader.Win32.VB.vz skipped
C:\System Volume Information\_restore{C6B0CE17-9B19-44F3-AEB2