Please print this. First turn of Norton's script blocking and temporarily disable "real time protection" for any of the tools that you may have at this link or "this fix will not work." Disable Real Time Protection then re-enable these after you have finished. Please download Brute Force Uninstaller from this link http://www.merijn.org/files/bfu.zip Unzip it to a folder of it’s own (c:\BFU). Read here how to unzip/extract properly: http://metallica.geekstogo.com/xpcompressedexplanation.html Start the Brute Force Uninstaller by doubleclicking BFU.exe To the right of the "scriptfile to execute" window you'll see two icons. Click the one on the right. When you click that icon, a little window will open that says: "Please enter the full URL to the sript you want to execute" In the field, copy and paste everything in bold into that window: http://metallica.geekstogo.com/alcanshorty.bfu Click Ok. Then click execute in Brute Force Uninstaller. Wait for the complete script execution box to popup and press OK. Press exit to terminate the BFU program. Next download Look2Me-Destroyer from this link http://www.atribune.org/public-beta/Look2Me-Destroyer.exe Close all windows before continuing. Double-click Look2Me-Destroyer.exe to run it. Put a check next to Run this program as a task. You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 minute. Click OK When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal. Once it's done scanning, click the Remove L2M button. You will receive a Done Scanning message, click OK. When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK. Your computer will then shutdown. Turn your computer back on. If Look2Me-Destroyer does not reopen automatically, reboot and try again. If you receive a message from your firewall about this program accessing the internet please allow it. If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory. http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX Next go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab > uncheck and delete everything you find in there. (except for "My current home page") Download Killbox from this link for later use Download killbox from this link Killbox Download ATF-Cleaner from this link for later use http://www.atribune.org/content/view/19/2/ Run this free online scan from Panda When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to the desktop, then copy/paste into the text editor and post it. Reboot in safe mode by following the directions at this link How To Boot Into Safe Mode Run Ht again close all windows, place a check to the left of the following items and press "fix checked": R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 R3 - URLSearchHook: (no name) - _{FDE3577A-6254-181C-4E11-339E4F746BD3} - (no file) R3 - URLSearchHook: (no name) - _{0FA33B6C-71BC-69D3-DB7A-472A4D6F3452} - (no file) F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\inthv.exe F2 - REG:system.ini: UserInit=userinit.exe,sjblghr.exe O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [QaOD] C:\documents and settings\patrick lee\local settings\temp\QaOD.exeIf you know what this is you will need to move it out of the temp file, otherwise remove it with HT O4 - HKLM\..\Run: [Iifwveig] C:\Program Files\Wven\Fdsyth.exe Same here remove if not known O4 - HKLM\..\Run: [csr] csrrs.exe O4 - HKLM\..\Run: [wtkyelnA] C:\WINDOWS\wtkyelnA.exe O4 - HKLM\..\Run: [w01507aa.dll] RUNDLL32.exe w01507aa.dll,I2 00018c2f001507aa O4 - HKLM\..\Run: [sys011269599344-] C:\WINDOWS\sys011269599344-.exe O4 - HKLM\..\RunServices: [csr] csrrs.exe O4 - Global Startup: palstart.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present Remove this if you did not set it O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present remove this if you did not set it O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\System32\remove_me.dll (file missing) (HKCU) O16 - DPF: {20309504-8D74-4762-82CE-856903876EEA} - http://66.154.18.136/npd/load5.exe O20 - Winlogon Notify: DH - C:\WINDOWS\system32\guard.tmp (file missing) O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing) While still in safe mode run Killbox. Double-click on Killbox.exe to run it. Put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time. C:\WINDOWS\system32\inthv.exe C:\WINDOWS\wtkyelnA.exe C:\WINDOWS\sys011269599344-.exe C:\Program Files\Wven\Fdsyth.exe ( if not known) Click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box. Next while still in safe mode do a search for the files and delete all instances if found: sjblghr.exe w01507aa.dll csrrs.exe While still in safe mode run ATF-Cleaner. Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button. Please post a new HT log.

0

Here is the active scan from the Panda website: Incident Status Location Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\LocalService\Cookies\system@c.goclick[2].txt Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Patrick Lee\Cookies\patrick lee@888[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Patrick Lee\Cookies\patrick lee@ad.yieldmanager[1].txt Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Patrick Lee\Cookies\patrick lee@adopt.hbmediapro[2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Patrick Lee\Cookies\patrick lee@adrevolver[2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Patrick Lee\Cookies\patrick lee@adrevolver[3].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Patrick Lee\Cookies\patrick lee@as-eu.falkag[2].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Patrick Lee\Cookies\patrick lee@as-us.falkag[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Patrick Lee\Cookies\patrick lee@atdmt[1].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Patrick Lee\Cookies\patrick lee@azjmp[2].txt Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Patrick Lee\Cookies\patrick lee@cassava[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Patrick Lee\Cookies\patrick lee@doubleclick[1].txt Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Patrick Lee\Cookies\patrick lee@linksynergy[2].txt Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Patrick Lee\Cookies\patrick lee@maxserving[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Patrick Lee\Cookies\patrick lee@mediaplex[1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Patrick Lee\Cookies\patrick lee@overture[2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Patrick Lee\Cookies\patrick lee@realmedia[1].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Patrick Lee\Cookies\patrick lee@server.iad.liveperson[2].txt Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Patrick Lee\Cookies\patrick lee@stats1.reliablestats[2].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Patrick Lee\Cookies\patrick lee@statse.webtrendslive[1].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Patrick Lee\Cookies\patrick lee@trafficmp[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Patrick Lee\Cookies\patrick lee@tribalfusion[1].txt Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Patrick Lee\Cookies\patrick lee@webpower[2].txt Virus:Bck/IRCBot.WJ Not disinfected C:\Documents and Settings\Patrick Lee\rar.exe Adware:Adware/PurityScan Not disinfected C:\Program Files\Common Files\?ystem\winlogon.exe Spyware:Cookie/2o7 Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq22.tmp Spyware:Cookie/Adtech Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25.tmp Spyware:Cookie/Advertising Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq26.tmp Spyware:Cookie/Falkag Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27.tmp Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28.tmp Spyware:Cookie/Clickbank Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29.tmp Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2A.tmp Spyware:Cookie/Falkag Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp Spyware:Cookie/Findwhat Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2F.tmp Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq31.tmp Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq33.tmp Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36.tmp Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38.tmp Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A.tmp Spyware:Cookie/Adserver Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3C.tmp Spyware:Cookie/Zedo Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3E.tmp Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp\adm.exe Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp\adm4.dll Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp\admdata.dll Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp\admdloader.dll Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp\admfdi.dll Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp\admprog.dll Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp\dmfiles.cab Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp\dmfiles.cab[AltnetUninstall.exe] Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp\dmfiles.cab[asmend.exe] Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp\mysearch.cab Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp\pmexe.cab Potentially unwanted tool:Application/Altnet Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp\pmexe.cab[Points Manager.exe] Adware:Adware/InstaFinder Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp Spyware:Cookie/Adtech Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA5.tmp Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA7.tmp Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA9.tmp Spyware:Cookie/Falkag Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAA.tmp Spyware:Cookie/FastClick Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAB.tmp Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAE.tmp Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAF.tmp Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB0.tmp Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB1.tmp Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB2.tmp Adware:Adware/DollarRevenue Not disinfected C:\WINDOWS\system32\dr.exe Adware:Adware/Qoologic Not disinfected C:\WINDOWS\system32\wcrgi.dat

0

I will let you review this before I go any further with your last response. Patrick

0

Add these to your list to delete with Killbox: C:\WINDOWS\system32\dr.exe C:\WINDOWS\system32\wcrgi.dat After you get done Download Ewido Security Suite then set it up this way Ewido Setup Instructions and run it from safe mode.

0

Ok, I've gone through everything. Below is posted my new HijackThis log. However, AD-aware still picks up this: RegData HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"Shell" () Shell Possibly Compromised Any Suggestions? Logfile of HijackThis v1.99.1 Scan saved at 11:02:55 PM, on 4/7/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\reddvb.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\inthv.exe C:\WINDOWS\system32\inthv.exe C:\WINDOWS\system32\inthv.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\inthv.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,sjblghr.exe O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [qvhuvy] C:\WINDOWS\system32\reddvb.exe reg_run O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM\..\Run: [AuthStart] C:\Program Files\SafeandSecure\SafeandSecure\app\authstart.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKCU\..\Run: [nsovw] C:\WINDOWS\system32\reddvb.exe reg_run O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [Registry Defender] "C:\Program Files\Registry Defender Trial\RegClean.exe" O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: kloec.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Microsoft® JavaScript® Console - {86FB0D2D-1D8F-4EF8-803A-F3A422F925D9} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU) O9 - Extra 'Tools' menuitem: JavaScript Console - {86FB0D2D-1D8F-4EF8-803A-F3A422F925D9} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU) O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409 O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing) O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe Patrick

0

An old but subtle foe called Qoologic. Please download FindQool.Zip from this link http://downloads.subratam.org/Lon/FindQool.zip to your desktop. Unzip FindQool.zip to your C: drive so that the path is C:\FindQool. Go to the C:\FindQool folder where you just extracted FindQool.zip and doubleclick the Qlocate.bat file to run it. A command window will open and you'll get a message to "Press any key to continue". Press any key and a report.txt file will open in notepad. Copy and paste the contents of the report.txt file in your next reply.

0

I seriously appreciate you taking the time to help me out...here is what FindQool found: Sat 04/08/2006 Running from: C:\FindQool PLEASE NOTE: LEGIT FILES MIGHT BE LISTED. IF YOU ARE UNSURE OF WHAT IS LISTED LEAVE THEM ALONE. Known file names C:\WINDOWS\UNWN.exe MD5 Check.... C:\WINDOWS\system32\wcrgi.dat C:\WINDOWS\system32\reddvb.exe C:\WINDOWS\system32\inthv.exe C:\WINDOWS\system32\xlddnjd.dll C:\WINDOWS\system32\sjblghr.exe Files found with locate com. C:\WINDOWS\SYSTEM32\SJBLGHR.exe C:\WINDOWS\SYSTEM32\XLDDNJD.DLL C:\WINDOWS\SYSTEM32\WCRGI.DAT C:\WINDOWS\SYSTEM32\REDDVB.exe C:\WINDOWS\SYSTEM32\INTHV.exe C:\WINDOWS\NCBLNO.DAT C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\STARTUP\KLOEC.exe Re-check using dir /a:-d C:\Documents and Settings\All Users\Start Menu\Programs\Startup 04/03/2006 03:29 PM 127,488 kloec.exe ... HKEY_LOCAL_MACHINE\software\classes\folder\shellex\columnhandlers\{ce3a44d8-bc88-4d62-a890-42d96245f8d6} ... Runs, Listed here as a Doublecheck for the locate com results HKLM "qvhuvy"="C:\\WINDOWS\\system32\\reddvb.exe reg_run" HKCU "nsovw"="C:\\WINDOWS\\system32\\reddvb.exe reg_run" ... Files In Winlogon shell and userinit Listed here as a Doublecheck for the locate com results shell REG_SZ Explorer.exe, C:\WINDOWS\system32\inthv.exe userinit REG_SZ C:\WINDOWS\SYSTEM32\Userinit.exe,sjblghr.exe Patrick

0

Run HT again,close all windows and browsers except HT, then place a check to the left of these items and press "fix checked": F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\inthv.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,sjblghr.exe O4 - HKLM\..\Run: [qvhuvy] C:\WINDOWS\system32\reddvb.exe reg_run O4 - HKCU\..\Run: [nsovw] C:\WINDOWS\system32\reddvb.exe reg_run O4 - Global Startup: kloec.exe O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing) Close Hijack This Double-click on Killbox.exe to run it. Put a tick by Delete on Reboot. Copy the following list of files to clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\WINDOWS\UNWN.exe C:\WINDOWS\system32\wcrgi.dat C:\WINDOWS\system32\reddvb.exe C:\WINDOWS\system32\inthv.exe C:\WINDOWS\system32\xlddnjd.dll C:\WINDOWS\system32\sjblghr.exe C:\WINDOWS\SYSTEM32\SJBLGHR.exe C:\WINDOWS\SYSTEM32\XLDDNJD.DLL C:\WINDOWS\SYSTEM32\WCRGI.DAT C:\WINDOWS\SYSTEM32\REDDVB.exe C:\WINDOWS\SYSTEM32\INTHV.exe C:\WINDOWS\NCBLNO.DAT C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\STARTUP\KLOEC.exe Next in Killbox go to File > Paste from clipboard Click on the All Files button. Next click on the button that has the red circle with the white X in the middle. It will ask for confimation to delete the files on next reboot and ask you if you want to reboot now. Click Yes and let the computer reboot. Next copy the registry fix between the x"S: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX REGEDIT4 [-HKEY_CLASSES_ROOT\CLSID\{ce3a44d8 -bc88-4d62-a890-42d96245f8d6}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "qvhuvy"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nsovw"=- XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Open notepad(start>run> type "notepad" without the quotes>ok) and paste the registry fix in it.Go to File on the top bar of Notepad and choose Save As, on the Save As Type area change it to all files then name it fix.reg and save it to your desktop, double click fix.reg and allow it to be merged into the registry which will remove the entries. Post a new HT log.

0

One more thing, run this batch file. Copy everything between the X"s: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX @echo off sc stop dll host sc delete dll host XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Open notepad(start>run> type "notepad" without the quotes>ok) and paste the above script into it.Go to File on the top bar of Notepad and choose Save As, on the Save As Type area change it to all files then name it reg.bat and save it to your desktop, double click reg.bat, it will run quickly.

0

Here is the new HT log : Logfile of HijackThis v1.99.1 Scan saved at 11:14:08 AM, on 4/8/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\RioMSC.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.exe C:\Compaq\EAKDRV\EAUSBKBD.exe C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\inthv.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,sjblghr.exe O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM\..\Run: [AuthStart] C:\Program Files\SafeandSecure\SafeandSecure\app\authstart.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [Registry Defender] "C:\Program Files\Registry Defender Trial\RegClean.exe" O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Microsoft® JavaScript® Console - {86FB0D2D-1D8F-4EF8-803A-F3A422F925D9} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU) O9 - Extra 'Tools' menuitem: JavaScript Console - {86FB0D2D-1D8F-4EF8-803A-F3A422F925D9} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU) O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409 O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4734/mcfscan.cab O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing) O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe Patrick

0

You have the newest version of Qoologic, a tough one. Run HT again, close all windows and browsers except HT, the remove these items: F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\inthv.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,sjblghr.exe O9 - Extra button: Microsoft® JavaScript® Console - {86FB0D2D-1D8F-4EF8-803A-F3A422F925D9} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU) O9 - Extra 'Tools' menuitem: JavaScript Console - {86FB0D2D-1D8F-4EF8-803A-F3A422F925D9} - C:\WINDOWS\system32\COMDLG32.OCX (HKCU) Post a new HT log

0

should these two be removed from my system? because everytime i run hijackthis on them they are the only two remaining: F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\inthv.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,sjblghr.exe here is my new HT log Logfile of HijackThis v1.99.1 Scan saved at 9:51:15 PM, on 4/8/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\RioMSC.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.exe C:\Compaq\EAKDRV\EAUSBKBD.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\inthv.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,sjblghr.exe O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM\..\Run: [AuthStart] C:\Program Files\SafeandSecure\SafeandSecure\app\authstart.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [Registry Defender] "C:\Program Files\Registry Defender Trial\RegClean.exe" O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409 O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4734/mcfscan.cab O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing) O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe Patrick

0

Reboot into safe mode. Run HT and remove the two F2'S Run Killbox and delete these items: C:\WINDOWS\system32\inthv.exe C:\WINDOWS\SYSTEM32\SJBLGHR.EXE Reboot into normal mode and run HT to see if they remain. If they do run Run FindQool once more and post that log.

0

Killbox is telling me that these files cannot be deleted. C:\WINDOWS\system32\inthv.exe C:\WINDOWS\SYSTEM32\SJBLGHR.exe They are persistent little buggers Patrick

0

here is the findqool log: Sat 04/08/2006 Running from: C:\FindQool PLEASE NOTE: LEGIT FILES MIGHT BE LISTED. IF YOU ARE UNSURE OF WHAT IS LISTED LEAVE THEM ALONE. Known file names MD5 Check.... C:\WINDOWS\system32\wcrgi.dat C:\WINDOWS\system32\reddvb.exe C:\WINDOWS\system32\inthv.exe C:\WINDOWS\system32\xlddnjd.dll C:\WINDOWS\system32\sjblghr.exe Files found with locate com. C:\WINDOWS\SYSTEM32\SJBLGHR.exe C:\WINDOWS\SYSTEM32\XLDDNJD.DLL C:\WINDOWS\SYSTEM32\WCRGI.DAT C:\WINDOWS\SYSTEM32\REDDVB.exe C:\WINDOWS\SYSTEM32\INTHV.exe C:\WINDOWS\NCBLNO.DAT C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\STARTUP\KLOEC.exe Re-check using dir /a:-d C:\Documents and Settings\All Users\Start Menu\Programs\Startup 04/03/2006 03:29 PM 127,488 kloec.exe ... HKEY_LOCAL_MACHINE\software\classes\folder\shellex\columnhandlers\{ce3a44d8-bc88-4d62-a890-42d96245f8d6} ... Runs, Listed here as a Doublecheck for the locate com results HKLM "qvhuvy"="C:\\WINDOWS\\system32\\reddvb.exe reg_run" HKCU "nsovw"="C:\\WINDOWS\\system32\\reddvb.exe reg_run" ... Files In Winlogon shell and userinit Listed here as a Doublecheck for the locate com results shell REG_SZ Explorer.exe, C:\WINDOWS\system32\inthv.exe userinit REG_SZ C:\WINDOWS\SYSTEM32\Userinit.exe,sjblghr.exe ... SWReg utility Written by Bobbi Flekman © 2005 Findqool edited 4/05/2006 Patrick

0

I think we didn't get "all" the files copied into killbox. You can see where I added in bold "Press all files button". If the version of killbox you have does not have this feature we need to get an updated version. From the top once more. Run HT and remove the F2's Start Killbox place a tick next to [x]Delete on reboot Press the ALL Files button Copy this whole list into the windows clipboard, all the Bolded below. Copy the following list of files to clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy): C:\WINDOWS\system32\wcrgi.dat C:\WINDOWS\system32\reddvb.exe C:\WINDOWS\system32\inthv.exe C:\WINDOWS\system32\xlddnjd.dll C:\WINDOWS\system32\sjblghr.exe C:\WINDOWS\NCBLNO.DAT C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\STARTUP\KLOEC.exe Next in Killbox go to File > Paste from clipboard Click on the All Files button. Next click on the button that has the red circle with the white X in the middle. It will ask for confimation to delete the files on next reboot and ask you if you want to reboot now. Click Yes and let the computer reboot. Next copy the registry fix between the x"S: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX REGEDIT4 [-HKEY_CLASSES_ROOT\CLSID\{ce3a44d8 -bc88-4d62-a890-42d96245f8d6}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "qvhuvy"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nsovw"=- XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Open notepad(start>run> type "notepad" without the quotes>ok) and paste the registry fix in it.Go to File on the top bar of Notepad and choose Save As, on the Save As Type area change it to all files then name it fix.reg and save it to your desktop, double click fix.reg and allow it to be merged into the registry which will remove the entries. Next run this batch file. Copy everything between the X"s: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX @echo off sc stop dll host sc delete dll host XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Open notepad(start>run> type "notepad" without the quotes>ok) and paste the above script into it.Go to File on the top bar of Notepad and choose Save As, on the Save As Type area change it to all files then name it reg.bat and save it to your desktop, double click reg.bat, it will run quickly. Pst a new HT log.

0

New HT log Logfile of HijackThis v1.99.1 Scan saved at 12:13:23 AM, on 4/9/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.exe C:\Compaq\EAKDRV\EAUSBKBD.exe C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\system32\RioMSC.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\inthv.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,sjblghr.exe O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM\..\Run: [AuthStart] C:\Program Files\SafeandSecure\SafeandSecure\app\authstart.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\RunOnce: [Compaq_RBA] C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe -z O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [Registry Defender] "C:\Program Files\Registry Defender Trial\RegClean.exe" O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409 O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4734/mcfscan.cab O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing) O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe Patrick

0

Need to check one thing. Please post a new FindQool log.

0

Sun 04/09/2006 Running from: C:\FindQool PLEASE NOTE: LEGIT FILES MIGHT BE LISTED. IF YOU ARE UNSURE OF WHAT IS LISTED LEAVE THEM ALONE. Known file names MD5 Check.... Files found with locate com. Re-check using dir /a:-d C:\Documents and Settings\All Users\Start Menu\Programs\Startup ... HKEY_LOCAL_MACHINE\software\classes\folder\shellex\columnhandlers\{ce3a44d8-bc88-4d62-a890-42d96245f8d6} ... Runs, Listed here as a Doublecheck for the locate com results HKLM HKCU ... Files In Winlogon shell and userinit Listed here as a Doublecheck for the locate com results shell REG_SZ explorer.exe userinit REG_SZ C:\WINDOWS\SYSTEM32\Userinit.exe, ... SWReg utility Written by Bobbi Flekman © 2005 Findqool edited 4/05/2006 Patrick

0

Looks better. Looks like a registry key need removing. Copy everything between the x's: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX [-HKEY_LOCAL_MACHINE\software\classes\folder\shellex\columnhandlers\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}] [-HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4ABF810A-F11D-4169-9D5F-7D274F2270A1}] XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Open notepad(start>run> type "notepad" without the quotes>ok) and paste the registry fix in it.Go to File on the top bar of Notepad and choose Save As, on the Save As Type area change it to all files then name it fix.reg and save it to your desktop, double click fix.reg and allow it to be merged into the registry which will remove the entries. First try to remove the F2"S in normal mode, if that don't work try it in safe mode.

0

the reg.fix won't merge, i get an error saying: "the specified file is not a registry script. you can only import binary registry files from within the registry editor." Patrick

0

Please try it again I had miscopied, left off regidit4. XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX REGEDIT4 [-HKEY_LOCAL_MACHINE\software\classes\folder\shellex\columnhandlers\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}] [-HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4ABF810A-F11D-4169-9D5F-7D274F2270A1}] XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Open notepad(start>run> type "notepad" without the quotes>ok) and paste the registry fix in it.Go to File on the top bar of Notepad and choose Save As, on the Save As Type area change it to all files then name it fix.reg and save it to your desktop, double click fix.reg and allow it to be merged into the registry which will remove the entries. First try to remove the F2"S in normal mode, if that don't work try it in safe mode.

0

Okay, that got rid of the F2's. However, I still have this when i run adaware: HKEY_LOCAL_MACHINE:SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"Shell" () "Shell Possibly Compromised" Here is my new HT log: Logfile of HijackThis v1.99.1 Scan saved at 8:06:31 PM, on 4/9/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe C:\Program Files\Common Files\Command Software\dvpapi.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\system32\RioMSC.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Spyware Doctor\swdoctor.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.exe C:\Compaq\EAKDRV\EAUSBKBD.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\Program Files\Hijackthis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [OASClnt] C:\Program Files\mcafee.com\antivirus\oasclnt.exe O4 - HKLM\..\Run: [EmailScan] C:\Program Files\mcafee.com\antivirus\mcvsescn.exe O4 - HKLM\..\Run: [AuthStart] C:\Program Files\SafeandSecure\SafeandSecure\app\authstart.exe O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q O4 - HKCU\..\Run: [Registry Defender] "C:\Program Files\Registry Defender Trial\RegClean.exe" O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409 O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4734/mcfscan.cab O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing) O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe Patrick

0

Possibly a virus but not showing in you HT log. Run this free online scan from Kaspersky http://kaspersky.com/kos/english/kavwebscan.html Click Accept When the updates are finished downloading, click Next, Scan Settings Under Scan using the following antivirus database:, select extended Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK Click My Computer and wait for the scan to finish Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it. Download Ewido Security Suite then set it up this way Ewido Setup Instructions reboot into safe mode bu following these directions if you need them How To Boot Into Safe Mode and run Ewido When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop. Please reboot into normal mode and post the ewido log.

0

Here is the log from Kaspersky, I will let you review it before I move on to Ewido. --------------------- KASPERSKY ON-LINE SCANNER REPORT Sunday, April 09, 2006 10:05:47 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 10/04/2006 Kaspersky Anti-Virus database records: 187158 --------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 62885 Number of viruses found: 32 Number of infected objects: 304 Number of suspicious objects: 0 Duration of the scan process: 00:51:15 Infected Object Name / Virus Name / Last Action C:\!KillBox\( 1) Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\!KillBox\( 2) Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\!KillBox\( 3) Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\!KillBox\( 4) Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\!KillBox\( 5) Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\!KillBox\dr.exe Infected: Trojan-Downloader.Win32.Adload.ai skipped C:\!KillBox\inthv.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\!KillBox\inthv.exe( 1) Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\!KillBox\sjblghr.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\!KillBox\wcrgi.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\Documents and Settings\Patrick Lee\Desktop\Unused Desktop Shortcuts\A Welcome Message!.exe Infected: not-a-virus:Porn-Downloader.Win32.Generic skipped C:\Program Files\Common Files\Authentium Shared\syusinstalled\syus1.60.582\setup.msi/Cabs.m21/AseeCOM.dll.9F605519_E695_4380_961A_786634F046BD Infected: not-a-virus:AdWare.Win32.HotBar.be skipped C:\Program Files\Common Files\Authentium Shared\syusinstalled\syus1.60.582\setup.msi/Cabs.m21 Infected: not-a-virus:AdWare.Win32.HotBar.be skipped C:\Program Files\Common Files\Authentium Shared\syusinstalled\syus1.60.582\setup.msi Embedded: infected - 2 skipped C:\Program Files\Norton AntiVirus\Quarantine\024D4D12.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\Program Files\Norton AntiVirus\Quarantine\05D8652B.exe Infected: Backdoor.Win32.EggDrop.v skipped C:\Program Files\Norton AntiVirus\Quarantine\09B67008.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\0D5F28E3.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\Program Files\Norton AntiVirus\Quarantine\0DF95E3A.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\120C3380.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped C:\Program Files\Norton AntiVirus\Quarantine\20D76805.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\22ED1DAE.exe Infected: Trojan.Win32.VB.tg skipped C:\Program Files\Norton AntiVirus\Quarantine\29C4698A.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\2D971893.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\2DA76A81.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\Program Files\Norton AntiVirus\Quarantine\385E560A.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\43EE1208.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\4AEE26E5.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\4F7E4E07.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\51355A3C.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\51390438.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\513C2E35.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\513F5831.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\5143022E.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\51462C2A.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\51495627.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\514C0023.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\51502A1F.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\5153541C.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\51567E18.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\520E78E1.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\669F4604.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\6A347D96.exe Infected: Trojan-Downloader.Win32.VB.nw skipped C:\Program Files\Norton AntiVirus\Quarantine\6A347D96.tmp Infected: Backdoor.Win32.EggDrop.v skipped C:\Program Files\Norton AntiVirus\Quarantine\6A372793.tmp Infected: Trojan-Clicker.Win32.Small.jf skipped C:\Program Files\Norton AntiVirus\Quarantine\6A3A518F.exe Infected: Trojan.Win32.VB.tg skipped C:\Program Files\Norton AntiVirus\Quarantine\6A3E7B8C.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\722F0203.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\7295780A.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\7E263409.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\Program Files\Norton AntiVirus\Quarantine\7FA52FFE.exe Infected: Backdoor.Win32.EggDrop.v skipped C:\Program Files\XoftSpy\uninstall.exe/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped C:\Program Files\XoftSpy\uninstall.exe NSIS: infected - 1 skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp\mysearch.cab/mySetp.exe Infected: not-a-virus:AdWare.Win32.MyWebSearch.o skipped C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp\mysearch.cab CAB: infected - 1 skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP556\A0090046.msi/Cabs.m21/AseeCOM.dll.9F605519_E695_4380_961A_786634F046BD Infected: not-a-virus:AdWare.Win32.HotBar.be skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP556\A0090046.msi/Cabs.m21 Infected: not-a-virus:AdWare.Win32.HotBar.be skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP556\A0090046.msi Embedded: infected - 2 skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP557\A0090304.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP557\A0090432.msi/Cabs.m21/AseeCOM.dll.9F605519_E695_4380_961A_786634F046BD Infected: not-a-virus:AdWare.Win32.HotBar.be skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP557\A0090432.msi/Cabs.m21 Infected: not-a-virus:AdWare.Win32.HotBar.be skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP557\A0090432.msi Embedded: infected - 2 skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP558\A0091293.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP558\A0091296.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP558\A0091301.dll Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP558\A0091302.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP558\A0091303.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP558\A0091304.dll Infected: not-a-virus:AdWare.Win32.SurfSide.t skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP558\A0091347.dll Infected: not-a-virus:AdWare.Win32.404Search.h skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP558\A0091349.dll Infected: Trojan-Clicker.Win32.Small.jf skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP558\A0091352.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP558\A0091353.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP558\A0091354.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP558\A0091355.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP558\A0091356.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP558\A0091357.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP558\A0091358.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP558\A0091359.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.i skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP558\A0091360.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP560\A0091366.msi/Cabs.m21/AseeCOM.dll.9F605519_E695_4380_961A_786634F046BD Infected: not-a-virus:AdWare.Win32.HotBar.be skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP560\A0091366.msi/Cabs.m21 Infected: not-a-virus:AdWare.Win32.HotBar.be skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP560\A0091366.msi Embedded: infected - 2 skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP560\A0092476.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP560\A0092476.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP560\A0092476.exe NSIS: infected - 2 skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP560\A0092478.exe Infected: Trojan-Downloader.Win32.Adload.ai skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP560\A0092479.exe Infected: Trojan-Downloader.Win32.VB.zg skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP560\A0092513.msi/Cabs.m21/AseeCOM.dll.9F605519_E695_4380_961A_786634F046BD Infected: not-a-virus:AdWare.Win32.HotBar.be skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP560\A0092513.msi/Cabs.m21 Infected: not-a-virus:AdWare.Win32.HotBar.be skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP560\A0092513.msi Embedded: infected - 2 skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP560\A0092683.exe Infected: Backdoor.Win32.EggDrop.v skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP563\A0092843.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP563\A0092875.exe Infected: Backdoor.Win32.EggDrop.v skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP565\A0092912.msi/Cabs.m21/AseeCOM.dll.9F605519_E695_4380_961A_786634F046BD Infected: not-a-virus:AdWare.Win32.HotBar.be skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP565\A0092912.msi/Cabs.m21 Infected: not-a-virus:AdWare.Win32.HotBar.be skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP565\A0092912.msi Embedded: infected - 2 skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP565\A0092962.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP565\A0092995.exe Infected: Backdoor.Win32.EggDrop.v skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP565\A0093012.exe Infected: Backdoor.Win32.EggDrop.v skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP565\A0093017.exe Infected: Backdoor.Win32.EggDrop.v skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093030.exe Infected: Backdoor.Win32.EggDrop.v skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093031.exe Infected: Trojan-Downloader.Win32.Agent.agy skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093032.exe Infected: Trojan-Downloader.Win32.VB.nw skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093037.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093110.exe Infected: Backdoor.Win32.EggDrop.v skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093119.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093120.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093121.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093122.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093123.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093124.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093125.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093126.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093127.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093128.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093129.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093130.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093131.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093132.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093133.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093134.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093135.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093136.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093137.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093138.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093139.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093140.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093141.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093142.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093143.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093144.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093145.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093146.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093147.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093148.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093149.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093150.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093151.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093152.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093153.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093154.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093155.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093156.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093157.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093158.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093159.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093160.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093161.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093162.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093163.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093164.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093191.exe Infected: Backdoor.Win32.EggDrop.v skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093734.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093745.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093783.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093784.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093785.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093786.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093787.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093788.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093789.exe Infected: Backdoor.Win32.EggDrop.v skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093790.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093791.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093792.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093793.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093794.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093795.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093796.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093797.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093798.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093799.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093800.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093801.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093802.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093803.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093804.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093805.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093806.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093807.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093808.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093809.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093810.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093811.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093812.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093813.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093814.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093815.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093816.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093817.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093818.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093819.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093820.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093821.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093822.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093823.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093824.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093825.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093826.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093827.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093828.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093830.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093831.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093851.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093852.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093853.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093854.exe Infected: Backdoor.Win32.EggDrop.v skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093855.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093856.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093857.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093858.exe Infected: Backdoor.Win32.EggDrop.v skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093859.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093860.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093861.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093862.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093863.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093864.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093865.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093866.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093867.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093868.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093869.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093870.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093871.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093872.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093873.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093874.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093875.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093876.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093877.exe Infected: Trojan-Downloader.Win32.Agent.agy skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093878.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093879.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093880.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP566\A0093881.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093883.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093884.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093885.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093896.exe/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093896.exe NSIS: infected - 1 skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093907.exe Infected: IM-Flooder.Win32.VB.ee skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093908.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093909.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093910.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093911.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093912.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093913.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093914.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093915.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093916.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093917.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093918.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093919.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093920.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093921.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093922.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093923.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093924.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093925.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093926.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093927.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093928.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0093929.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0094129.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0094130.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0094175.exe Infected: Backdoor.Win32.EggDrop.v skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0094178.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0094179.exe Infected: Backdoor.Win32.EggDrop.v skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0094180.exe Infected: Trojan-Dropper.Win32.VB.lu skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0094181.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0094182.exe Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0094183.exe Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0094185.exe Infected: Trojan-Downloader.Win32.VB.nw skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0094373.exe Infected: IM-Flooder.Win32.VB.ee skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0094381.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0094382.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0094383.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0094406.exe/data0003 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP567\A0094406.exe NSIS: infected - 1 skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP568\A0094464.exe Infected: IM-Flooder.Win32.VB.ee skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP568\A0094485.dll Infected: not-a-virus:AdWare.Win32.HotBar.be skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP568\A0094693.exe Infected: Trojan-Downloader.Win32.VB.zg skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP568\A0094694.exe Infected: Trojan.Win32.VB.ali skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP568\A0094699.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP568\A0094699.exe/data0003 Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP568\A0094699.exe/data0006 Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP568\A0094699.exe/data0007 Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP568\A0094699.exe NSIS: infected - 4 skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP570\A0096327.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP570\A0096341.exe Infected: Trojan-Downloader.Win32.Adload.ai skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP570\A0096345.exe Infected: Trojan-Downloader.Win32.PurityScan.w skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP570\A0096346.exe Infected: not-a-virus:AdWare.Win32.Altnet.a skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP570\A0096347.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP570\A0096348.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3039 skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP570\A0096349.dll Infected: not-a-virus:AdWare.Win32.Altnet.j skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP570\A0096350.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP570\A0096351.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP570\A0096352.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP570\A0096355.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP570\A0096362.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP570\A0096456.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP570\A0096457.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP570\A0096458.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP570\A0096459.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\System Volume Information\_restore{8238BFE6-44BD-4B25-B0F7-CE65B3815CC9}\RP570\A0096460.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped C:\WINDOWS\system32\yes.exe Infected: IM-Flooder.Win32.VB.ee skipped Scan process completed.

0

Clean out system restore. For instructions on how to purge system restore click Here To create a new restore point go Start>Run>type "msconfig" without the quotes>ok>Launch System Restore>Tick the circle beside "create a restore point">next>name it anything you wish>Create>home>restart the computer. Then delete the quarantined files from C:\Program Files\Norton AntiVirus\Quarantine. Ewido may get the rest.

0