Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Prankmunky

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Prankmunky » April 16th, 2006, 1:38 am

Logfile of HijackThis v1.99.1
Scan saved at 10:34:11 PM, on 4/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\windows\mousepad11.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\zlmavrvA.exe
C:\WINDOWS\errorhandler.exe
C:\windows\system32\qqdsregl.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\owinrrag.exe
C:\Program Files\EQBranch\EQBranch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\elitemediapop.exe
C:\WINDOWS\ac2_0002.exe
C:\Documents and Settings\Ron Wells\Desktop\Anti-malware\hijackthis\HijackThis.exe
C:\WINDOWS\YOINSI.exe
C:\DOCUME~1\RONWEL~1\LOCALS~1\Temp\YOINSetup.exe
C:\DOCUME~1\RONWEL~1\LOCALS~1\Temp\mshtml2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kaspersky.com/virusscanner
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\jpekm.exe
F2 - REG:system.ini: UserInit=userinit.exe,tklowin.exe
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\system32\nso554D.dll
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O2 - BHO: AuthBHO.cBHO - {C658CEE0-7F43-4B48-AEB5-36EF433513AC} - C:\Program Files\Comcast\Security Manager\app\AuthBHO.dll
O3 - Toolbar: Security Manager Popup Blocker - {D35D808B-16DD-4572-861B-44966B93247B} - C:\Program Files\Comcast\Security Manager\app\AuthBHO.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HtFG] C:\WINDOWS\sfmywm.exe
O4 - HKLM\..\Run: [SaferScan] C:\Program Files\SaferScan\saferscan.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard11.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad11.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname11.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [w002ce33.dll] RUNDLL32.EXE w002ce33.dll,I2 00009f1a0002ce33
O4 - HKLM\..\Run: [zlmavrvA] C:\WINDOWS\zlmavrvA.exe
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [w00164fe.dll] RUNDLL32.EXE w00164fe.dll,I2 00009f1a000164fe
O4 - HKLM\..\Run: [w0019e6d.dll] RUNDLL32.EXE w0019e6d.dll,I2 00009f1a00019e6d
O4 - HKLM\..\Run: [w002f61e.dll] RUNDLL32.EXE w002f61e.dll,I2 00009f1a0002f61e
O4 - HKLM\..\Run: [w001e54a.dll] RUNDLL32.EXE w001e54a.dll,I2 00009f1a0001e54a
O4 - HKLM\..\Run: [w0026690.dll] RUNDLL32.EXE w0026690.dll,I2 00009f1a00026690
O4 - HKLM\..\Run: [w0014178.dll] RUNDLL32.EXE w0014178.dll,I2 00009f1a00014178
O4 - HKLM\..\Run: [w0026bef.dll] RUNDLL32.EXE w0026bef.dll,I2 00009f1a00026bef
O4 - HKLM\..\Run: [w0012f39.dll] RUNDLL32.EXE w0012f39.dll,I2 00009f1a00012f39
O4 - HKLM\..\Run: [w006b8d3.dll] RUNDLL32.EXE w006b8d3.dll,I2 00009f1a0006b8d3
O4 - HKLM\..\Run: [w001a999.dll] RUNDLL32.EXE w001a999.dll,I2 00009f1a0001a999
O4 - HKLM\..\Run: [w001d26e.dll] RUNDLL32.EXE w001d26e.dll,I2 00009f1a0001d26e
O4 - HKLM\..\Run: [w0015ea5.dll] RUNDLL32.EXE w0015ea5.dll,I2 00009f1a00015ea5
O4 - HKLM\..\Run: [w0016184.dll] RUNDLL32.EXE w0016184.dll,I2 00009f1a00016184
O4 - HKLM\..\Run: [w00253f2.dll] RUNDLL32.EXE w00253f2.dll,I2 00009f1a000253f2
O4 - HKLM\..\Run: [w001f42e.dll] RUNDLL32.EXE w001f42e.dll,I2 00009f1a0001f42e
O4 - HKLM\..\Run: [w0032dc8.dll] RUNDLL32.EXE w0032dc8.dll,I2 00009f1a00032dc8
O4 - HKLM\..\Run: [w001ee72.dll] RUNDLL32.EXE w001ee72.dll,I2 00009f1a0001ee72
O4 - HKLM\..\Run: [w001dd6a.dll] RUNDLL32.EXE w001dd6a.dll,I2 00009f1a0001dd6a
O4 - HKLM\..\Run: [w0018c9b.dll] RUNDLL32.EXE w0018c9b.dll,I2 00009f1a00018c9b
O4 - HKLM\..\Run: [w001651d.dll] RUNDLL32.EXE w001651d.dll,I2 00009f1a0001651d
O4 - HKLM\..\Run: [w00190d1.dll] RUNDLL32.EXE w00190d1.dll,I2 00009f1a000190d1
O4 - HKLM\..\Run: [w0018c5c.dll] RUNDLL32.EXE w0018c5c.dll,I2 00009f1a00018c5c
O4 - HKLM\..\Run: [w0012b7f.dll] RUNDLL32.EXE w0012b7f.dll,I2 00009f1a00012b7f
O4 - HKLM\..\Run: [w0040423.dll] RUNDLL32.EXE w0040423.dll,I2 00009f1a00040423
O4 - HKLM\..\Run: [w0012d16.dll] RUNDLL32.EXE w0012d16.dll,I2 00009f1a00012d16
O4 - HKLM\..\Run: [w001628d.dll] RUNDLL32.EXE w001628d.dll,I2 00009f1a0001628d
O4 - HKLM\..\Run: [w001c54e.dll] RUNDLL32.EXE w001c54e.dll,I2 00009f1a0001c54e
O4 - HKLM\..\Run: [w000f8f6.dll] RUNDLL32.EXE w000f8f6.dll,I2 00009f1a0000f8f6
O4 - HKLM\..\Run: [{3C-C5-55-5B-ZN}] C:\windows\system32\qqdsregl.exe CORN001
O4 - HKLM\..\Run: [w004a092.dll] RUNDLL32.EXE w004a092.dll,I2 00009f1a0004a092
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\owinrrag.exe CORN001
O4 - HKLM\..\Run: [elitemedia] C:\WINDOWS\elitemediapop.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [EQBranch] "C:\Program Files\EQBranch\EQBranch.exe"
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\owinrrag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/r ... nPUpld.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll
O20 - AppInit_DLLs: dkmdbifa.dll,Runner.dll,Runner.dll,pceghlfh.dll,EQMini.dll
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\shecli.dll (file missing)
O20 - Winlogon Notify: DH - C:\WINDOWS\system32\sUfrdm.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\lv4809hue.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe



-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, April 15, 2006 9:25:26 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 16/04/2006
Kaspersky Anti-Virus database records: 188305
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 90113
Number of viruses found: 77
Number of infected objects: 318
Number of suspicious objects: 0
Duration of the scan process: 01:35:47

Infected Object Name / Virus Name / Last Action
C:\ac2_0003.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\arc.zip-53b42299-1b463168.zip.bac_a03192/web.exe/WISE0006.BIN Infected: Trojan.Win32.Revop.e skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\arc.zip-53b42299-1b463168.zip.bac_a03192/web.exe Infected: Trojan.Win32.Revop.e skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\arc.zip-53b42299-1b463168.zip.bac_a03192 ZIP: infected - 2 skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\arc.zip-53b42299-1b463168.zip.bac_a03192 CryptFF.b: infected - 2 skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\arc.zip-53b4229a-7d191064.zip.bac_a03192/web.exe/WISE0006.BIN Infected: Trojan.Win32.Revop.e skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\arc.zip-53b4229a-7d191064.zip.bac_a03192/web.exe Infected: Trojan.Win32.Revop.e skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\arc.zip-53b4229a-7d191064.zip.bac_a03192 ZIP: infected - 2 skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\arc.zip-53b4229a-7d191064.zip.bac_a03192 CryptFF.b: infected - 2 skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\ATPartners.dll.bac_a03192 Infected: not-a-virus:AdWare.Win32.F1Organizer.c skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\audiosrv.exe.bac_a03192 Infected: not-a-virus:AdWare.Win32.IEDriver.a skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\cmappclient.exe.bac_a03192 Infected: not-a-virus:AdWare.Win32.CASClient.a skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\CMMan.exe.bac_a03192 Infected: not-a-virus:AdWare.Win32.CASClient.e skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\count.jar-4adadbdb-6da00139.zip.bac_a03192/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\count.jar-4adadbdb-6da00139.zip.bac_a03192/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\count.jar-4adadbdb-6da00139.zip.bac_a03192/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\count.jar-4adadbdb-6da00139.zip.bac_a03192 ZIP: infected - 3 skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\count.jar-4adadbdb-6da00139.zip.bac_a03192 CryptFF.b: infected - 3 skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\count.jar-9275328-57c22615.zip.bac_a03192/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\count.jar-9275328-57c22615.zip.bac_a03192/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\count.jar-9275328-57c22615.zip.bac_a03192/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\count.jar-9275328-57c22615.zip.bac_a03192 ZIP: infected - 3 skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\count.jar-9275328-57c22615.zip.bac_a03192 CryptFF.b: infected - 3 skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\count.jar-bb80bfb-24aabbcb.zip.bac_a03192/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\count.jar-bb80bfb-24aabbcb.zip.bac_a03192/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\count.jar-bb80bfb-24aabbcb.zip.bac_a03192/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\count.jar-bb80bfb-24aabbcb.zip.bac_a03192 ZIP: infected - 3 skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\count.jar-bb80bfb-24aabbcb.zip.bac_a03192 CryptFF.b: infected - 3 skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\cpruninst.exe.bac_a03192/WISE0008.BIN Infected: Trojan-Downloader.Win32.Adroar skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\cpruninst.exe.bac_a03192/WISE0009.BIN Infected: Trojan-Downloader.Win32.Adroar skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\cpruninst.exe.bac_a03192 WiseSFX: infected - 2 skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\cpruninst.exe.bac_a03192 CryptFF.b: infected - 2 skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\cpr_mm2.exe.bac_a03192/WISE0008.BIN Infected: Trojan-Downloader.Win32.Adroar skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\cpr_mm2.exe.bac_a03192/WISE0009.BIN Infected: Trojan-Downloader.Win32.Adroar skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\cpr_mm2.exe.bac_a03192 WiseSFX: infected - 2 skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\cpr_mm2.exe.bac_a03192 CryptFF.b: infected - 2 skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\i87.tmp.bac_a03192 Infected: Trojan-Downloader.Win32.Totavel.a skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\Iel277g.exe.bac_a03192 Infected: Trojan-Downloader.Win32.VB.em skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\jar_cache14658.tmp.bac_a03192/Jvb.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\jar_cache14658.tmp.bac_a03192/MyFunction.class Infected: Trojan-Dropper.Java.Small.c skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\jar_cache14658.tmp.bac_a03192/MainApp.class Infected: Trojan.Java.ClassLoader.f skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\jar_cache14658.tmp.bac_a03192 ZIP: infected - 3 skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\jar_cache14658.tmp.bac_a03192 CryptFF.b: infected - 3 skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\jar_cache59592.tmp.bac_a03192/Jvb.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\jar_cache59592.tmp.bac_a03192/MyFunction.class Infected: Trojan-Dropper.Java.Small.c skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\jar_cache59592.tmp.bac_a03192/MainApp.class Infected: Trojan.Java.ClassLoader.f skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\jar_cache59592.tmp.bac_a03192 ZIP: infected - 3 skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\jar_cache59592.tmp.bac_a03192 CryptFF.b: infected - 3 skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\javainstaller.jar-31f00109-6ba8e4cf.zip.bac_a03192/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\javainstaller.jar-31f00109-6ba8e4cf.zip.bac_a03192 ZIP: infected - 1 skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\javainstaller.jar-31f00109-6ba8e4cf.zip.bac_a03192 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\javainstaller.jar-4514e5ea-3dff9ce9.zip.bac_a03192/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\javainstaller.jar-4514e5ea-3dff9ce9.zip.bac_a03192 ZIP: infected - 1 skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\javainstaller.jar-4514e5ea-3dff9ce9.zip.bac_a03192 CryptFF.b: infected - 1 skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\Leaz.exe.bac_a03192 Infected: Trojan-Downloader.Win32.VB.em skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\mrjj.exe.bac_a03192 Infected: Trojan.Win32.LowZones.am skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\MxjQzK.exe.bac_a03192 Infected: Trojan-Downloader.Win32.VB.em skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\nkamcgj.exe.bac_a03192 Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\oW3jAxR.exe.bac_a03192 Infected: not-a-virus:AdWare.Win32.WinFetcher.e skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\pi1_25.exe.bac_a03192 Infected: Trojan-Downloader.Win32.Small.afq skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\pshwr.exe.bac_a03192 Infected: not-a-virus:AdWare.Win32.SafeSurfing.s skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\qaamazw.exe.bac_a03192 Infected: Trojan-Dropper.Win32.Agent.tb skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\quhyyaa.exe.bac_a03192 Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\s2mg.3.exe.bac_a03192 Infected: Trojan-Dropper.Win32.Agent.tb skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\s3nc.2.exe.bac_a03192 Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\SehNf.exe.bac_a03192 Infected: Trojan-Downloader.Win32.VB.em skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\sj8.4l.exe.bac_a03192 Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\sntaudio.tmp.bac_a03192 Infected: not-a-virus:AdWare.Win32.SafeSurfing.s skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\tfkditt.exe.bac_a03192 Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\time.class-50c9903d-41431860.class.bac_a03192 Infected: Trojan-Downloader.Win32.Small.bhf skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\Uah95H5X.exe.bac_a03192 Infected: Trojan-Downloader.Win32.VB.em skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\Xigzh.exe.bac_a03192 Infected: Trojan.Win32.Small.cy skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\XioVQ8t0.exe.bac_a03192 Infected: Trojan-Downloader.Win32.VB.em skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\Ygi78.exe.bac_a03192 Infected: Trojan-Downloader.Win32.VB.em skipped
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\YtawJ.exe.bac_a03192 Infected: Trojan-Downloader.Win32.VB.em skipped
C:\Documents and Settings\Ron Wells\Desktop\Anti-malware\ccsetup126.exe/stream/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Documents and Settings\Ron Wells\Desktop\Anti-malware\ccsetup126.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Documents and Settings\Ron Wells\Desktop\Anti-malware\ccsetup126.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Ron Wells\Desktop\l2mfix\backup.zip/dlls/dEtaclen.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Ron Wells\Desktop\l2mfix\backup.zip/dlls/dn6o01j3e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Ron Wells\Desktop\l2mfix\backup.zip/dlls/e020lafm1d2a.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Ron Wells\Desktop\l2mfix\backup.zip/dlls/fpjo0313e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Ron Wells\Desktop\l2mfix\backup.zip/dlls/g2220cfoef2c0.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Ron Wells\Desktop\l2mfix\backup.zip/dlls/hrls0537e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Ron Wells\Desktop\l2mfix\backup.zip/dlls/k2pm0c71ef.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Ron Wells\Desktop\l2mfix\backup.zip/dlls/l4r00e9meh.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Ron Wells\Desktop\l2mfix\backup.zip/dlls/lv0u09d9e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Ron Wells\Desktop\l2mfix\backup.zip/dlls/lv4809hue.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Ron Wells\Desktop\l2mfix\backup.zip/dlls/mvrsl9971.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Ron Wells\Desktop\l2mfix\backup.zip/dlls/n8n60i5se8.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Documents and Settings\Ron Wells\Desktop\l2mfix\backup.zip ZIP: infected - 12 skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\C4C5B.tmp/slk8x2peu.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\C4C5B.tmp/faotvpap7.exe Infected: Trojan.Win32.Runner.h skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\C4C5B.tmp CAB: infected - 2 skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\CampusIMFeb.exe/NewExplorer.exe Infected: Trojan.Win32.VB.aft skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\CampusIMFeb.exe InstallCreator: infected - 1 skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\CampusIMFeb.exe UPX: infected - 1 skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\f149640.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\f183687.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\f363265.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\f406109.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\f8188812.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\M1_SudokuInstaller.exe/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\M1_SudokuInstaller.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\Nat2.exe/Explorer.exe Infected: Trojan.Win32.VB.aft skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\Nat2.exe/{FBD2EBD0-E6DF-456E-B300-A4D10A90C683}.dll Infected: Trojan.Win32.VB.aft skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\Nat2.exe InstallCreator: infected - 2 skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\Nat2.exe UPX: infected - 2 skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\Tagasuarus.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\Tagasuarus.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\Tagasuarus.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\Tagasuarus.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\Tagasuarus.exe NSIS: infected - 4 skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\transpd.exe/data0002 Infected: not-a-virus:AdWare.Win32.Agent.e skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\transpd.exe NSIS: infected - 1 skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temporary Internet Files\Content.IE5\43U5YAC6\MTE3NDI6ODoxNg[1].exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temporary Internet Files\Content.IE5\6G07X6SW\installerwnus[1].exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temporary Internet Files\Content.IE5\6G07X6SW\stub_113_4_0_4_0[1].exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temporary Internet Files\Content.IE5\AVIAYFG9\Installer[1].exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\DR140306.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\DR140306.exe NSIS: infected - 1 skipped
C:\drsmartload1.exe Infected: Trojan-Downloader.Win32.Adload.ap skipped
C:\drsmartload45a.exe Infected: Trojan-Downloader.Win32.Adload.an skipped
C:\Installer.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\installerwnus.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\MTE3NDI6ODoxNg.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\mti-hits.exe Infected: not-a-virus:AdWare.Win32.EZula.bn skipped
C:\NNSCAA638.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Program Files\Alwil Software\Avast4\DATA\moved\A0099535.dll.vir Infected: Trojan-Downloader.Win32.Dyfuca.eg skipped
C:\Program Files\Alwil Software\Avast4\DATA\moved\Installer.exe.vir Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Alwil Software\Avast4\DATA\moved\MTE3NDI6ODoxNg.exe.2.vir Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Program Files\Alwil Software\Avast4\DATA\moved\MTE3NDI6ODoxNg.exe.vir Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Program Files\Alwil Software\Avast4\DATA\moved\MTE3NDI6ODoxNg[1].exe.2.vir Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Program Files\Alwil Software\Avast4\DATA\moved\MTE3NDI6ODoxNg[1].exe.vir Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\Program Files\Alwil Software\Avast4\DATA\moved\Setup93.exe.vir/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\Program Files\Alwil Software\Avast4\DATA\moved\Setup93.exe.vir/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\Program Files\Alwil Software\Avast4\DATA\moved\Setup93.exe.vir/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\Program Files\Alwil Software\Avast4\DATA\moved\Setup93.exe.vir/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\Program Files\Alwil Software\Avast4\DATA\moved\Setup93.exe.vir NSIS: infected - 4 skipped
C:\Program Files\Alwil Software\Avast4\DATA\moved\SS1001[1].exe.vir Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\Program Files\Alwil Software\Avast4\DATA\moved\stub_113_4_0_4_0.exe.vir Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\Program Files\Alwil Software\Avast4\DATA\moved\stub_113_4_0_4_0[1].exe.vir Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\Program Files\Alwil Software\Avast4\DATA\moved\Veracruz.exe.vir/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\Program Files\Alwil Software\Avast4\DATA\moved\Veracruz.exe.vir/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\Program Files\Alwil Software\Avast4\DATA\moved\Veracruz.exe.vir NSIS: infected - 2 skipped
C:\Program Files\Alwil Software\Avast4\DATA\moved\Veracruz[1].exe.vir/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\Program Files\Alwil Software\Avast4\DATA\moved\Veracruz[1].exe.vir/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\Program Files\Alwil Software\Avast4\DATA\moved\Veracruz[1].exe.vir NSIS: infected - 2 skipped
C:\Program Files\EQAdvice\equpd.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ed skipped
C:\Program Files\EQAdvice\equpd.exe NSIS: infected - 1 skipped
C:\Program Files\EQBranch\EQBranch.exe Infected: not-a-virus:AdWare.Win32.PurityScan.ed skipped
C:\sk02.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\sk02.exe NSIS: infected - 1 skipped
C:\stub_113_4_0_4_0.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP149\A0091326.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP149\A0092326.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP149\A0093326.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP149\A0094326.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP149\A0094492.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095328.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095343.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095344.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095345.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095346.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095347.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095348.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095349.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095350.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095351.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095352.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0096551.exe Infected: Trojan-Downloader.Win32.VB.aad skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099554.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099555.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099556.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099557.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099558.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099559.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099559.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099559.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099574.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099580.exe Infected: Trojan-Dropper.Win32.Agent.amf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099581.exe Infected: Trojan-Dropper.Win32.Agent.amf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099582.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099583.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099584.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099585.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099586.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099587.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099588.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099589.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099590.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099591.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099592.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099593.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099594.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099595.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099673.exe Infected: Trojan-Downloader.Win32.VB.aad skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099674.exe Infected: Trojan-Downloader.Win32.Adload.ai skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099675.exe Infected: Trojan-Downloader.Win32.Adload.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099676.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099677.exe Infected: Trojan-Downloader.Win32.Agent.agy skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099678.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099679.dll Infected: not-a-virus:AdWare.Win32.CASClient.g skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099680.exe Infected: Trojan-Downloader.Win32.Dyfuca.ex skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099681.exe Infected: Trojan-Downloader.Win32.PurityScan.au skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099682.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099683.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099683.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099683.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099683.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099683.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099683.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099684.dll Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099685.exe Infected: Trojan-Downloader.Win32.VB.zk skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099686.exe Infected: Trojan-Downloader.Win32.VB.zl skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099687.exe Infected: Trojan-Downloader.Win32.VB.zo skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099688.exe Infected: Trojan-Downloader.Win32.VB.zg skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099689.exe Infected: Trojan-Downloader.Win32.VB.aaa skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099690.exe Infected: Trojan-Downloader.Win32.VB.aaf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099691.exe Infected: Trojan-Clicker.Win32.VB.lv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099692.exe Infected: Trojan-Clicker.Win32.VB.ly skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099693.exe Infected: Trojan-Clicker.Win32.VB.ly skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099694.exe Infected: Trojan.Win32.VB.ali skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099695.exe Infected: Trojan.Win32.VB.ali skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099696.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099697.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099698.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099699.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099700.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099701.exe Infected: Trojan-Downloader.Win32.VB.aaf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099702.exe Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099703.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099704.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099705.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099706.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099707.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099708.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099709.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099710.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099711.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099712.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099713.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099714.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099715.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099716.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099717.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099718.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099719.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099720.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099721.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099722.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099723.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099724.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099725.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099726.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099727.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099728.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099729.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099730.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099731.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099732.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099733.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099734.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099736.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099737.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP154\A0099762.dll Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP154\A0099771.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP154\A0099772.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP154\A0099774.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP154\A0099776.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP156\A0101762.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP158\A0103831.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP158\A0103859.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP158\A0103860.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP158\A0103861.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP158\A0104831.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP159\A0104847.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP159\A0104848.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP159\A0104850.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP159\A0104851.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.i skipped
C:\visfx500.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\WHCC2.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\WHCC2.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\WHCC2.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\WHCC2.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\WHCC2.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\WHCC2.exe RarSFX: infected - 5 skipped
C:\WINDOWS\errorhandler.exe Infected: Trojan-Downloader.Win32.VB.nw skipped
C:\WINDOWS\keyboard10.exe Infected: Trojan-Downloader.Win32.Adload.am skipped
C:\WINDOWS\keyboard11.exe Infected: Backdoor.Win32.VB.ary skipped
C:\WINDOWS\mousepad10.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\WINDOWS\mousepad11.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\WINDOWS\mousepad9.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\WINDOWS\NDNuninstall6_38.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\WINDOWS\NDNuninstall7_22.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\WINDOWS\newname10.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\WINDOWS\newname11.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\WINDOWS\pf78.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\WINDOWS\pf78.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\pf78.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\pf78.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\WINDOWS\pf78.exe NSIS: infected - 4 skipped
C:\WINDOWS\pf78bb.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\WINDOWS\pf78bb.exe NSIS: infected - 1 skipped
C:\WINDOWS\SS1001.exe Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\WINDOWS\system32\BMG3b.exe/{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll Infected: Trojan.Win32.VB.aft skipped
C:\WINDOWS\system32\BMG3b.exe InstallCreator: infected - 1 skipped
C:\WINDOWS\system32\BMG3b.exe UPX: infected - 1 skipped
C:\WINDOWS\system32\dmonwv.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\WINDOWS\system32\dwdsregt.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\WINDOWS\system32\fpdrnznx.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\WINDOWS\system32\owinrrag.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\WINDOWS\system32\qqdsregl.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\WINDOWS\system32\w004a092.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\WINDOWS\system32\xdcjx.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\WINDOWS\Temp\_avast4_\PxB543.tmp Infected: Trojan-Downloader.Win32.Qoologic.ax skipped
C:\WINDOWS\zlmavrvA.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\ZICORN001.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped

Scan process completed.






Sat 04/15/2006
Running from: C:\Documents and Settings\Ron Wells\Desktop\FindQool\FindQool
PLEASE NOTE: LEGIT FILES MIGHT BE LISTED. IF YOU ARE UNSURE OF WHAT IS LISTED LEAVE THEM ALONE.

Known file names
C:\WINDOWS\SYSTEM32\DMONWV.DLL
C:\WINDOWS\UNWN.EXE

MD5 Check....
C:\WINDOWS\system32\dmonwv.dll
C:\WINDOWS\system32\xdcjx.dat
C:\WINDOWS\system32\sgngmd.exe
C:\WINDOWS\system32\jpekm.exe
C:\WINDOWS\system32\ynngely.dll
C:\WINDOWS\system32\tklowin.exe

Files found with locate com.
C:\WINDOWS\SYSTEM32\TKLOWIN.EXE
C:\WINDOWS\SYSTEM32\YNNGELY.DLL
C:\WINDOWS\SYSTEM32\XDCJX.DAT
C:\WINDOWS\SYSTEM32\SGNGMD.EXE
C:\WINDOWS\SYSTEM32\JPEKM.EXE
C:\DOCUME~1\ALLUSE~1\STARTM~1\PROGRAMS\STARTUP\KNYHS.EXE
Re-check using dir /a:-d
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
03/19/2006 04:11 PM 127,488 knyhs.exe
...

HKEY_LOCAL_MACHINE\software\qstat
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{4abf810a-f11d-4169-9d5f-7d274f2270a1}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\webnexus
HKEY_LOCAL_MACHINE\software\classes\folder\shellex\columnhandlers\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}

...
Runs, Listed here as a Doublecheck for the locate com results
HKLM
"rwrxmb"="C:\\WINDOWS\\system32\\sgngmd.exe reg_run"
HKCU
"otyyn"="C:\\WINDOWS\\system32\\sgngmd.exe reg_run"
...

Files In Winlogon shell and userinit
Listed here as a Doublecheck for the locate com results
shell REG_SZ Explorer.exe, C:\WINDOWS\system32\jpekm.exe
userinit REG_SZ userinit.exe,tklowin.exe
...
SWReg utility
Written by Bobbi Flekman © 2005
Findqool edited 4/05/2006

Split post to its own topic. Prankmunky please don't post new logs to other people threads.
'KG
Prankmunky
Active Member
 
Posts: 11
Joined: December 21st, 2005, 11:32 pm
Advertisement
Register to Remove

Unread postby Bob4 » April 16th, 2006, 7:37 am

Welcome to the Malware removal forums. I will be more than happy to help you work on your problems. Please give me some time to review your log as this can be a lengthy process. I will be back with you as soon as I can. As I am an undergrad my answers will be checked by an expert before I post back.

In the meantime
The fixes we will use are specific to your problems and should only be used for this issue on this machine.

Please only use this topic to reply to. Do not start another thread.
If any other issues arise let me know.
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear. So lets do this to the end!
Please if you decide to seek help at another forum let us know. There is a shortage of helpers and tying 2 of us up is a waste of time.
If you have any questions about any advice given here please STOP and ask!
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby Bob4 » April 16th, 2006, 9:51 am

Please post a new log. ANd I will go through it.
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby ChrisRLG » April 16th, 2006, 6:45 pm

The email to the victim bounced - email account not valid - so you will probably net get any reply - soory folks.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby Bob4 » April 16th, 2006, 6:51 pm

OK
User avatar
Bob4
MRU Master
MRU Master
 
Posts: 6070
Joined: November 12th, 2005, 11:26 am
Location: Florida

Unread postby NonSuch » April 24th, 2006, 5:10 pm

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27211
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware