do I reinstall AVG?
computer is running ok, no apparent problems. how does it look from your perspective?
ComboFix 10-03-29.04 - Becky 31/03/2010 16:03:25.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1271.816 [GMT 1:00]
Running from: c:\documents and settings\Becky\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Becky\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-31 )))))))))))))))))))))))))))))))
.
2010-03-31 14:58 . 2010-03-31 14:58 -------- d-----w- c:\program files\ERUNT
2010-03-29 13:43 . 2010-03-29 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-03-29 13:43 . 2010-03-29 13:43 -------- d-----w- c:\documents and settings\Becky\Application Data\Office Genuine Advantage
2010-03-25 07:48 . 2010-03-25 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-03-25 07:48 . 2010-03-25 07:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-25 07:48 . 2010-03-25 07:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-03-24 19:34 . 2010-03-24 19:33 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-03-24 19:34 . 2010-03-24 19:33 986904 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-03-24 19:34 . 2010-03-24 19:34 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-03-24 19:34 . 2010-03-24 19:34 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-03-24 19:34 . 2010-03-24 19:34 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-03-24 19:34 . 2010-03-24 19:34 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-03-24 19:34 . 2010-03-24 19:34 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-03-24 19:34 . 2010-03-24 19:34 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-03-24 19:33 . 2010-03-24 19:34 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-03-24 19:33 . 2010-03-24 19:34 -------- d-----w- c:\program files\DivX
2010-03-24 19:33 . 2010-03-24 19:34 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-03-22 17:53 . 2010-03-22 17:53 439816 ----a-w- c:\documents and settings\Becky\Application Data\Real\Update\setup3.10\setup.exe
2010-03-20 18:38 . 2010-03-20 18:38 -------- d-----w- C:\rsit
2010-03-17 16:13 . 2010-03-17 16:13 -------- d-----w- c:\program files\Common Files\Java
2010-03-17 16:11 . 2010-03-17 16:11 503808 ----a-w- c:\documents and settings\Becky\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2ccb05be-n\msvcp71.dll
2010-03-17 16:11 . 2010-03-17 16:11 348160 ----a-w- c:\documents and settings\Becky\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2ccb05be-n\msvcr71.dll
2010-03-17 16:11 . 2010-03-17 16:11 499712 ----a-w- c:\documents and settings\Becky\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2ccb05be-n\jmc.dll
2010-03-17 16:11 . 2010-03-17 16:11 61440 ----a-w- c:\documents and settings\Becky\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-30b97b46-n\decora-sse.dll
2010-03-17 16:11 . 2010-03-17 16:11 12800 ----a-w- c:\documents and settings\Becky\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-30b97b46-n\decora-d3d.dll
2010-03-17 16:10 . 2010-03-17 16:10 79488 ----a-w- c:\documents and settings\Becky\Application Data\Sun\Java\jre1.6.0_18\gtapi.dll
2010-03-17 16:10 . 2010-03-17 16:10 152576 ----a-w- c:\documents and settings\Becky\Application Data\Sun\Java\jre1.6.0_18\lzma.dll
2010-03-17 16:02 . 2010-03-17 16:02 -------- d-----w- c:\program files\Trend Micro
2010-03-15 09:54 . 2010-03-15 09:54 -------- d-----w- C:\wi.dows
2010-03-14 10:58 . 2010-03-15 09:55 523264 ----a-w- c:\windows\system32\my.dll
2010-03-14 09:12 . 2010-03-14 09:12 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-14 09:12 . 2010-03-14 09:12 333192 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-14 09:12 . 2010-03-14 09:12 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-14 09:10 . 2010-03-01 20:42 1007896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-14 09:10 . 2010-03-01 20:42 800536 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-03-14 09:10 . 2010-03-01 20:42 613656 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-03-14 09:10 . 2010-03-01 20:42 1658136 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-03-12 20:12 . 2010-03-12 20:12 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-03-11 19:24 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-08 18:26 . 2010-03-08 18:27 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-03-05 18:27 . 2010-03-31 13:31 0 ----a-w- c:\documents and settings\Becky\Local Settings\Application Data\prvlcl.dat
2010-03-04 14:55 . 2008-04-14 00:12 26112 ----a-w- c:\windows\system32\stu2.exe
2010-03-02 09:34 . 2010-03-01 20:42 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-03-02 09:34 . 2010-03-01 20:42 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-03-01 20:43 . 2010-03-14 10:57 -------- d-----w- C:\$AVG
2010-03-01 20:42 . 2010-03-31 14:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-31 13:36 . 2009-03-08 08:49 -------- d-----w- c:\documents and settings\Becky\Application Data\Spotify
2010-03-25 16:51 . 2010-01-02 09:59 -------- d-----w- c:\documents and settings\Becky\Application Data\vlc
2010-03-25 07:44 . 2008-12-14 12:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-24 16:54 . 2010-01-02 10:00 -------- d-----w- c:\documents and settings\Becky\Application Data\dvdcss
2010-03-17 16:11 . 2008-12-14 18:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-12 20:12 . 2009-12-27 14:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-12 20:05 . 2008-12-14 11:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-12 20:03 . 2008-12-14 11:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-11 22:34 . 2008-12-14 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-11 19:13 . 2009-11-11 16:50 79488 ----a-w- c:\documents and settings\Becky\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-03 15:35 . 2009-02-14 15:26 -------- d-----w- c:\program files\Mindjet
2010-03-01 20:42 . 2008-12-14 11:42 -------- d-----w- c:\program files\AVG
2010-02-27 18:33 . 2004-08-04 12:00 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-02-18 12:17 . 2010-02-18 12:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-18 12:14 . 2010-02-18 12:14 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-12 10:03 . 2010-02-25 19:10 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-02 07:26 . 2009-09-24 01:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-02-01 20:22 . 2010-02-01 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-02-01 20:15 . 2009-12-28 08:58 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-01 20:14 . 2010-02-01 20:13 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-01-25 10:02 . 2010-02-01 20:12 31936 ----a-w- c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\x93oa6ye.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-01-25 10:02 . 2010-02-01 20:12 29344 ----a-w- c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\x93oa6ye.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-01-07 16:07 . 2009-12-27 14:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 16:07 . 2009-12-27 14:57 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00 . 2004-08-04 12:00 832512 ------w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2004-08-04 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\wi.dows ----
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-28 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"MMReminderService"="c:\program files\Mindjet\MindManager 8\MMReminderService.exe" [2008-12-11 37656]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-29 198160]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-03-05 1135912]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Becky\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
S2 gupdate1c9e07682d48ba0;Google Update Service (gupdate1c9e07682d48ba0);c:\program files\Google\Update\GoogleUpdate.exe [29/05/2009 16:59 133104]
S3 INIDVD;Initio USB DVD Filter Driver;c:\windows\system32\drivers\inidvd.sys [02/12/2009 13:17 7936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2009-11-01 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.1.0.3\DriverRobot.exe [2009-09-24 11:06]
2010-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 15:59]
2010-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-29 15:59]
2010-03-31 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 15:07]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\x93oa6ye.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL -
hxxp://uk.yhs.search.yahoo.com/avg/sear ... -web_uk&p=FF - plugin: c:\documents and settings\Becky\Application Data\Mozilla\Firefox\Profiles\x93oa6ye.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-03-31 16:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\INIDVD]
"ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\INIDVD]
"ImagePath"=multi:"system32\DRIVERS\inidvd.sys\00"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(320)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-03-31 16:15:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-31 15:15
ComboFix2.txt 2010-03-25 09:37
ComboFix3.txt 2010-03-22 14:19
Pre-Run: 2,823,704,576 bytes free
Post-Run: 2,764,247,040 bytes free
- - End Of File - - B5C4CB2056716D477FDB5536C2765ABD
---------------------------------------
eset Online scanner scan results: 71 infected files
C:\Program Files\Driver Robot\1.1.0.3\DriverRobot.exe Win32/Adware.DriverRobot application
C:\Program Files\TrendMicro\HiJackThis\backups\backup-20091223-203741-917.dll Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho00.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho01.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho02.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho03.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho04.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho05.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho06.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho07.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho08.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho09.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho0A.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho0B.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho0C.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho0D.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho0E.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho0F.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho10.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho11.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho12.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho13.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho14.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho15.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho16.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho17.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho18.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho19.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho1A.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho1B.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho1C.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho1D.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\iebho1E.dll.vir a variant of Win32/Kryptik.CLY trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\userinit.exe.vir Win32/TrojanDownloader.FakeAlert.AAA trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.UI trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP368\A0060326.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP373\A0064605.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067069.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067070.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067071.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067072.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067073.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067074.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067075.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067076.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067077.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067078.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067079.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067080.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067081.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067082.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067083.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067084.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067085.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067086.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067087.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067088.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067089.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067090.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067091.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067092.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067093.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067094.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067095.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067096.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067097.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067098.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067099.dll a variant of Win32/Kryptik.CLY trojan
C:\System Volume Information\_restore{591FEBF4-3494-44D7-BD54-9755CAB99621}\RP379\A0067100.dll a variant of Win32/Kryptik.CLY trojan
C:\WINDOWS\system32\my.dll a variant of Win32/Kryptik.CLY trojan