Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Pop ups are driving me crazy

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby agrarianmonk » April 17th, 2006, 11:09 pm

Please download The Avenger by Swandog46 to your Desktop.
  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

**********************
  • Copy the contents of the Quote Box below to Notepad.
  • Name the file as fix.reg
  • Change the Save as Type to All Files
  • and Save it on the desktop

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{4abf810a-f11d-4169-9d5f-7d274f2270a1}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\webnexus]

[-HKEY_LOCAL_MACHINE\software\classes\folder\shellex\columnhandlers\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}]



Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

*********************

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\jpekm.exe
F2 - REG:system.ini: UserInit=userinit.exe,tklowin.exe
O4 - HKLM\..\Run: [HtFG] C:\WINDOWS\sfmywm.exe
O4 - HKLM\..\Run: [SaferScan] C:\Program Files\SaferScan\saferscan.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard11.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad11.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname11.exe
O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
O4 - HKLM\..\Run: [w002ce33.dll] RUNDLL32.EXE w002ce33.dll,I2 00009f1a0002ce33
O4 - HKLM\..\Run: [zlmavrvA] C:\WINDOWS\zlmavrvA.exe
O4 - HKLM\..\Run: [errorhandler] C:\WINDOWS\errorhandler.exe
O4 - HKLM\..\Run: [w00164fe.dll] RUNDLL32.EXE w00164fe.dll,I2 00009f1a000164fe
O4 - HKLM\..\Run: [w0019e6d.dll] RUNDLL32.EXE w0019e6d.dll,I2 00009f1a00019e6d
O4 - HKLM\..\Run: [w002f61e.dll] RUNDLL32.EXE w002f61e.dll,I2 00009f1a0002f61e
O4 - HKLM\..\Run: [w001e54a.dll] RUNDLL32.EXE w001e54a.dll,I2 00009f1a0001e54a
O4 - HKLM\..\Run: [w0026690.dll] RUNDLL32.EXE w0026690.dll,I2 00009f1a00026690
O4 - HKLM\..\Run: [w0014178.dll] RUNDLL32.EXE w0014178.dll,I2 00009f1a00014178
O4 - HKLM\..\Run: [w0026bef.dll] RUNDLL32.EXE w0026bef.dll,I2 00009f1a00026bef
O4 - HKLM\..\Run: [w0012f39.dll] RUNDLL32.EXE w0012f39.dll,I2 00009f1a00012f39
O4 - HKLM\..\Run: [w006b8d3.dll] RUNDLL32.EXE w006b8d3.dll,I2 00009f1a0006b8d3
O4 - HKLM\..\Run: [w001a999.dll] RUNDLL32.EXE w001a999.dll,I2 00009f1a0001a999
O4 - HKLM\..\Run: [w001d26e.dll] RUNDLL32.EXE w001d26e.dll,I2 00009f1a0001d26e
O4 - HKLM\..\Run: [w0015ea5.dll] RUNDLL32.EXE w0015ea5.dll,I2 00009f1a00015ea5
O4 - HKLM\..\Run: [w0016184.dll] RUNDLL32.EXE w0016184.dll,I2 00009f1a00016184
O4 - HKLM\..\Run: [w00253f2.dll] RUNDLL32.EXE w00253f2.dll,I2 00009f1a000253f2
O4 - HKLM\..\Run: [w001f42e.dll] RUNDLL32.EXE w001f42e.dll,I2 00009f1a0001f42e
O4 - HKLM\..\Run: [w0032dc8.dll] RUNDLL32.EXE w0032dc8.dll,I2 00009f1a00032dc8
O4 - HKLM\..\Run: [w001ee72.dll] RUNDLL32.EXE w001ee72.dll,I2 00009f1a0001ee72
O4 - HKLM\..\Run: [w001dd6a.dll] RUNDLL32.EXE w001dd6a.dll,I2 00009f1a0001dd6a
O4 - HKLM\..\Run: [w0018c9b.dll] RUNDLL32.EXE w0018c9b.dll,I2 00009f1a00018c9b
O4 - HKLM\..\Run: [w001651d.dll] RUNDLL32.EXE w001651d.dll,I2 00009f1a0001651d
O4 - HKLM\..\Run: [w00190d1.dll] RUNDLL32.EXE w00190d1.dll,I2 00009f1a000190d1
O4 - HKLM\..\Run: [w0018c5c.dll] RUNDLL32.EXE w0018c5c.dll,I2 00009f1a00018c5c
O4 - HKLM\..\Run: [w0012b7f.dll] RUNDLL32.EXE w0012b7f.dll,I2 00009f1a00012b7f
O4 - HKLM\..\Run: [w0040423.dll] RUNDLL32.EXE w0040423.dll,I2 00009f1a00040423
O4 - HKLM\..\Run: [w0012d16.dll] RUNDLL32.EXE w0012d16.dll,I2 00009f1a00012d16
O4 - HKLM\..\Run: [w001628d.dll] RUNDLL32.EXE w001628d.dll,I2 00009f1a0001628d
O4 - HKLM\..\Run: [w001c54e.dll] RUNDLL32.EXE w001c54e.dll,I2 00009f1a0001c54e
O4 - HKLM\..\Run: [w000f8f6.dll] RUNDLL32.EXE w000f8f6.dll,I2 00009f1a0000f8f6
O4 - HKLM\..\Run: [{3C-C5-55-5B-ZN}] C:\windows\system32\qqdsregl.exe CORN001
O4 - HKLM\..\Run: [w004a092.dll] RUNDLL32.EXE w004a092.dll,I2 00009f1a0004a092
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\owinrrag.exe CORN001
O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe
O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe
O4 - HKCU\..\Run: [EQBranch] "C:\Program Files\EQBranch\EQBranch.exe"
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\owinrrag.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O15 - Trusted Zone: *.elitemediagroup.net
O18 - Filter: text/html - {CEA53356-C414-4331-A35E-AA4CE9D8DFA2} - C:\WINDOWS\system32\w9seq.dll
O20 - AppInit_DLLs: dkmdbifa.dll,Runner.dll,Runner.dll,pceghlfh.dll,EQMini.dll
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\shecli.dll (file missing)
O20 - Winlogon Notify: DH - C:\WINDOWS\system32\sUfrdm.dll (file missing)
O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\lv4809hue.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked. close HijackThis.

Then double-click on the fix.reg file, and when it prompts to merge say yes, and this will clear some registry entries left behind by the process.

***************************************

Delete the contents of the following folders (not the folders themselves!)

C:\Program Files\Alwil Software\Avast4\DATA\moved\
C:\Documents and Settings\Ron Wells\.housecall\Quarantine\

***************************************

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

**************************************

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Folders to delete:
C:\Documents and Settings\Ron Wells\Desktop\l2mfix\
C:\Program Files\EQAdvice\
C:\Program Files\SaferScan\
C:\Program Files\ISTsvc\
C:\Program Files\webHancer\
C:\Program Files\Common Files\VCClient\
C:\Program Files\EQBranch\

Files to delete:
C:\ac2_0003.exe
C:\DR140306.exe
C:\drsmartload1.exe
C:\drsmartload45a.exe
C:\Installer.exe
C:\installerwnus.exe
C:\MTE3NDI6ODoxNg.exe
C:\mti-hits.exe
C:\NNSCAA638.EXE
C:\sk02.exe
C:\stub_113_4_0_4_0.exe
C:\visfx500.exe
C:\WHCC2.exe
C:\WINDOWS\errorhandler.exe
C:\WINDOWS\keyboard10.exe
C:\WINDOWS\keyboard11.exe
C:\WINDOWS\mousepad10.exe
C:\WINDOWS\mousepad11.exe
C:\WINDOWS\mousepad9.exe
C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\NDNuninstall7_22.exe
C:\WINDOWS\newname10.exe
C:\WINDOWS\newname11.exe
C:\WINDOWS\pf78.exe
C:\WINDOWS\pf78bb.exe
C:\WINDOWS\SS1001.exe
C:\WINDOWS\system32\BMG3b.exe
C:\WINDOWS\system32\dmonwv.dll
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\fpdrnznx.dll
C:\WINDOWS\system32\owinrrag.exe
C:\WINDOWS\system32\qqdsregl.exe
C:\WINDOWS\system32\w004a092.dll
C:\WINDOWS\system32\xdcjx.dat
C:\WINDOWS\zlmavrvA.exe
C:\ZICORN001.exe
C:\WINDOWS\SYSTEM32\DMONWV.DLL
C:\WINDOWS\UNWN.EXE
C:\WINDOWS\system32\xdcjx.dat
C:\WINDOWS\system32\sgngmd.exe
C:\WINDOWS\system32\jpekm.exe
C:\WINDOWS\system32\ynngely.dll
C:\WINDOWS\system32\tklowin.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\knyhs.exe
C:\WINDOWS\sfmywm.exe
C:\WINDOWS\system32\w9seq.dll
C:\WINDOWS\system32\dkmdbifa.dll
C:\WINDOWS\system32\Runner.dll
C:\WINDOWS\system32\pceghlfh.dll
C:\WINDOWS\system32\EQMini.dll
C:\WINDOWS\system32\shecli.dll
C:\WINDOWS\system32\sUfrdm.dll
C:\WINDOWS\system32\lv4809hue.dll
C:\WINDOWS\system32\w002ce33.dll
C:\WINDOWS\system32\w00164fe.dll
C:\WINDOWS\system32\w0019e6d.dll
C:\WINDOWS\system32\w002f61e.dll
C:\WINDOWS\system32\w001e54a.dll
C:\WINDOWS\system32\w0026690.dll
C:\WINDOWS\system32\w0014178.dll
C:\WINDOWS\system32\w0026bef.dll
C:\WINDOWS\system32\w0012f39.dll
C:\WINDOWS\system32\w006b8d3.dll
C:\WINDOWS\system32\w001a999.dll
C:\WINDOWS\system32\w001d26e.dll
C:\WINDOWS\system32\w0015ea5.dll
C:\WINDOWS\system32\w0016184.dll
C:\WINDOWS\system32\w00253f2.dll
C:\WINDOWS\system32\w001f42e.dll
C:\WINDOWS\system32\w0032dc8.dll
C:\WINDOWS\system32\w001ee72.dll
C:\WINDOWS\system32\w001dd6a.dll
C:\WINDOWS\system32\w0018c9b.dll
C:\WINDOWS\system32\w001651d.dll
C:\WINDOWS\system32\w00190d1.dll
C:\WINDOWS\system32\w0018c5c.dll
C:\WINDOWS\system32\w0012b7f.dll
C:\WINDOWS\system32\w0040423.dll
C:\WINDOWS\system32\w0012d16.dll
C:\WINDOWS\system32\w001628d.dll
C:\WINDOWS\system32\w001c54e.dll
C:\WINDOWS\system32\w000f8f6.dll
C:\WINDOWS\system32\w004a092.dll


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply

After Reboot,

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

*********************************

In your next post, please include:
  • new HijackThis log
  • C:\avenger.txt
  • Kaspersky Log
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am
Advertisement
Register to Remove

Unread postby Rilo_Kiley » April 19th, 2006, 3:22 am

Logfile of HijackThis v1.99.1
Scan saved at 12:21:17 AM, on 4/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Wizards of the Coast\Magic Online\magic134831.exe
C:\Documents and Settings\Ron Wells\Desktop\Anti-malware\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\jpekm.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,tklowin.exe
O2 - BHO: AuthBHO.cBHO - {C658CEE0-7F43-4B48-AEB5-36EF433513AC} - C:\Program Files\Comcast\Security Manager\app\AuthBHO.dll
O3 - Toolbar: Security Manager Popup Blocker - {D35D808B-16DD-4572-861B-44966B93247B} - C:\Program Files\Comcast\Security Manager\app\AuthBHO.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HtFG] C:\WINDOWS\sfmywm.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [rwrxmb] C:\WINDOWS\system32\sgngmd.exe reg_run
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [otyyn] C:\WINDOWS\system32\sgngmd.exe reg_run
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/r ... nPUpld.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe






Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ssvsmxcy

*******************

Script file located at: \??\C:\WINDOWS\vsncsbcj.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\Documents and Settings\Ron Wells\Desktop\l2mfix deleted successfully.
Folder C:\Program Files\EQAdvice deleted successfully.
Folder C:\Program Files\SaferScan deleted successfully.


Folder C:\Program Files\ISTsvc not found!
Deletion of folder C:\Program Files\ISTsvc failed!

Could not process line:
C:\Program Files\ISTsvc
Status: 0xc0000034



Folder C:\Program Files\webHancer not found!
Deletion of folder C:\Program Files\webHancer failed!

Could not process line:
C:\Program Files\webHancer
Status: 0xc0000034



Folder C:\Program Files\Common Files\VCClient not found!
Deletion of folder C:\Program Files\Common Files\VCClient failed!

Could not process line:
C:\Program Files\Common Files\VCClient
Status: 0xc0000034

Folder C:\Program Files\EQBranch deleted successfully.
File C:\ac2_0003.exe deleted successfully.
File C:\DR140306.exe deleted successfully.
File C:\drsmartload1.exe deleted successfully.
File C:\drsmartload45a.exe deleted successfully.
File C:\Installer.exe deleted successfully.
File C:\installerwnus.exe deleted successfully.
File C:\MTE3NDI6ODoxNg.exe deleted successfully.
File C:\mti-hits.exe deleted successfully.
File C:\NNSCAA638.EXE deleted successfully.
File C:\sk02.exe deleted successfully.
File C:\stub_113_4_0_4_0.exe deleted successfully.
File C:\visfx500.exe deleted successfully.
File C:\WHCC2.exe deleted successfully.
File C:\WINDOWS\errorhandler.exe deleted successfully.
File C:\WINDOWS\keyboard10.exe deleted successfully.
File C:\WINDOWS\keyboard11.exe deleted successfully.
File C:\WINDOWS\mousepad10.exe deleted successfully.
File C:\WINDOWS\mousepad11.exe deleted successfully.
File C:\WINDOWS\mousepad9.exe deleted successfully.
File C:\WINDOWS\NDNuninstall6_38.exe deleted successfully.
File C:\WINDOWS\NDNuninstall7_22.exe deleted successfully.
File C:\WINDOWS\newname10.exe deleted successfully.
File C:\WINDOWS\newname11.exe deleted successfully.
File C:\WINDOWS\pf78.exe deleted successfully.
File C:\WINDOWS\pf78bb.exe deleted successfully.
File C:\WINDOWS\SS1001.exe deleted successfully.
File C:\WINDOWS\system32\BMG3b.exe deleted successfully.
File C:\WINDOWS\system32\dmonwv.dll deleted successfully.
File C:\WINDOWS\system32\dwdsregt.exe deleted successfully.
File C:\WINDOWS\system32\fpdrnznx.dll deleted successfully.
File C:\WINDOWS\system32\owinrrag.exe deleted successfully.
File C:\WINDOWS\system32\qqdsregl.exe deleted successfully.
File C:\WINDOWS\system32\w004a092.dll deleted successfully.
File C:\WINDOWS\system32\xdcjx.dat deleted successfully.
File C:\WINDOWS\zlmavrvA.exe deleted successfully.
File C:\ZICORN001.exe deleted successfully.


File C:\WINDOWS\SYSTEM32\DMONWV.DLL not found!
Deletion of file C:\WINDOWS\SYSTEM32\DMONWV.DLL failed!

Could not process line:
C:\WINDOWS\SYSTEM32\DMONWV.DLL
Status: 0xc0000034

File C:\WINDOWS\UNWN.EXE deleted successfully.


File C:\WINDOWS\system32\xdcjx.dat not found!
Deletion of file C:\WINDOWS\system32\xdcjx.dat failed!

Could not process line:
C:\WINDOWS\system32\xdcjx.dat
Status: 0xc0000034

File C:\WINDOWS\system32\sgngmd.exe deleted successfully.
File C:\WINDOWS\system32\jpekm.exe deleted successfully.
File C:\WINDOWS\system32\ynngely.dll deleted successfully.
File C:\WINDOWS\system32\tklowin.exe deleted successfully.
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\knyhs.exe deleted successfully.


File C:\WINDOWS\sfmywm.exe not found!
Deletion of file C:\WINDOWS\sfmywm.exe failed!

Could not process line:
C:\WINDOWS\sfmywm.exe
Status: 0xc0000034



File C:\WINDOWS\system32\w9seq.dll not found!
Deletion of file C:\WINDOWS\system32\w9seq.dll failed!

Could not process line:
C:\WINDOWS\system32\w9seq.dll
Status: 0xc0000034



File C:\WINDOWS\system32\dkmdbifa.dll not found!
Deletion of file C:\WINDOWS\system32\dkmdbifa.dll failed!

Could not process line:
C:\WINDOWS\system32\dkmdbifa.dll
Status: 0xc0000034



File C:\WINDOWS\system32\Runner.dll not found!
Deletion of file C:\WINDOWS\system32\Runner.dll failed!

Could not process line:
C:\WINDOWS\system32\Runner.dll
Status: 0xc0000034



File C:\WINDOWS\system32\pceghlfh.dll not found!
Deletion of file C:\WINDOWS\system32\pceghlfh.dll failed!

Could not process line:
C:\WINDOWS\system32\pceghlfh.dll
Status: 0xc0000034

File C:\WINDOWS\system32\EQMini.dll deleted successfully.


File C:\WINDOWS\system32\shecli.dll not found!
Deletion of file C:\WINDOWS\system32\shecli.dll failed!

Could not process line:
C:\WINDOWS\system32\shecli.dll
Status: 0xc0000034



File C:\WINDOWS\system32\sUfrdm.dll not found!
Deletion of file C:\WINDOWS\system32\sUfrdm.dll failed!

Could not process line:
C:\WINDOWS\system32\sUfrdm.dll
Status: 0xc0000034



File C:\WINDOWS\system32\lv4809hue.dll not found!
Deletion of file C:\WINDOWS\system32\lv4809hue.dll failed!

Could not process line:
C:\WINDOWS\system32\lv4809hue.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w002ce33.dll not found!
Deletion of file C:\WINDOWS\system32\w002ce33.dll failed!

Could not process line:
C:\WINDOWS\system32\w002ce33.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w00164fe.dll not found!
Deletion of file C:\WINDOWS\system32\w00164fe.dll failed!

Could not process line:
C:\WINDOWS\system32\w00164fe.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w0019e6d.dll not found!
Deletion of file C:\WINDOWS\system32\w0019e6d.dll failed!

Could not process line:
C:\WINDOWS\system32\w0019e6d.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w002f61e.dll not found!
Deletion of file C:\WINDOWS\system32\w002f61e.dll failed!

Could not process line:
C:\WINDOWS\system32\w002f61e.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w001e54a.dll not found!
Deletion of file C:\WINDOWS\system32\w001e54a.dll failed!

Could not process line:
C:\WINDOWS\system32\w001e54a.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w0026690.dll not found!
Deletion of file C:\WINDOWS\system32\w0026690.dll failed!

Could not process line:
C:\WINDOWS\system32\w0026690.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w0014178.dll not found!
Deletion of file C:\WINDOWS\system32\w0014178.dll failed!

Could not process line:
C:\WINDOWS\system32\w0014178.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w0026bef.dll not found!
Deletion of file C:\WINDOWS\system32\w0026bef.dll failed!

Could not process line:
C:\WINDOWS\system32\w0026bef.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w0012f39.dll not found!
Deletion of file C:\WINDOWS\system32\w0012f39.dll failed!

Could not process line:
C:\WINDOWS\system32\w0012f39.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w006b8d3.dll not found!
Deletion of file C:\WINDOWS\system32\w006b8d3.dll failed!

Could not process line:
C:\WINDOWS\system32\w006b8d3.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w001a999.dll not found!
Deletion of file C:\WINDOWS\system32\w001a999.dll failed!

Could not process line:
C:\WINDOWS\system32\w001a999.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w001d26e.dll not found!
Deletion of file C:\WINDOWS\system32\w001d26e.dll failed!

Could not process line:
C:\WINDOWS\system32\w001d26e.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w0015ea5.dll not found!
Deletion of file C:\WINDOWS\system32\w0015ea5.dll failed!

Could not process line:
C:\WINDOWS\system32\w0015ea5.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w0016184.dll not found!
Deletion of file C:\WINDOWS\system32\w0016184.dll failed!

Could not process line:
C:\WINDOWS\system32\w0016184.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w00253f2.dll not found!
Deletion of file C:\WINDOWS\system32\w00253f2.dll failed!

Could not process line:
C:\WINDOWS\system32\w00253f2.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w001f42e.dll not found!
Deletion of file C:\WINDOWS\system32\w001f42e.dll failed!

Could not process line:
C:\WINDOWS\system32\w001f42e.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w0032dc8.dll not found!
Deletion of file C:\WINDOWS\system32\w0032dc8.dll failed!

Could not process line:
C:\WINDOWS\system32\w0032dc8.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w001ee72.dll not found!
Deletion of file C:\WINDOWS\system32\w001ee72.dll failed!

Could not process line:
C:\WINDOWS\system32\w001ee72.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w001dd6a.dll not found!
Deletion of file C:\WINDOWS\system32\w001dd6a.dll failed!

Could not process line:
C:\WINDOWS\system32\w001dd6a.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w0018c9b.dll not found!
Deletion of file C:\WINDOWS\system32\w0018c9b.dll failed!

Could not process line:
C:\WINDOWS\system32\w0018c9b.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w001651d.dll not found!
Deletion of file C:\WINDOWS\system32\w001651d.dll failed!

Could not process line:
C:\WINDOWS\system32\w001651d.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w00190d1.dll not found!
Deletion of file C:\WINDOWS\system32\w00190d1.dll failed!

Could not process line:
C:\WINDOWS\system32\w00190d1.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w0018c5c.dll not found!
Deletion of file C:\WINDOWS\system32\w0018c5c.dll failed!

Could not process line:
C:\WINDOWS\system32\w0018c5c.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w0012b7f.dll not found!
Deletion of file C:\WINDOWS\system32\w0012b7f.dll failed!

Could not process line:
C:\WINDOWS\system32\w0012b7f.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w0040423.dll not found!
Deletion of file C:\WINDOWS\system32\w0040423.dll failed!

Could not process line:
C:\WINDOWS\system32\w0040423.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w0012d16.dll not found!
Deletion of file C:\WINDOWS\system32\w0012d16.dll failed!

Could not process line:
C:\WINDOWS\system32\w0012d16.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w001628d.dll not found!
Deletion of file C:\WINDOWS\system32\w001628d.dll failed!

Could not process line:
C:\WINDOWS\system32\w001628d.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w001c54e.dll not found!
Deletion of file C:\WINDOWS\system32\w001c54e.dll failed!

Could not process line:
C:\WINDOWS\system32\w001c54e.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w000f8f6.dll not found!
Deletion of file C:\WINDOWS\system32\w000f8f6.dll failed!

Could not process line:
C:\WINDOWS\system32\w000f8f6.dll
Status: 0xc0000034



File C:\WINDOWS\system32\w004a092.dll not found!
Deletion of file C:\WINDOWS\system32\w004a092.dll failed!

Could not process line:
C:\WINDOWS\system32\w004a092.dll
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.




-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, April 19, 2006 12:17:53 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 19/04/2006
Kaspersky Anti-Virus database records: 188790
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 89114
Number of viruses found: 54
Number of infected objects: 252
Number of suspicious objects: 0
Duration of the scan process: 01:43:30

Infected Object Name / Virus Name / Last Action
C:\avenger\backup.zip/avenger/ac2_0003.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped
C:\avenger\backup.zip/avenger/BMG3b.exe/{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll Infected: Trojan.Win32.VB.aft skipped
C:\avenger\backup.zip/avenger/BMG3b.exe Infected: Trojan.Win32.VB.aft skipped
C:\avenger\backup.zip/avenger/dmonwv.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\avenger\backup.zip/avenger/DR140306.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\avenger\backup.zip/avenger/DR140306.exe Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\avenger\backup.zip/avenger/drsmartload1.exe Infected: Trojan-Downloader.Win32.Adload.ap skipped
C:\avenger\backup.zip/avenger/drsmartload45a.exe Infected: Trojan-Downloader.Win32.Adload.an skipped
C:\avenger\backup.zip/avenger/dwdsregt.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\avenger\backup.zip/avenger/EQAdvice/equpd.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ed skipped
C:\avenger\backup.zip/avenger/EQAdvice/equpd.exe Infected: not-a-virus:AdWare.Win32.PurityScan.ed skipped
C:\avenger\backup.zip/avenger/EQBranch/EQBranch.exe Infected: not-a-virus:AdWare.Win32.PurityScan.ed skipped
C:\avenger\backup.zip/avenger/errorhandler.exe Infected: Trojan-Downloader.Win32.VB.nw skipped
C:\avenger\backup.zip/avenger/fpdrnznx.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\avenger\backup.zip/avenger/Installer.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/installerwnus.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\avenger\backup.zip/avenger/jpekm.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\avenger\backup.zip/avenger/keyboard10.exe Infected: Trojan-Downloader.Win32.Adload.am skipped
C:\avenger\backup.zip/avenger/keyboard11.exe Infected: Backdoor.Win32.VB.ary skipped
C:\avenger\backup.zip/avenger/knyhs.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\avenger\backup.zip/avenger/l2mfix/backup.zip/dlls/dEtaclen.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/l2mfix/backup.zip/dlls/dn6o01j3e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/l2mfix/backup.zip/dlls/e020lafm1d2a.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/l2mfix/backup.zip/dlls/fpjo0313e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/l2mfix/backup.zip/dlls/g2220cfoef2c0.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/l2mfix/backup.zip/dlls/hrls0537e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/l2mfix/backup.zip/dlls/k2pm0c71ef.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/l2mfix/backup.zip/dlls/l4r00e9meh.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/l2mfix/backup.zip/dlls/lv0u09d9e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/l2mfix/backup.zip/dlls/lv4809hue.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/l2mfix/backup.zip/dlls/mvrsl9971.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/l2mfix/backup.zip/dlls/n8n60i5se8.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/l2mfix/backup.zip Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup.zip/avenger/mousepad10.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\avenger\backup.zip/avenger/mousepad11.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\avenger\backup.zip/avenger/mousepad9.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\avenger\backup.zip/avenger/MTE3NDI6ODoxNg.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\avenger\backup.zip/avenger/mti-hits.exe Infected: not-a-virus:AdWare.Win32.EZula.bn skipped
C:\avenger\backup.zip/avenger/NDNuninstall6_38.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\avenger\backup.zip/avenger/NDNuninstall7_22.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\avenger\backup.zip/avenger/newname10.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\avenger\backup.zip/avenger/newname11.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\avenger\backup.zip/avenger/NNSCAA638.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\avenger\backup.zip/avenger/owinrrag.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\avenger\backup.zip/avenger/pf78.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\avenger\backup.zip/avenger/pf78.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\avenger\backup.zip/avenger/pf78.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\avenger\backup.zip/avenger/pf78.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\avenger\backup.zip/avenger/pf78.exe Infected: Trojan.Win32.VB.tg skipped
C:\avenger\backup.zip/avenger/pf78bb.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\avenger\backup.zip/avenger/pf78bb.exe Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\avenger\backup.zip/avenger/qqdsregl.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\avenger\backup.zip/avenger/sgngmd.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\avenger\backup.zip/avenger/sk02.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\avenger\backup.zip/avenger/sk02.exe Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\avenger\backup.zip/avenger/SS1001.exe Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\avenger\backup.zip/avenger/stub_113_4_0_4_0.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\avenger\backup.zip/avenger/tklowin.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\avenger\backup.zip/avenger/visfx500.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\avenger\backup.zip/avenger/w004a092.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\avenger\backup.zip/avenger/WHCC2.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\avenger\backup.zip/avenger/WHCC2.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\avenger\backup.zip/avenger/WHCC2.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\avenger\backup.zip/avenger/WHCC2.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\avenger\backup.zip/avenger/WHCC2.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\avenger\backup.zip/avenger/WHCC2.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\avenger\backup.zip/avenger/xdcjx.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\avenger\backup.zip/avenger/ynngely.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\avenger\backup.zip/avenger/ZICORN001.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\avenger\backup.zip/avenger/zlmavrvA.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\avenger\backup.zip ZIP: infected - 70 skipped
C:\Documents and Settings\Ron Wells\Desktop\Anti-malware\ccsetup126.exe/stream/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Documents and Settings\Ron Wells\Desktop\Anti-malware\ccsetup126.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Documents and Settings\Ron Wells\Desktop\Anti-malware\ccsetup126.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UL9O1LS\mediaview[1].cab/elite.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.h skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UL9O1LS\mediaview[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\Temporary Internet Files\Content.IE5\BCHCL26Y\installerwnus[1].exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\transpd.exe/data0002 Infected: not-a-virus:AdWare.Win32.Agent.e skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\transpd.exe NSIS: infected - 1 skipped
C:\Program Files\Common Files\EliteMediaGroupOinUninstaller.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\Program Files\Common Files\EliteMediaGroupOinUninstaller.exe NSIS: infected - 1 skipped
C:\Program Files\Yazzle Snowball Wars\SnowballWars.exe Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\SnowballWarsInstaller.exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\SnowballWarsInstaller.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP149\A0091326.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP149\A0092326.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP149\A0093326.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP149\A0094326.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP149\A0094492.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095328.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095343.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095344.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095345.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095346.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095347.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095348.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095349.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095350.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095351.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095352.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0096551.exe Infected: Trojan-Downloader.Win32.VB.aad skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099580.exe Infected: Trojan-Dropper.Win32.Agent.amf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099581.exe Infected: Trojan-Dropper.Win32.Agent.amf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099582.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099583.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099584.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099585.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099586.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099587.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099588.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099589.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099590.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099591.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099592.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099593.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099594.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099595.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099673.exe Infected: Trojan-Downloader.Win32.VB.aad skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099674.exe Infected: Trojan-Downloader.Win32.Adload.ai skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099675.exe Infected: Trojan-Downloader.Win32.Adload.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099676.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099677.exe Infected: Trojan-Downloader.Win32.Agent.agy skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099678.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099679.dll Infected: not-a-virus:AdWare.Win32.CASClient.g skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099680.exe Infected: Trojan-Downloader.Win32.Dyfuca.ex skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099681.exe Infected: Trojan-Downloader.Win32.PurityScan.au skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099682.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099683.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099683.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099683.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099683.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099683.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099683.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099685.exe Infected: Trojan-Downloader.Win32.VB.zk skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099686.exe Infected: Trojan-Downloader.Win32.VB.zl skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099687.exe Infected: Trojan-Downloader.Win32.VB.zo skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099688.exe Infected: Trojan-Downloader.Win32.VB.zg skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099689.exe Infected: Trojan-Downloader.Win32.VB.aaa skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099690.exe Infected: Trojan-Downloader.Win32.VB.aaf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099692.exe Infected: Trojan-Clicker.Win32.VB.ly skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099693.exe Infected: Trojan-Clicker.Win32.VB.ly skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099694.exe Infected: Trojan.Win32.VB.ali skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099695.exe Infected: Trojan.Win32.VB.ali skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099696.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099697.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099698.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099699.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099700.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099701.exe Infected: Trojan-Downloader.Win32.VB.aaf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099703.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099704.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099705.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099706.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099707.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099708.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099709.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099710.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099711.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099712.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099713.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099714.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099715.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099716.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099717.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099718.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099719.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099720.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099721.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099722.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099723.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099724.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099725.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099726.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099727.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099728.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099729.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099730.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099731.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099732.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099733.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099734.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099736.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099737.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP154\A0099762.dll Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP154\A0099771.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP154\A0099772.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP154\A0099774.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP154\A0099776.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP156\A0101762.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP158\A0103831.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP158\A0104831.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP159\A0104847.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP159\A0104848.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP159\A0104850.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP159\A0104851.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.i skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP159\A0105850.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP159\A0106850.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP160\A0106906.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106964.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106966.exe/{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll Infected: Trojan.Win32.VB.aft skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106966.exe InstallCreator: infected - 1 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106966.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106967.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106968.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106968.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106969.exe Infected: Trojan-Downloader.Win32.Adload.ap skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106970.exe Infected: Trojan-Downloader.Win32.Adload.an skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106971.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106972.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ed skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106972.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106973.exe Infected: not-a-virus:AdWare.Win32.PurityScan.ed skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106976.exe Infected: Trojan-Downloader.Win32.VB.nw skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106977.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106979.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106980.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106981.exe Infected: Trojan-Downloader.Win32.Adload.am skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106982.exe Infected: Backdoor.Win32.VB.ary skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106983.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107001.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107002.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107003.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107005.exe Infected: not-a-virus:AdWare.Win32.EZula.bn skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107007.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107008.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107009.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107010.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107011.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107012.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107014.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107014.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107015.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107018.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107019.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107019.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107022.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107024.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107025.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107026.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107026.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107026.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107026.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107026.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107026.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107027.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107028.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107029.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\WINDOWS\876057.exe Infected: not-a-virus:AdWare.Win32.Mirar.d skipped
C:\WINDOWS\ac2_0002.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped
C:\WINDOWS\installer_2512.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\WINDOWS\system32\w0e481bd.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\WINDOWS\YOINSI.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\WINDOWS\YOINSI.exe NSIS: infected - 1 skipped

Scan process completed.
Rilo_Kiley
Active Member
 
Posts: 10
Joined: April 4th, 2006, 8:27 pm

Unread postby agrarianmonk » April 19th, 2006, 3:52 pm

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\jpekm.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,tklowin.exe
O4 - HKLM\..\Run: [HtFG] C:\WINDOWS\sfmywm.exe
O4 - HKLM\..\Run: [rwrxmb] C:\WINDOWS\system32\sgngmd.exe reg_run
O4 - HKCU\..\Run: [otyyn] C:\WINDOWS\system32\sgngmd.exe reg_run

Now close all windows other than HiJackThis, then click Fix Checked. close HijackThis.

    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

**************************************

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Folders to delete:
C:\Program Files\Yazzle Snowball Wars\

Files to delete:
C:\Program Files\Common Files\EliteMediaGroupOinUninstaller.exe
C:\SnowballWarsInstaller.exe
C:\WINDOWS\876057.exe
C:\WINDOWS\ac2_0002.exe
C:\WINDOWS\installer_2512.exe
C:\WINDOWS\system32\w0e481bd.dll
C:\WINDOWS\YOINSI.exe
C:\WINDOWS\system32\jpekm.exe
C:\WINDOWS\SYSTEM32\tklowin.exe
C:\WINDOWS\sfmywm.exe
C:\WINDOWS\system32\sgngmd.exe


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply along with a fresh HJT log by using Add/Reply

In your next post, please include:
  • new hijackthis log
  • c:\avenger.txt

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

*********************************

In your next post, please include:
  • new HijackThis log
  • C:\avenger.txt
  • Kaspersky Log
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Unread postby Rilo_Kiley » April 22nd, 2006, 12:35 am

Logfile of HijackThis v1.99.1
Scan saved at 9:35:28 PM, on 4/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Wizards of the Coast\Magic Online\magic189151.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ron Wells\Desktop\Anti-malware\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AuthBHO.cBHO - {C658CEE0-7F43-4B48-AEB5-36EF433513AC} - C:\Program Files\Comcast\Security Manager\app\AuthBHO.dll
O3 - Toolbar: Security Manager Popup Blocker - {D35D808B-16DD-4572-861B-44966B93247B} - C:\Program Files\Comcast\Security Manager\app\AuthBHO.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/r ... nPUpld.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe





Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ucbkkxdb

*******************

Script file located at: \??\C:\Documents and Settings\kkunjcry.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Folder C:\Program Files\Yazzle Snowball Wars deleted successfully.
File C:\Program Files\Common Files\EliteMediaGroupOinUninstaller.exe deleted successfully.
File C:\SnowballWarsInstaller.exe deleted successfully.
File C:\WINDOWS\876057.exe deleted successfully.
File C:\WINDOWS\ac2_0002.exe deleted successfully.
File C:\WINDOWS\installer_2512.exe deleted successfully.
File C:\WINDOWS\system32\w0e481bd.dll deleted successfully.
File C:\WINDOWS\YOINSI.exe deleted successfully.


File C:\WINDOWS\system32\jpekm.exe not found!
Deletion of file C:\WINDOWS\system32\jpekm.exe failed!

Could not process line:
C:\WINDOWS\system32\jpekm.exe
Status: 0xc0000034



File C:\WINDOWS\SYSTEM32\tklowin.exe not found!
Deletion of file C:\WINDOWS\SYSTEM32\tklowin.exe failed!

Could not process line:
C:\WINDOWS\SYSTEM32\tklowin.exe
Status: 0xc0000034



File C:\WINDOWS\sfmywm.exe not found!
Deletion of file C:\WINDOWS\sfmywm.exe failed!

Could not process line:
C:\WINDOWS\sfmywm.exe
Status: 0xc0000034



File C:\WINDOWS\system32\sgngmd.exe not found!
Deletion of file C:\WINDOWS\system32\sgngmd.exe failed!

Could not process line:
C:\WINDOWS\system32\sgngmd.exe
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.





-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, April 21, 2006 9:27:25 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 22/04/2006
Kaspersky Anti-Virus database records: 189394
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 89277
Number of viruses found: 56
Number of infected objects: 266
Number of suspicious objects: 0
Duration of the scan process: 01:47:52

Infected Object Name / Virus Name / Last Action
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/ac2_0003.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/BMG3b.exe/{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll Infected: Trojan.Win32.VB.aft skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/BMG3b.exe Infected: Trojan.Win32.VB.aft skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/dmonwv.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/DR140306.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/DR140306.exe Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/drsmartload1.exe Infected: Trojan-Downloader.Win32.Adload.ap skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/drsmartload45a.exe Infected: Trojan-Downloader.Win32.Adload.an skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/dwdsregt.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/EQAdvice/equpd.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ed skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/EQAdvice/equpd.exe Infected: not-a-virus:AdWare.Win32.PurityScan.ed skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/EQBranch/EQBranch.exe Infected: not-a-virus:AdWare.Win32.PurityScan.ed skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/errorhandler.exe Infected: Trojan-Downloader.Win32.VB.nw skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/fpdrnznx.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/Installer.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/installerwnus.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/jpekm.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/keyboard10.exe Infected: Trojan-Downloader.Win32.Adload.am skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/keyboard11.exe Infected: Backdoor.Win32.VB.ary skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/knyhs.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip/dlls/dEtaclen.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip/dlls/dn6o01j3e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip/dlls/e020lafm1d2a.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip/dlls/fpjo0313e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip/dlls/g2220cfoef2c0.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip/dlls/hrls0537e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip/dlls/k2pm0c71ef.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip/dlls/l4r00e9meh.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip/dlls/lv0u09d9e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip/dlls/lv4809hue.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip/dlls/mvrsl9971.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip/dlls/n8n60i5se8.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/mousepad10.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/mousepad11.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/mousepad9.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/MTE3NDI6ODoxNg.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/mti-hits.exe Infected: not-a-virus:AdWare.Win32.EZula.bn skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/NDNuninstall6_38.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/NDNuninstall7_22.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/newname10.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/newname11.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/NNSCAA638.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/owinrrag.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/pf78.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/pf78.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/pf78.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/pf78.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/pf78.exe Infected: Trojan.Win32.VB.tg skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/pf78bb.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/pf78bb.exe Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/qqdsregl.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/sgngmd.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/sk02.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/sk02.exe Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/SS1001.exe Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/stub_113_4_0_4_0.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/tklowin.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/visfx500.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/w004a092.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/WHCC2.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/WHCC2.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/WHCC2.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/WHCC2.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/WHCC2.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/WHCC2.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/xdcjx.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/ynngely.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/ZICORN001.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/zlmavrvA.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip ZIP: infected - 70 skipped
C:\avenger\backup.zip/avenger/876057.exe Infected: not-a-virus:AdWare.Win32.Mirar.d skipped
C:\avenger\backup.zip/avenger/ac2_0002.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped
C:\avenger\backup.zip/avenger/EliteMediaGroupOinUninstaller.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\avenger\backup.zip/avenger/EliteMediaGroupOinUninstaller.exe Infected: Trojan.Win32.Scapur.k skipped
C:\avenger\backup.zip/avenger/installer_2512.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\avenger\backup.zip/avenger/SnowballWarsInstaller.exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\avenger\backup.zip/avenger/SnowballWarsInstaller.exe Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\avenger\backup.zip/avenger/w0e481bd.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\avenger\backup.zip/avenger/Yazzle Snowball Wars/SnowballWars.exe Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\avenger\backup.zip/avenger/YOINSI.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\avenger\backup.zip/avenger/YOINSI.exe Infected: Trojan.Win32.Scapur.k skipped
C:\avenger\backup.zip ZIP: infected - 11 skipped
C:\Documents and Settings\Ron Wells\Desktop\Anti-malware\ccsetup126.exe/stream/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Documents and Settings\Ron Wells\Desktop\Anti-malware\ccsetup126.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Documents and Settings\Ron Wells\Desktop\Anti-malware\ccsetup126.exe NSIS: infected - 2 skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UL9O1LS\mediaview[1].cab/elite.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.h skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UL9O1LS\mediaview[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\Temporary Internet Files\Content.IE5\BCHCL26Y\installerwnus[1].exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\transpd.exe/data0002 Infected: not-a-virus:AdWare.Win32.Agent.e skipped
C:\Documents and Settings\Ron Wells\Local Settings\Temp\transpd.exe NSIS: infected - 1 skipped
C:\gimmysmileys1.exe Infected: Trojan-Downloader.Win32.VB.xu skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP149\A0091326.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP149\A0092326.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP149\A0093326.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP149\A0094326.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP149\A0094492.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095328.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095343.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095344.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095345.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095346.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095347.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095348.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095349.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095350.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095351.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095352.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0096551.exe Infected: Trojan-Downloader.Win32.VB.aad skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099580.exe Infected: Trojan-Dropper.Win32.Agent.amf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099581.exe Infected: Trojan-Dropper.Win32.Agent.amf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099582.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099583.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099584.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099585.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099586.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099587.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099588.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099589.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099590.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099591.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099592.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099593.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099594.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099595.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099673.exe Infected: Trojan-Downloader.Win32.VB.aad skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099674.exe Infected: Trojan-Downloader.Win32.Adload.ai skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099675.exe Infected: Trojan-Downloader.Win32.Adload.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099676.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099677.exe Infected: Trojan-Downloader.Win32.Agent.agy skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099678.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099679.dll Infected: not-a-virus:AdWare.Win32.CASClient.g skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099680.exe Infected: Trojan-Downloader.Win32.Dyfuca.ex skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099681.exe Infected: Trojan-Downloader.Win32.PurityScan.au skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099682.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099683.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099683.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099683.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099683.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099683.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099683.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099685.exe Infected: Trojan-Downloader.Win32.VB.zk skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099686.exe Infected: Trojan-Downloader.Win32.VB.zl skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099687.exe Infected: Trojan-Downloader.Win32.VB.zo skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099688.exe Infected: Trojan-Downloader.Win32.VB.zg skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099689.exe Infected: Trojan-Downloader.Win32.VB.aaa skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099690.exe Infected: Trojan-Downloader.Win32.VB.aaf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099692.exe Infected: Trojan-Clicker.Win32.VB.ly skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099693.exe Infected: Trojan-Clicker.Win32.VB.ly skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099694.exe Infected: Trojan.Win32.VB.ali skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099695.exe Infected: Trojan.Win32.VB.ali skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099696.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099697.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099698.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099699.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099700.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099701.exe Infected: Trojan-Downloader.Win32.VB.aaf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099703.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099704.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099705.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099706.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099707.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099708.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099709.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099710.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099711.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099712.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099713.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099714.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099715.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099716.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099717.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099718.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099719.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099720.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099721.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099722.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099723.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099724.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099725.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099726.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099727.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099728.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099729.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099730.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099731.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099732.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099733.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099734.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099736.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099737.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP154\A0099762.dll Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP154\A0099763.dll Infected: not-a-virus:AdWare.Win32.CASClient.f skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP154\A0099771.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP154\A0099772.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP154\A0099774.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP154\A0099776.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP156\A0101762.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP158\A0103831.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP158\A0104831.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP159\A0104847.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP159\A0104848.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP159\A0104850.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP159\A0104851.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.i skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP159\A0105850.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP159\A0106850.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP160\A0106906.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106964.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106966.exe/{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll Infected: Trojan.Win32.VB.aft skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106966.exe InstallCreator: infected - 1 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106966.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106967.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106968.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106968.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106969.exe Infected: Trojan-Downloader.Win32.Adload.ap skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106970.exe Infected: Trojan-Downloader.Win32.Adload.an skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106971.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106972.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ed skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106972.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106973.exe Infected: not-a-virus:AdWare.Win32.PurityScan.ed skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106976.exe Infected: Trojan-Downloader.Win32.VB.nw skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106977.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106979.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106980.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106981.exe Infected: Trojan-Downloader.Win32.Adload.am skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106982.exe Infected: Backdoor.Win32.VB.ary skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106983.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107001.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107002.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107003.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107005.exe Infected: not-a-virus:AdWare.Win32.EZula.bn skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107007.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107008.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107009.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107010.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107011.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107012.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107014.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107014.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107015.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107018.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107019.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107019.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107022.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107024.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107025.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107026.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107026.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107026.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107026.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107026.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107026.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107027.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107028.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107029.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP164\A0108982.exe Infected: not-a-virus:AdWare.Win32.Mirar.d skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP164\A0108983.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP164\A0108986.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP164\A0108986.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP164\A0108987.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP164\A0108988.exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP164\A0108988.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP164\A0108989.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP164\A0108990.exe Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP164\A0108992.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP164\A0108992.exe NSIS: infected - 1 skipped

Scan process completed.
Rilo_Kiley
Active Member
 
Posts: 10
Joined: April 4th, 2006, 8:27 pm

Unread postby 'KotaGuy » April 22nd, 2006, 12:52 am

Hi Rilo_Kiley!

agrarianmonk is away for a few days... has asked me to take care of you.

Logs are looking better. Just a few more things to take care of...

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):

Files to delete:
C:\Documents and Settings\Ron Wells\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UL9O1LS\mediaview[1].cab
C:\Documents and Settings\Ron Wells\Local Settings\Temp\Temporary Internet Files\Content.IE5\BCHCL26Y\installerwnus[1].exe
C:\Documents and Settings\Ron Wells\Local Settings\Temp\transpd.exe
C:\gimmysmileys1.exe


Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

Now, start The Avenger program by clicking on its icon on your desktop.
  • Under "Script file to execute" choose "Input Script Manually".
  • Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
  • Paste the text copied to clipboard into this window by pressing (Ctrl+V).
  • Click Done
  • Now click on the Green Light to begin execution of the script
  • Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
  • It will Restart your computer. ( In cases where the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.


After the reboot do one more KAV scan.

Post the log from the KAV scan, avenger.txt and a new HJT log please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby Rilo_Kiley » April 23rd, 2006, 12:41 am

Logfile of HijackThis v1.99.1
Scan saved at 9:41:01 PM, on 4/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ron Wells\Desktop\Anti-malware\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AuthBHO.cBHO - {C658CEE0-7F43-4B48-AEB5-36EF433513AC} - C:\Program Files\Comcast\Security Manager\app\AuthBHO.dll
O3 - Toolbar: Security Manager Popup Blocker - {D35D808B-16DD-4572-861B-44966B93247B} - C:\Program Files\Comcast\Security Manager\app\AuthBHO.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HPHUPD08] C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by104fd.bay104.hotmail.msn.com/r ... nPUpld.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\comcast\security manager\app\CurtainsSysSvcNt.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe




Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tqmjaigv

*******************

Script file located at: \??\C:\jnibifau.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Documents and Settings\Ron Wells\Local Settings\Temp\Temporary Internet Files\Content.IE5\3UL9O1LS\mediaview[1].cab deleted successfully.
File C:\Documents and Settings\Ron Wells\Local Settings\Temp\Temporary Internet Files\Content.IE5\BCHCL26Y\installerwnus[1].exe deleted successfully.
File C:\Documents and Settings\Ron Wells\Local Settings\Temp\transpd.exe deleted successfully.
File C:\gimmysmileys1.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.



-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, April 22, 2006 8:45:08 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 22/04/2006
Kaspersky Anti-Virus database records: 189511
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 90417
Number of viruses found: 56
Number of infected objects: 268
Number of suspicious objects: 0
Duration of the scan process: 01:47:19

Infected Object Name / Virus Name / Last Action
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/ac2_0003.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/BMG3b.exe/{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll Infected: Trojan.Win32.VB.aft skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/BMG3b.exe Infected: Trojan.Win32.VB.aft skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/dmonwv.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/DR140306.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/DR140306.exe Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/drsmartload1.exe Infected: Trojan-Downloader.Win32.Adload.ap skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/drsmartload45a.exe Infected: Trojan-Downloader.Win32.Adload.an skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/dwdsregt.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/EQAdvice/equpd.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ed skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/EQAdvice/equpd.exe Infected: not-a-virus:AdWare.Win32.PurityScan.ed skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/EQBranch/EQBranch.exe Infected: not-a-virus:AdWare.Win32.PurityScan.ed skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/errorhandler.exe Infected: Trojan-Downloader.Win32.VB.nw skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/fpdrnznx.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/Installer.exe Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/installerwnus.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/jpekm.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/keyboard10.exe Infected: Trojan-Downloader.Win32.Adload.am skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/keyboard11.exe Infected: Backdoor.Win32.VB.ary skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/knyhs.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip/dlls/dEtaclen.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip/dlls/dn6o01j3e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip/dlls/e020lafm1d2a.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip/dlls/fpjo0313e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip/dlls/g2220cfoef2c0.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip/dlls/hrls0537e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip/dlls/k2pm0c71ef.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip/dlls/l4r00e9meh.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip/dlls/lv0u09d9e.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip/dlls/lv4809hue.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip/dlls/mvrsl9971.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip/dlls/n8n60i5se8.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/l2mfix/backup.zip Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/mousepad10.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/mousepad11.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/mousepad9.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/MTE3NDI6ODoxNg.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/mti-hits.exe Infected: not-a-virus:AdWare.Win32.EZula.bn skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/NDNuninstall6_38.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/NDNuninstall7_22.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/newname10.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/newname11.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/NNSCAA638.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/owinrrag.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/pf78.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/pf78.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/pf78.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/pf78.exe/data0007 Infected: Trojan.Win32.VB.tg skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/pf78.exe Infected: Trojan.Win32.VB.tg skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/pf78bb.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/pf78bb.exe Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/qqdsregl.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/sgngmd.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/sk02.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/sk02.exe Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/SS1001.exe Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/stub_113_4_0_4_0.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/tklowin.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/visfx500.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/w004a092.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/WHCC2.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/WHCC2.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/WHCC2.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/WHCC2.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/WHCC2.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/WHCC2.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/xdcjx.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/ynngely.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/ZICORN001.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip/avenger/zlmavrvA.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\avenger\backup-Fri 04.21.2006-16.18.13.29.zip ZIP: infected - 70 skipped
C:\avenger\backup-Sat 04.22.2006-14.16.22.21.zip/avenger/876057.exe Infected: not-a-virus:AdWare.Win32.Mirar.d skipped
C:\avenger\backup-Sat 04.22.2006-14.16.22.21.zip/avenger/ac2_0002.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped
C:\avenger\backup-Sat 04.22.2006-14.16.22.21.zip/avenger/EliteMediaGroupOinUninstaller.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\avenger\backup-Sat 04.22.2006-14.16.22.21.zip/avenger/EliteMediaGroupOinUninstaller.exe Infected: Trojan.Win32.Scapur.k skipped
C:\avenger\backup-Sat 04.22.2006-14.16.22.21.zip/avenger/installer_2512.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\avenger\backup-Sat 04.22.2006-14.16.22.21.zip/avenger/SnowballWarsInstaller.exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\avenger\backup-Sat 04.22.2006-14.16.22.21.zip/avenger/SnowballWarsInstaller.exe Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\avenger\backup-Sat 04.22.2006-14.16.22.21.zip/avenger/w0e481bd.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\avenger\backup-Sat 04.22.2006-14.16.22.21.zip/avenger/Yazzle Snowball Wars/SnowballWars.exe Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\avenger\backup-Sat 04.22.2006-14.16.22.21.zip/avenger/YOINSI.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\avenger\backup-Sat 04.22.2006-14.16.22.21.zip/avenger/YOINSI.exe Infected: Trojan.Win32.Scapur.k skipped
C:\avenger\backup-Sat 04.22.2006-14.16.22.21.zip ZIP: infected - 11 skipped
C:\avenger\backup.zip/avenger/gimmysmileys1.exe Infected: Trojan-Downloader.Win32.VB.xu skipped
C:\avenger\backup.zip/avenger/installerwnus[1].exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\avenger\backup.zip/avenger/mediaview[1].cab/elite.ocx Infected: not-a-virus:AdWare.Win32.MediaMotor.h skipped
C:\avenger\backup.zip/avenger/mediaview[1].cab Infected: not-a-virus:AdWare.Win32.MediaMotor.h skipped
C:\avenger\backup.zip/avenger/transpd.exe/data0002 Infected: not-a-virus:AdWare.Win32.Agent.e skipped
C:\avenger\backup.zip/avenger/transpd.exe Infected: not-a-virus:AdWare.Win32.Agent.e skipped
C:\avenger\backup.zip ZIP: infected - 6 skipped
C:\Documents and Settings\Ron Wells\Desktop\Anti-malware\ccsetup126.exe/stream/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Documents and Settings\Ron Wells\Desktop\Anti-malware\ccsetup126.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Documents and Settings\Ron Wells\Desktop\Anti-malware\ccsetup126.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP149\A0091326.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP149\A0092326.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP149\A0093326.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP149\A0094326.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP149\A0094492.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095328.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095343.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095344.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095345.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095346.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095347.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095348.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095349.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095350.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095351.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0095352.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP151\A0096551.exe Infected: Trojan-Downloader.Win32.VB.aad skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099580.exe Infected: Trojan-Dropper.Win32.Agent.amf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099581.exe Infected: Trojan-Dropper.Win32.Agent.amf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099582.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099583.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099584.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099585.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099586.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099587.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099588.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099589.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099590.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099591.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099592.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099593.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099594.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099595.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099673.exe Infected: Trojan-Downloader.Win32.VB.aad skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099674.exe Infected: Trojan-Downloader.Win32.Adload.ai skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099675.exe Infected: Trojan-Downloader.Win32.Adload.ab skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099676.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099677.exe Infected: Trojan-Downloader.Win32.Agent.agy skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099678.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099679.dll Infected: not-a-virus:AdWare.Win32.CASClient.g skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099680.exe Infected: Trojan-Downloader.Win32.Dyfuca.ex skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099681.exe Infected: Trojan-Downloader.Win32.PurityScan.au skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099682.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099683.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099683.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099683.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099683.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099683.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099683.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099685.exe Infected: Trojan-Downloader.Win32.VB.zk skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099686.exe Infected: Trojan-Downloader.Win32.VB.zl skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099687.exe Infected: Trojan-Downloader.Win32.VB.zo skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099688.exe Infected: Trojan-Downloader.Win32.VB.zg skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099689.exe Infected: Trojan-Downloader.Win32.VB.aaa skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099690.exe Infected: Trojan-Downloader.Win32.VB.aaf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099692.exe Infected: Trojan-Clicker.Win32.VB.ly skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099693.exe Infected: Trojan-Clicker.Win32.VB.ly skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099694.exe Infected: Trojan.Win32.VB.ali skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099695.exe Infected: Trojan.Win32.VB.ali skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099696.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099697.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099698.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099699.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099700.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099701.exe Infected: Trojan-Downloader.Win32.VB.aaf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099703.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099704.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099705.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099706.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099707.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099708.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099709.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099710.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099711.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099712.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099713.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099714.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099715.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099716.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099717.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099718.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099719.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099720.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099721.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099722.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099723.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099724.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099725.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099726.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099727.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099728.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099729.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099730.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099731.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099732.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099733.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099734.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099736.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP153\A0099737.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP154\A0099762.dll Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP154\A0099763.dll Infected: not-a-virus:AdWare.Win32.CASClient.f skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP154\A0099771.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP154\A0099772.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP154\A0099774.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP154\A0099776.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP156\A0101762.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP158\A0103831.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP158\A0104831.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP159\A0104847.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP159\A0104848.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP159\A0104850.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP159\A0104851.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.i skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP159\A0105850.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP159\A0106850.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP160\A0106906.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106964.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106966.exe/{8110581C-FEA4-47AC-ADBC-DE958DD0F354}.dll Infected: Trojan.Win32.VB.aft skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106966.exe InstallCreator: infected - 1 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106966.exe UPX: infected - 1 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106967.dll Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106968.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106968.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106969.exe Infected: Trojan-Downloader.Win32.Adload.ap skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106970.exe Infected: Trojan-Downloader.Win32.Adload.an skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106971.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106972.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ed skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106972.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106973.exe Infected: not-a-virus:AdWare.Win32.PurityScan.ed skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106976.exe Infected: Trojan-Downloader.Win32.VB.nw skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106977.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106979.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106980.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106981.exe Infected: Trojan-Downloader.Win32.Adload.am skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106982.exe Infected: Backdoor.Win32.VB.ary skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0106983.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107001.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107002.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107003.exe Infected: Trojan-Clicker.Win32.VB.mo skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107005.exe Infected: not-a-virus:AdWare.Win32.EZula.bn skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107007.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107008.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107009.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107010.exe Infected: Trojan-Downloader.Win32.Adload.ae skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107011.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107012.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.n skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107014.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107014.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107015.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107018.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107019.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107019.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107022.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107024.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107025.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107026.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107026.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107026.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107026.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107026.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107026.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107027.dll Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107028.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.m skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP161\A0107029.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP164\A0108982.exe Infected: not-a-virus:AdWare.Win32.Mirar.d skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP164\A0108983.exe Infected: Trojan-Downloader.Win32.Small.cpu skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP164\A0108986.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP164\A0108986.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP164\A0108987.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP164\A0108988.exe/data0006 Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP164\A0108988.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP164\A0108989.dll Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP164\A0108990.exe Infected: Trojan-Downloader.Win32.PurityScan.cf skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP164\A0108992.exe/data0002 Infected: Trojan.Win32.Scapur.k skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP164\A0108992.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{1751CA3E-67C9-4457-8832-B2DD7963CD78}\RP165\A0109060.exe Infected: Trojan-Downloader.Win32.VB.xu skipped

Scan process completed.
Rilo_Kiley
Active Member
 
Posts: 10
Joined: April 4th, 2006, 8:27 pm

Unread postby 'KotaGuy » April 23rd, 2006, 12:57 am

Excellent... that looks better :)

You can delete all the backup zip files in the C:\Avenger folder.

Also reset your System Restore point. To do this:
  • Right-click My Computer, and then click Properties.
  • Click the System Restore tab.
  • Check the "Turn off System Restore" or "Turn off System Restore on all drives"

Reboot your computer, follow the steps above, this time unchecking the "Turn off System Restore" and reboot.

Doing that will take care of the rest of what is listed in the KAV scan.

Your logs are clean! Good Work! :)

How is your computer behaving?
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby Nick-YF19 » May 5th, 2006, 12:15 am

Glad we could be of assistance.

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Nick-YF19
Admin/Teacher Emeritus
 
Posts: 4036
Joined: May 17th, 2005, 12:42 am
Location: California
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 286 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware