# Major Virus Problems - Please Help



## tinytich (Jun 18, 2006)

Hi there,

About a month ago i came across this sight and was kindly helped out but after a few days my computer reverted back to its awful ways. Basically, my computer is set up with Bit Defender / Spy Doctor and Zone Alarm. My first major issue is that after my last help from u guys i did a scan with BitDefender and it found 8 virus's. I then did one straight away after and it found 1280 infections !!! (I have the log saved is this might help !!)

Anyway, it sems to be only 2 actual viruses....Win32.Sality.E and Win32.Worm.Sality.A, predominatly the first though. I dont know much about virus's however it seems to destroy every .exe file on my computer and i have to keep reinstalling software. On top of this, Zone Alarm is continually stopping strange name software trying access the web.....i remove these but they are constantly returning.....these include:-

winepsya.exe
wingyotm.exe etc...etc..

they all have very strange symbols at the end too....i have no idea where they are coming from or if they are good/bad etc.....Anyway.....its driving me nuts. I guess ill start by putting on my Hijack this log. Please help someone !! It really is driving me up the wall !!! Thanks !!

Logfile of HijackThis v1.99.1
Scan saved at 11:24:09, on 07/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\program files\softwin\bitdefender8\bdnagent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Softwin\BitDefender8\Quarantine\msnmsgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Sony\SonicStage\Omgjbox.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SsDbConnection.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.ebay.co.uk/ws/eBayISAPI.dll?MyEbayForGuests
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "c:\program files\softwin\bitdefender8\bdnagent.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\MSO7FTP.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098471789737
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150238421048
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


----------



## Cookiegal (Aug 27, 2003)

Download *WinPFind*
*Right Click* the Zip Folder and Select "*Extract All*"
Extract it somewhere you will remember like the *Desktop*
Dont do anything with it yet!

*Click here* for info on how to boot to safe mode if you don't already know how.

Reboot into Safe Mode.

Double click *WinPFind.exe*
Click "*Start Scan*"
*It will scan the entire System, so please be patient and let it complete.*

Reboot back to Normal Mode!


Go to the *WinPFind folder*
Locate *WinPFind.txt*
Copy and paste WinPFind.txt in your next post here please.


----------



## tinytich (Jun 18, 2006)

Ok, here is the log....only took about 15 mins.....anyway, im sure u will know this already but when rebooted system desktop is immediatly recognising which progs are missing (ie: the shortcuts are now blank windows)....anyway...i hope this log helps.....

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
PEC2 06/12/2005 20:20:40 8529240 C:\crash.txt

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 18/08/2001 13:00:00 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 17/05/2006 11:23:38 579888 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
PECompact2 09/06/2006 02:19:50 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 09/06/2006 02:19:50 5967776 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 04/08/2004 00:56:38 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 04/08/2004 00:56:46 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 18/08/2001 13:00:00 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 04/08/2004 06:41:38 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
07/07/2006 13:12:44 S 2048 C:\WINDOWS\bootstat.dat
19/06/2006 20:55:40 HS 7680 C:\WINDOWS\Thumbs.db
03/06/2006 19:42:30 RH 749 C:\WINDOWS\WindowsShell.Manifest
03/06/2006 19:42:42 H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
03/06/2006 19:47:52 HS 67 C:\WINDOWS\Fonts\desktop.ini
14/06/2006 17:46:28 H 0 C:\WINDOWS\inf\oem10.inf
03/06/2006 19:42:42 H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
03/06/2006 19:43:28 RHS 242478 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_55.cab
03/06/2006 19:43:28 RHS 19959 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_56.cab
03/06/2006 19:43:28 RHS 727 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_57.cab
03/06/2006 19:51:30 H 299008 C:\WINDOWS\repair\ntuser.dat
27/05/2006 22:59:56 H 0 C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\0f128fbb215c908edb54eb544b291b6c\BITF.tmp
03/06/2006 19:42:30 RH 749 C:\WINDOWS\system32\cdplayer.exe.manifest
03/06/2006 19:42:40 RH 488 C:\WINDOWS\system32\logonui.exe.manifest
03/06/2006 19:42:30 RH 749 C:\WINDOWS\system32\ncpa.cpl.manifest
03/06/2006 19:42:30 RH 749 C:\WINDOWS\system32\nwc.cpl.manifest
03/06/2006 19:42:30 RH 749 C:\WINDOWS\system32\sapi.cpl.manifest
07/07/2006 08:05:56 H 48882 C:\WINDOWS\system32\vsconfig.xml
03/06/2006 19:42:40 RH 488 C:\WINDOWS\system32\WindowsLogon.manifest
03/06/2006 19:42:30 RH 749 C:\WINDOWS\system32\wuaucpl.cpl.manifest
27/06/2006 20:47:28 H 4212 C:\WINDOWS\system32\zllictbl.dat
14/05/2006 11:21:52 S 13309 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB911280.cat
29/05/2006 17:16:00 S 23751 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB916281.cat
18/05/2006 08:15:12 S 10925 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB917344.cat
01/06/2006 21:28:56 S 11043 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat
17/05/2006 11:24:42 S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WGA.cat
07/07/2006 13:12:22 H 8192 C:\WINDOWS\system32\config\default.LOG
27/05/2006 16:07:58 H 0 C:\WINDOWS\system32\config\default.tmp.LOG
07/07/2006 13:13:16 H 1024 C:\WINDOWS\system32\config\SAM.LOG
07/07/2006 13:12:48 H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
07/07/2006 13:13:08 H 61440 C:\WINDOWS\system32\config\software.LOG
27/05/2006 16:07:58 H 0 C:\WINDOWS\system32\config\software.tmp.LOG
07/07/2006 13:13:00 H 921600 C:\WINDOWS\system32\config\system.LOG
27/05/2006 16:07:26 H 0 C:\WINDOWS\system32\config\system.tmp.LOG
03/06/2006 20:09:58 H 1024 C:\WINDOWS\system32\config\TempKey.LOG
03/06/2006 19:51:32 H 1024 C:\WINDOWS\system32\config\userdiff.LOG
03/06/2006 19:51:34 H 1024 C:\WINDOWS\system32\config\userdifr.LOG
15/06/2006 15:47:10 H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
02/06/2006 20:06:44 HS 67 C:\WINDOWS\system32\config\systemprofile\Desktop\Tich's Home Folder\Temporary Internet Files\desktop.ini
02/06/2006 20:06:44 HS 67 C:\WINDOWS\system32\config\systemprofile\Desktop\Tich's Home Folder\Temporary Internet Files\Content.IE5\desktop.ini
02/06/2006 20:06:44 HS 67 C:\WINDOWS\system32\config\systemprofile\Desktop\Tich's Home Folder\Temporary Internet Files\Content.IE5\2HG7C7U3\desktop.ini
02/06/2006 20:06:44 HS 67 C:\WINDOWS\system32\config\systemprofile\Desktop\Tich's Home Folder\Temporary Internet Files\Content.IE5\858B0RYX\desktop.ini
02/06/2006 20:06:44 HS 67 C:\WINDOWS\system32\config\systemprofile\Desktop\Tich's Home Folder\Temporary Internet Files\Content.IE5\G5S9UJC1\desktop.ini
02/06/2006 20:06:44 HS 67 C:\WINDOWS\system32\config\systemprofile\Desktop\Tich's Home Folder\Temporary Internet Files\Content.IE5\QFAPALO7\desktop.ini
25/05/2006 17:37:40 HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\95c4db95-db49-4f5d-a922-dfc7be0a6df2
25/05/2006 17:37:40 HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
07/07/2006 13:10:24 H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 04/08/2004 00:56:58 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 04/08/2004 00:56:58 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 04/08/2004 08:56:58 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 04/08/2004 00:56:58 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 04/08/2004 08:56:58 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 04/08/2004 00:56:58 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Ahead Software AG 14/01/2004 19:57:18 57344 C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation 04/08/2004 00:56:58 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 04/08/2004 00:56:58 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 04/08/2004 00:56:58 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 04/08/2004 00:56:58 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 18/08/2001 13:00:00 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 04/08/2004 00:56:58 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 18/08/2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 04/08/2004 08:56:58 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 04/08/2004 00:56:58 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 12/07/2004 16:50:00 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 04/08/2004 00:56:58 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 04/08/2004 00:56:58 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 04/08/2004 00:56:58 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 18/08/2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 04/08/2004 00:56:58 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 04/08/2004 08:56:58 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 26/05/2005 04:16:30 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 18/08/2001 13:00:00 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 18/08/2001 13:00:00 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 18/08/2001 13:00:00 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
16/06/2006 19:48:30 986 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
03/06/2006 19:51:22 HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
25/06/2006 13:36:34 1742 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
23/06/2006 22:55:46 875 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
03/06/2006 19:15:04 HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
25/06/2006 10:32:00 1755 C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

Checking files in %USERPROFILE%\Startup folder...
02/12/2003 18:36:04 HS 84 C:\Documents and Settings\Tich Williams\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
17/05/2006 18:59:34 1557 C:\Documents and Settings\Tich Williams\Application Data\AdobeDLM.log
02/12/2003 17:44:32 HS 62 C:\Documents and Settings\Tich Williams\Application Data\desktop.ini
17/05/2006 18:59:34 0 C:\Documents and Settings\Tich Williams\Application Data\dm.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{32714800-2E5F-11d0-8B85-00AA0044F941} = C:\Program Files\Outlook Express\wabfind.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BitDefender Antivirus v8
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Program Files\Softwin\BitDefender8\bdshelxt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = D:\WinZip\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BitDefender Antivirus v8
{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Program Files\Softwin\BitDefender8\bdshelxt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = D:\WinZip\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = D:\WinZip\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
PCTools Site Guard = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}
PCTools Browser Monitor = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
MSNToolBandBHO = C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN	: C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
ButtonText = Spyware Doctor	: 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger	: C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
= 
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links	: %SystemRoot%\system32\SHELL32.dll
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address	: %SystemRoot%\System32\browseui.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN	: C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google	: c:\program files\google\googletoolbar2.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address	: %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links	: %SystemRoot%\system32\SHELL32.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN	: C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} = &SearchBar	: C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
{804DB5C7-31E6-4885-850A-F1941B58A4C7} = : 
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google	: c:\program files\google\googletoolbar2.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar	: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
C-Media Mixer	Mixer.exe /startup
TkBellExe	"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
nwiz	nwiz.exe /install
NvMediaCenter	RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
NvCplDaemon	RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
QuickTime Task	"C:\Program Files\QuickTime\qttask.exe" -atboottime
BDMCon	"C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
BDNewsAgent	"c:\program files\softwin\bitdefender8\bdnagent.exe"
iTunesHelper	"C:\Program Files\iTunes\iTunesHelper.exe"
Zone Labs Client	"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL	Installed = 1
MAPI	Installed = 1
MSFS	Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsnMsgr	"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Spyware Doctor	"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
SsAAD.exe	C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} = 
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername	0
legalnoticecaption	
legalnoticetext	
shutdownwithoutlogon	1
undockwithoutlogon	1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations
LowRiskFileTypes	.zip;.rar;.cab;.txt;.exe;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mov;.mp3;.wav

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun	149
CDRAutoRun	0
NoSaveSettings	0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools	0
DisableTaskMgr	0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit	= C:\WINDOWS\SYSTEM32\Userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1	- Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 07/07/2006 13:25:01


----------



## Cookiegal (Aug 27, 2003)

Can you upload the BitDefender log as an attachment here please.


----------



## tinytich (Jun 18, 2006)

ok...this is from a few days ago now and i havnt done one since due to the fact that my computer doesnt seem to be getting rid of these viruses but getting more !!! also, i am limited to 30000 characters here apparently so i have had to vastly cut the log.....hope it gives an idea though. here it is....

//-----------------------------------------------------------------
//
//	Product: BitDefender 8 Free Edition
//	Version: 8.0
//
//	Created on:	25/06/2006	10:33:02
//
//-----------------------------------------------------------------

Statistics

Scan path	: C:\
Folders	: 6247
Files	: 325622
Archives	: 11105 
Packed files	: 28055
Identified viruses	: 2
Infected files	: 1280
Warnings	: 0
Suspect files	: 0
Disinfected files	: 0
Deleted files	: 0
Copied files	: 0
Moved files	: 1253
Renamed files	: 0
I/O errors	: 65
Scan time	: 02:02:15
Scan speed (files/sec)	: 44

Virus definitions	: 389412
Scan plugins	: 13
Archive plugins	: 39
Unpack plugins	: 5
Mail plugins	: 6
System plugins	: 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions: 
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\Documents and Settings\All Users\Desktop\BitDefender 8 Free Edition.lnk=>C:\Program Files\Softwin\BitDefender8\bdmcon.exe	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Desktop\BitDefender 8 Free Edition.lnk=>C:\Program Files\Softwin\BitDefender8\bdmcon.exe	Disinfection failed
C:\Documents and Settings\All Users\Desktop\BitDefender 8 Free Edition.lnk=>C:\Program Files\Softwin\BitDefender8\bdmcon.exe	Move failed
C:\Documents and Settings\All Users\Desktop\Motorola Phone Tools.lnk=>C:\Program Files\Motorola Phone Tools\mPhonetools.exe	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Desktop\Motorola Phone Tools.lnk=>C:\Program Files\Motorola Phone Tools\mPhonetools.exe	Disinfection failed
C:\Documents and Settings\All Users\Desktop\Motorola Phone Tools.lnk=>C:\Program Files\Motorola Phone Tools\mPhonetools.exe	Move failed
C:\Documents and Settings\All Users\Desktop\MSN Messenger 7.5.lnk=>C:\Program Files\MSN Messenger\msnmsgr.exe	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Desktop\MSN Messenger 7.5.lnk=>C:\Program Files\MSN Messenger\msnmsgr.exe	Disinfection failed
C:\Documents and Settings\All Users\Desktop\MSN Messenger 7.5.lnk=>C:\Program Files\MSN Messenger\msnmsgr.exe	Move failed
C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk=>C:\Program Files\QuickTime\QuickTimePlayer.exe	Infected Win32.Sality.E
ments and Settings\All Users\Start Menu\Programs\WinZip\Uninstall WinZip.lnk=>C:\Program Files\WinZip\WINZIP32.EXE	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Start Menu\Programs\WinZip\Uninstall WinZip.lnk=>C:\Program Files\WinZip\WINZIP32.EXE	Disinfection failed
C:\Documents and Settings\All Users\Start Menu\Programs\WinZip\Uninstall WinZip.lnk=>C:\Program Files\WinZip\WINZIP32.EXE	Move failed
C:\Documents and Settings\Richard Williams\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk=>C:\Program Files\QuickTime\QuickTimePlayer.exe	Infected Win32.Sality.E
C:\Documents and Settings\Richard Williams\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk=>C:\Program Files\QuickTime\QuickTimePlayer.exe	Disinfection failed
C:\Documents and Settings\Richard Williams\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk=>C:\Program Files\QuickTime\QuickTimePlayer.exe	Move failed
C:\Documents and Settings\Tich Williams\Application Data\Microsoft\Internet Explorer\Quick Launch\MSN Messenger 7.0.lnk=>C:\Program Files\MSN Messenger\msnmsgr.exe	Infected Win32.Sality.E
C:\Documents and Settings\Tich Williams\Application Data\Microsoft\Internet Explorer\Quick Launch\MSN Messenger 7.0.lnk=>C:\Program Files\MSN Messenger\msnmsgr.exe	Disinfection failed
C:\Documents and Settings\Tich Williams\Application Data\Microsoft\Internet Explorer\Quick Launch\MSN Messenger 7.0.lnk=>C:\Program Files\MSN Messenger\msnmsgr.exe	Move failed
C:\Documents and Settings\Tich Williams\Application Data\Microsoft\Internet Explorer\Quick Launch\MSN Messenger 7.5.lnk=>C:\Program Files\MSN Messenger\msnmsgr.exe	Infected Win32.Sality.E
C:\Documents and Settings\Tich Williams\Application Data\Microsoft\Internet Explorer\Quick Launch\MSN Messenger 7.5.lnk=>C:\Program Files\MSN Messenger\msnmsgr.exe	Disinfection failed
C:\Documents and Settings\Tich Williams\Application Data\Microsoft\Internet Explorer\Quick Launch\MSN Messenger 7.5.lnk=>C:\Program Files\MSN Messenger\msnmsgr.exe	Move failed
C:\Documents and Settings\Tich Williams\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk=>C:\Program Files\QuickTime\QuickTimePlayer.exe	Infected Win32.Sality.E
C:\Documents and Settings\Tich Williams\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk=>C:\Program Files\QuickTime\QuickTimePlayer.exe	Disinfection failed
C:\Documents and Settings\Tich Williams\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk=>C:\Program Files\QuickTime\QuickTimePlayer.exe	Move failed
C:\Documents and Settings\Tich Williams\Desktop\Dreamweaver.lnk=>C:\Program Files\Macromedia\Dreamweaver 3\Dreamweaver.exe	Infected Win32.Sality.E
C:\Documents and Settings\Tich Williams\Desktop\Dreamweaver.lnk=>C:\Program Files\Macromedia\Dreamweaver 3\Dreamweaver.exe	Disinfection failed
C:\Documents and Settings\Tich Williams\Desktop\Dreamweaver.lnk=>C:\Program Files\Macromedia\Dreamweaver 3\Dreamweaver.exe	Move failed
C:\Documents and Settings\Tich Williams\Desktop\Play Star Wars Episode I Racer.lnk=>C:\Program Files\LucasArts\RACER\RACER.EXE	Infected Win32.Sality.E
C:\Documents and Settings\Tich Williams\Desktop\Play Star Wars Episode I Racer.lnk=>C:\Program Files\LucasArts\RACER\RACER.EXE	Disinfection failed
C:\Documents and Settings\Tich Williams\Desktop\Play Star Wars Episode I Racer.lnk=>C:\Program Files\LucasArts\RACER\RACER.EXE	Move failed
C:\Documents and Settings\Tich Williams\Start Menu\Programs\Sports Interactive\Football Manager 2005\Editor.lnk=>C:\Program Files\Football Manager 2005\fm data editor.exe	Infected Win32.Sality.E
C:\Documents and Settings\Tich Williams\Start Menu\Programs\Sports Interactive\Football Manager 2005\Editor.lnk=>C:\Program Files\Football Manager 2005\fm data editor.exe	Disinfection failed
C:\Documents and Settings\Tich Williams\Start Menu\Programs\Sports Interactive\Football Manager 2005\Editor.lnk=>C:\Program Files\Football Manager 2005\fm data editor.exe	Move failed
C:\Documents and Settings\Tich Williams\Start Menu\WinZip.lnk=>C:\Program Files\WinZip\WINZIP32.EXE	Infected Win32.Sality.E
C:\Documents and Settings\Tich Williams\Start Menu\WinZip.lnk=>C:\Program Files\WinZip\WINZIP32.EXE	Disinfection failed
C:\Documents and Settings\Tich Williams\Start Menu\WinZip.lnk=>C:\Program Files\WinZip\WINZIP32.EXE	Move failed
C:\Program Files\Football Manager 2005\fm data editor.exe	Infected Win32.Sality.E
C:\Program Files\Football Manager 2005\fm data editor.exe	Disinfection failed
C:\Program Files\Football Manager 2005\fm data editor.exe	Moved
C:\Program Files\Hijackthis\HijackThis.exe	Infected Win32.Sality.E
C:\Program Files\Hijackthis\HijackThis.exe	Disinfection failed
C:\Program Files\Hijackthis\HijackThis.exe	Moved
C:\Program Files\InstallShield Installation Information\{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}\shutdown.exe	Infected Win32.Sality.E
C:\Program Files\InstallShield Installation Information\{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}\shutdown.exe	Disinfection failed
C:\Program Files\InstallShield Installation Information\{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}\shutdown.exe	Moved
C:\Program Files\InstallShield Installation Information\{3633BA28-67CE-4AC8-A677-3406CA84C3D8}\shutdown.exe	Infected Win32.Sality.E
C:\Program Files\InstallShield Installation Information\{3633BA28-67CE-4AC8-A677-3406CA84C3D8}\shutdown.exe	Disinfection failed
C:\Program Files\InstallShield Installation Information\{3633BA28-67CE-4AC8-A677-3406CA84C3D8}\shutdown.exe	Moved
C:\Program Files\InstallShield Installation Information\{4C968D18-5BD1-467B-9AC6-F451A068A96C}\Setup.exe	Infected Win32.Sality.E
C:\Program Files\InstallShield Installation Information\{4C968D18-5BD1-467B-9AC6-F451A068A96C}\Setup.exe	Disinfection failed
C:\Program Files\InstallShield Installation Information\{4C968D18-5BD1-467B-9AC6-F451A068A96C}\Setup.exe	Moved
C:\Program Files\InstallShield Installation Information\{976EA7B1-7562-483D-88DA-4323D263B7CD}\Setup.exe	Infected Win32.Sality.E
C:\Program Files\InstallShield Installation Information\{976EA7B1-7562-483D-88DA-4323D263B7CD}\Setup.exe	Disinfection failed
C:\Program Files\InstallShield Installation Information\{976EA7B1-7562-483D-88DA-4323D263B7CD}\Setup.exe	Moved
C:\Program Files\InstallShield Installation Information\{CC93D1AA-B881-489A-8D7E-C2DBC1E6F350}\Setup.exe	Infected Win32.Sality.E
C:\Program Files\InstallShield Installation Information\{CC93D1AA-B881-489A-8D7E-C2DBC1E6F350}\Setup.exe	Disinfection failed
C:\Program Files\InstallShield Installation Information\{CC93D1AA-B881-489A-8D7E-C2DBC1E6F350}\Setup.exe	Moved
C:\Program Files\InstallShield Installation Information\{DFF29C16-11B8-4AD2-AC1A-2841DA197982}\Setup.exe	Infected Win32.Sality.E
C:\Program Files\InstallShield Installation Information\{DFF29C16-11B8-4AD2-AC1A-2841DA197982}\Setup.exe	Disinfection failed
C:\Program Files\InstallShield Installation Information\{DFF29C16-11B8-4AD2-AC1A-2841DA197982}\Setup.exe	Moved
C:\Program Files\iTunes\iTunes.exe	Infected Win32.Sality.E
C:\Program Files\iTunes\iTunes.exe	Disinfection failed
C:\Program Files\iTunes\iTunes.exe	Moved
C:\Program Files\LucasArts\RACER\RACER.EXE	Infected Win32.Sality.E
C:\Program Files\LucasArts\RACER\RACER.EXE	Disinfection failed
C:\Program Files\LucasArts\RACER\RACER.EXE	Moved
C:\Program Files\LucasArts\RACER\register.exe	Infected Win32.Sality.E
C:\Program Files\LucasArts\RACER\register.exe	Disinfection failed
C:\Program Files\LucasArts\RACER\register.exe	Moved
C:\Program Files\LucasArts\RACER\SWEP1RCR.EXE	Infected Win32.Sality.E
C:\Program Files\LucasArts\RACER\SWEP1RCR.EXE	Disinfection failed
C:\Program Files\LucasArts\RACER\SWEP1RCR.EXE	Moved
\A0004589.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP4\A0004590.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP4\A0004590.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP4\A0004590.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP4\A0004621.dll	Infected Win32.Worm.Sality.A
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP4\A0004621.dll	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP4\A0004621.dll	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP4\A0004648.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP4\A0004648.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP4\A0004648.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP5\A0004671.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP5\A0004671.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP5\A0004671.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP5\A0004672.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP5\A0004672.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP5\A0004672.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP5\A0004701.dll	Infected Win32.Worm.Sality.A
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP5\A0004701.dll	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP5\A0004701.dll	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP5\A0004707.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP5\A0004707.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP5\A0004707.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP6\A0004721.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP6\A0004721.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP6\A0004721.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP6\A0004722.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP6\A0004722.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP6\A0004722.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP6\A0004752.dll	Infected Win32.Worm.Sality.A
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP6\A0004752.dll	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP6\A0004752.dll	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP6\A0004758.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP6\A0004758.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP6\A0004758.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP6\A0004759.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP6\A0004759.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP6\A0004759.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0004794.dll	Infected Win32.Worm.Sality.A
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0004794.dll	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0004794.dll	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0004801.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0004801.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0004801.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0004812.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0004812.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0004812.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0004813.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0004813.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0004813.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0004839.dll	Infected Win32.Worm.Sality.A
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0004839.dll	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0004839.dll	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0004843.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0004843.exe	Disinfection failed
A0005047.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0005047.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0005048.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0005048.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0005048.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0005049.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0005049.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0005049.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0005050.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0005050.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP8\A0005050.exe	Moved
\A0005688.exe	Disinfection failed
\A0005701.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP9\A0005702.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP9\A0005702.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP9\A0005702.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP9\A0005703.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP9\A0005703.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP9\A0005703.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP9\A0005704.EXE	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP9\A0005704.EXE	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP9\A0005704.EXE	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP9C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe	Infected Win32.Sality.E
C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe	Disinfection failed
C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe	Moved
C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe	Infected Win32.Sality.E
C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe	Disinfection failed
C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe	Moved
C:\WINDOWS\$hf_mig$\KB896424\update\arpidfix.exe	Infected Win32.Sality.E
C:\WINDOWS\$hf_mig$\KB896424\update\arpidfix.exe	Disinfection failed
C:\WINDOWS\$hf_mig$\KB896424\update\arpidfix.exe	Moved
C:\WINDOWS\$hf_mig$\KB896428\SP2QFE\telnet.exe	Infected Win32.Sality.E
C:\WINDOWS\$hf_mig$\KB896428\SP2QFE\telnet.exe	Disinfection failed
C:\WINDOWS\$hf_mig$\KB896428\SP2QFE\telnet.exe	Moved
C:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe	Infected Win32.Sality.E
C:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe	Disinfection failed
C:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe	Moved
C:\WINDOWS\$hf_mig$\KB900725\update\arpidfix.exe	Infected Win32.Sality.E
C:\WINDOWS\$hf_mig$\KB900725\update\arpidfix.exe	Disinfection failed
C:\WINDOWS\$hf_mig$\KB900725\update\arpidfix.exe	Moved
C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe	Infected Win32.Sality.E
C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe	Disinfection failed
C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe	Moved
C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe	Infected Win32.Sality.E
C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe	Disinfection failed
C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe	Moved
C:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe	Infected Win32.Sality.E
C:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe	Disinfection failed
C:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe	Moved
C:\WINDOWS\$hf_mig$\KB905414\update\arpidfix.exe	Infected Win32.Sality.E
C:\WINDOWS\$hf_mig$\KB905414\update\arpidfix.exe	Disinfection failed
C:\WINDOWS\$hf_mig$\KB905414\update\arpidfix.exe	Moved
C:\WINDOWS\$hf_mig$\KB905749\update\arpidfix.exe	Infected Win32.Sality.E
C:\WINDOWS\$hf_mig$\KB905749\update\arpidfix.exe	Disinfection failed
C:\WINDOWS\$hf_mig$\KB905749\update\arpidfix.exe	Moved
C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\verclsid.exe	Infected Win32.Sality.E
C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\verclsid.exe	Disinfection failed
C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\verclsid.exe	Moved
C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\iedw.exe	Infected Win32.Sality.E
C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\iedw.exe	Disinfection failed
C:\WINDOWS\$hf_mig$\KB916281\SP2QFE\iedw.exe	Moved
C:\WINDOWS\$NtServicePackUninstall$\accwiz.exe	Infected Win32.Sality.E
C:\WINDOWS\$NtServicePackUninstall$\accwiz.exe	Disinfection failed
C:\WINDOWS\$NtServicePackUninstall$\accwiz.exe	Moved
C:\WINDOWS\$NtServicePackUninstall$\admin.exe	Infected Win32.Sality.E
C:\WINDOWS\$NtServicePackUninstall$\admin.exe	Disinfection failed
C:\WINDOWS\$NtServicePackUninstall$\admin.exe	Moved
C:\WINDOWS\ServicePackFiles\i386\diantz.exe	Moved
C:\WINDOWS\ServicePackFiles\i386\diskpart.exe	Infected Win32.Sality.E
C:\WINDOWS\ServicePackFiles\i386\diskpart.exe	Disinfection failed
C:\WINDOWS\ServicePackFiles\i386\diskpart.exe	Moved
C:\WINDOWS\ServicePackFiles\i386\dlimport.exe	Infected Win32.Sality.E
C:\WINDOWS\ServicePackFiles\i386\dlimport.exe	Disinfection failed
C:\WINDOWS\ServicePackFiles\i386\dlimport.exe	Moved
C:\WINDOWS\ServicePackFiles\i386\dllhost.exe	Infected Win32.Sality.E
C:\WINDOWS\ServicePackFiles\i386\dllhost.exe	Disinfection failed
C:\WINDOWS\ServicePackFiles\i386\dllhost.exe	Moved
C:\WINDOWS\ServicePackFiles\i386\dmadmin.exe	Infected Win32.Sality.E
C:\WINDOWS\ServicePackFiles\i386\dmadmin.exe	Disinfection failed
C:\WINDOWS\ServicePackFiles\i386\dmadmin.exe	Moved
C:\WINDOWS\ServicePackFiles\i386\dmremote.exe	Infected Win32.Sality.E
C:\WINDOWS\ServicePackFiles\i386\dmremote.exe	Disinfection failed
C:\WINDOWS\ServicePackFiles\i386\dmremote.exe	Moved
C:\WINDOWS\ServicePackFiles\i386\dplaysvr.exe	Infected Win32.Sality.E
C:\WINDOWS\ServicePackFiles\i386\dplaysvr.exe	Disinfection failed
C:\WINDOWS\ServicePackFiles\i386\dplaysvr.exe	Moved
C:\WINDOWS\ServicePackFiles\i386\dpnsvr.exe	Infected Win32.Sality.E
C:\WINDOWS\ServicePackFiles\i386\dpnsvr.exe	Disinfection failed
C:\WINDOWS\ServicePackFiles\i386\dpnsvr.exe	Moved
C:\WINDOWS\ServicePackFiles\i386\dpvsetup.exe	Infected Win32.Sality.E
C:\WINDOWS\ServicePackFiles\i386\dpvsetup.exe	Disinfection failed
C:\WINDOWS\ServicePackFiles\i386\dpvsetup.exe	Moved
C:\WINDOWS\ServicePackFiles\i386\dumprep.exe	Infected Win32.Sality.E
C:\WINDOWS\ServicePackFiles\i386\dumprep.exe	Disinfection failed
C:\WINDOWS\ServicePackFiles\i386\dumprep.exe	Moved
C:\WINDOWS\ServicePackFiles\i386\dvdupgrd.exe	Infected Win32.Sality.E
C:\WINDOWS\ServicePackFiles\i386\dvdupgrd.exe	Disinfection failed
C:\WINDOWS\ServicePackFiles\i386\dvdupgrd.exe	Moved
C:\WINDOWS\ServicePackFiles\i386\dwwin.exe	Infected Win32.Sality.E
C:\WINDOWS\ServicePackFiles\i386\dwwin.exe	Disinfection failed
C:\WINDOWS\ServicePackFiles\i386\dwwin.exe	Moved
C:\WINDOWS\ServicePackFiles\i386\dxdiag.exe	Infected Win32.Sality.E
C:\WINDOWS\ServicePackFiles\i386\dxdiag.exe	Disinfection failed
C:\WINDOWS\ServicePackFiles\i386\dxdiag.exe	Moved
C:\WINDOWS\ServicePackFiles\i386\eudcedit.exe	Infected Win32.Sality.E
C:\WINDOWS\ServicePackFiles\i386\eudcedit.exe	Disinfection failed
C:\WINDOWS\ServicePackFiles\i386\eudcedit.exe	Moved
C:\WINDOWS\ServicePackFiles\i386\evntcmd.exe	Infected Win32.Sality.E
C:\WINDOWS\ServicePackFiles\i386\evntcmd.exe	Disinfection failed
C:\WINDOWS\ServicePackFiles\i386\evntcmd.exe	Moved
C:\WINDOWS\ServicePackFiles\i386\evntwin.exe	Infected Win32.Sality.E
C:\WINDOWS\ServicePackFiles\i386\evntwin.exe	Disinfection failed
C:\WINDOWS\ServicePackFiles\i386\evntwin.exe	Moved
C:\WINDOWS\ServicePackFiles\i386\explorer.exe	Infected Win32.Sality.E
C:\WINDOWS\ServicePackFiles\i386\explorer.exe	Disinfection failed
C:\WINDOWS\ServicePackFiles\i386\explorer.exe	Moved
C:\WINDOWS\ServicePackFiles\i386\extrac32.exe	Infected Win32.Sality.E
C:\WINDOWS\ServicePackFiles\i386\extrac32.exe	Disinfection failed
C:\WINDOWS\ServicePackFiles\i386\extrac32.exe	Moved
C:\WINDOWS\ServicePackFiles\i386\faxpatch.exe	Infected Win32.Sality.E
C:\WINDOWS\ServicePackFiles\i386\faxpatch.exe	Disinfection failed
C:\WINDOWS\ServicePackFiles\i386\faxpatch.exe	Moved
C:\WINDOWS\ServicePackFiles\i386\findstr.exe	Infected Win32.Sality.E
C:\WINDOWS\ServicePackFiles\i386\findstr.exe	Disinfection failed
C:\WINDOWS\ServicePackFiles\i386\findstr.exe	Moved
C:\WINDOWS\ServicePackFiles\i386\fltmc.exe	Infected Win32.Sality.E
C:\WINDOWS\ServicePackFiles\i386\fltmc.exe	Disinfection failed
C:\WINDOWS\ServicePackFiles\i386\fltmc.exe	Moved
C:\WINDOWS\ServicePackFiles\i386\fontview.exe	Infected Win32.Sality.E
C:\WINDOWS\SoftwareDistribution\Download\ee626d72680ff2619246a1cf5516f892\sp2qfe\telnet.exe	Moved
C:\WINDOWS\SoftwareDistribution\Download\f296928eb21d756b3a2e1cf07fba47dd\spuninst.exe	Infected Win32.Sality.E
C:\WINDOWS\SoftwareDistribution\Download\f296928eb21d756b3a2e1cf07fba47dd\spuninst.exe	Disinfection failed
C:\WINDOWS\SoftwareDistribution\Download\f296928eb21d756b3a2e1cf07fba47dd\spuninst.exe	Moved
C:\WINDOWS\SoftwareDistribution\Download\f296928eb21d756b3a2e1cf07fba47dd\update\update.exe	Infected Win32.Sality.E
C:\WINDOWS\SoftwareDistribution\Download\f296928eb21d756b3a2e1cf07fba47dd\update\update.exe	Disinfection failed
C:\WINDOWS\SoftwareDistribution\Download\f296928eb21d756b3a2e1cf07fba47dd\update\update.exe	Moved
C:\WINDOWS\SoftwareDistribution\Download\f7a4b3723a3aad7955ede9785b307e88\update\arpidfix.exe	Infected Win32.Sality.E
C:\WINDOWS\SoftwareDistribution\Download\f7a4b3723a3aad7955ede9785b307e88\update\arpidfix.exe	Disinfection failed
C:\WINDOWS\SoftwareDistribution\Download\f7a4b3723a3aad7955ede9785b307e88\update\arpidfix.exe	Moved
C:\WINDOWS\system32\rundll32.exe.tmp	Infected Win32.Sality.E
C:\WINDOWS\system32\rundll32.exe.tmp	Disinfection failed
C:\WINDOWS\system32\rundll32.exe.tmp	Moved
C:\WINDOWS\system32\spoolsv.exe	Infected Win32.Sality.E
C:\WINDOWS\system32\spoolsv.exe	Disinfection failed
C:\WINDOWS\system32\spoolsv.exe	Moved
C:\WINDOWS\system32\wmimgr32.dll	Infected Win32.Worm.Sality.A
C:\WINDOWS\system32\wmimgr32.dll	Disinfection failed
C:\WINDOWS\system32\wmimgr32.dll	Moved
C:\WINDOWS\uninst.exe	Infected Win32.Sality.E
C:\WINDOWS\uninst.exe	Disinfection failed
C:\WINDOWS\uninst.exe	Moved


----------



## cybarite (Mar 28, 2006)

Hi Tinytich,

You dont seem to have any antivirus on your system. Get Avast or AVG. Personally I prefer Avast. That should also help in cleaning or preventing more viruses from getting to your PC. The malware removal part Cookiegal will assist you with as I am not that knowledgeable about them.

Hope this helps,

Matthew


----------



## Cookiegal (Aug 27, 2003)

You definitely need an anti-virus program. Please get one immediately. AVG is a good free one.

Sality infects every .exe and is very difficult to eradicate but it can be done.

Do this on-line virus scan:

* Panda Active Scan*. Be sure to save the log it creates and copy and paste it here.


----------



## tinytich (Jun 18, 2006)

ok. thanks for all yr help so far. I have now got avast running......along with zone alarm / bitdefender and Spy Doctor.....those last 3 together obviously wernt doing much.....as suggested ill post the log very soon of that panadascan !!

thanks again


----------



## Cookiegal (Aug 27, 2003)

:up:


----------



## tinytich (Jun 18, 2006)

Your going to love this. I have just done that scan. It found 0 Virus's, Spyware, Hacking Tools, Diallers, Security Risks and Suspious Files. 0 !! I went down the link u put up and think i did the scan right. I have done it twice and 0 both times !!


----------



## blkwlnt64 (Mar 28, 2005)

Cookiegal, The Bitdefender log appeared to have cleaned several infections in System Restore entries so should System Restore be turned off then on again.


----------



## Cookiegal (Aug 27, 2003)

Can you run another scan with BitDefender please and post the results.

Run Kaspersky online virus scan *here*.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!


----------



## tinytich (Jun 18, 2006)

ok. will put these up when there done.....


----------



## Cookiegal (Aug 27, 2003)

:up:


----------



## tinytich (Jun 18, 2006)

ok. Firstly Bit Defender Scan.....

//-----------------------------------------------------------------
//
//	Product: BitDefender 8 Free Edition
//	Version: 8.0
//
//	Created on:	08/07/2006	23:10:07
//
//-----------------------------------------------------------------

Statistics

Scan path	: C:\
Folders	: 896
Files	: 16489
Archives	: 1018 
Packed files	: 423
Identified viruses	: 1
Infected files	: 6
Warnings	: 0
Suspect files	: 0
Disinfected files	: 0
Deleted files	: 0
Copied files	: 0
Moved files	: 0
Renamed files	: 0
I/O errors	: 16
Scan time	: 00:16:50
Scan speed (files/sec)	: 16

Virus definitions	: 406682
Scan plugins	: 13
Archive plugins	: 39
Unpack plugins	: 5
Mail plugins	: 6
System plugins	: 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions: 
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\Documents and Settings\All Users\Desktop\BitDefender 8 Free Edition.lnk=>C:\Program Files\Softwin\BitDefender8\bdmcon.exe	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Desktop\BitDefender 8 Free Edition.lnk=>C:\Program Files\Softwin\BitDefender8\bdmcon.exe	Disinfection failed
C:\Documents and Settings\All Users\Desktop\BitDefender 8 Free Edition.lnk=>C:\Program Files\Softwin\BitDefender8\bdmcon.exe	Move failed
C:\Documents and Settings\All Users\Desktop\MSN Messenger 7.5.lnk=>C:\Program Files\Softwin\BitDefender8\Quarantine\msnmsgr.exe	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Desktop\MSN Messenger 7.5.lnk=>C:\Program Files\Softwin\BitDefender8\Quarantine\msnmsgr.exe	Disinfection failed
C:\Documents and Settings\All Users\Desktop\MSN Messenger 7.5.lnk=>C:\Program Files\Softwin\BitDefender8\Quarantine\msnmsgr.exe	Move failed
C:\Documents and Settings\All Users\Start Menu\BitDefender 8 Free Edition.lnk=>C:\Program Files\Softwin\BitDefender8\bdmcon.exe	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Start Menu\BitDefender 8 Free Edition.lnk=>C:\Program Files\Softwin\BitDefender8\bdmcon.exe	Disinfection failed
C:\Documents and Settings\All Users\Start Menu\BitDefender 8 Free Edition.lnk=>C:\Program Files\Softwin\BitDefender8\bdmcon.exe	Move failed
C:\Documents and Settings\All Users\Start Menu\Programs\BitDefender 8\BitDefender Register Online.lnk=>C:\Program Files\Softwin\BitDefender8\register.exe	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Start Menu\Programs\BitDefender 8\BitDefender Register Online.lnk=>C:\Program Files\Softwin\BitDefender8\register.exe	Disinfection failed
C:\Documents and Settings\All Users\Start Menu\Programs\BitDefender 8\BitDefender Register Online.lnk=>C:\Program Files\Softwin\BitDefender8\register.exe	Move failed
C:\Documents and Settings\All Users\Start Menu\Programs\Hijackthis\Hijackthis.lnk=>C:\Program Files\Hijackthis\HijackThis.exe	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Start Menu\Programs\Hijackthis\Hijackthis.lnk=>C:\Program Files\Hijackthis\HijackThis.exe	Disinfection failed
C:\Documents and Settings\All Users\Start Menu\Programs\Hijackthis\Hijackthis.lnk=>C:\Program Files\Hijackthis\HijackThis.exe	Move failed
C:\Documents and Settings\Tich Williams\Desktop\Hijackthis.lnk=>C:\Program Files\Hijackthis\HijackThis.exe	Infected Win32.Sality.E
C:\Documents and Settings\Tich Williams\Desktop\Hijackthis.lnk=>C:\Program Files\Hijackthis\HijackThis.exe	Disinfection failed
C:\Documents and Settings\Tich Williams\Desktop\Hijackthis.lnk=>C:\Program Files\Hijackthis\HijackThis.exe	Move failed


----------



## tinytich (Jun 18, 2006)

Now....Kaspersky LOg...hope this sheds a bit more light !!
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, July 09, 2006 8:53:27 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 9/07/2006
Kaspersky Anti-Virus database records: 205886
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 85707
Number of viruses found: 3
Number of infected objects: 262 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:49:57

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d1abe9818804117a356a7c29307798a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39007807066b6af39cd275e2ae251ec7_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\51f695f5a496072fe889241bfd1f087a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56f73e80629e8b7136f72c863d405136_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\76012b21f9852604c6a3f9f103dbf79a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c6c3d93312043a12a8f3bbabe5af908a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dddea9e36b93be314d858b554e3cbb8b_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd29345d01bb8c1690638bdf3e9dd08d_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Desktop\Tich Stuff\Temporary Internet Files\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Desktop\Tich Stuff\WinPFind\winpfind.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Temp\Perflib_Perfdata_780.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Temp\winebfdj¥.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Temp\winepsyà.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Temp\wingyotm¥.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Temp\winkprgà.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Temp\winneknr¥.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Temp\winwdwodxb.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Temp\winyyxoà.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Temp\~DF85A6.tmp	Object is locked	skipped
C:\Documents and Settings\Tich Williams\ntuser.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\ntuser.dat.LOG	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log	Object is locked	skipped
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriver.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriver2.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\Microsoft Shared\Artgalry\ARTGALRY.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\Microsoft Shared\Artgalry\CAG.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdc.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\Sony Shared\AVLib\SsDbConnection.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\Sony Shared\OpenMG\LPTemp\OMGLP-06-05-12-01\setup.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\Sony Shared\OpenMG\omginit.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\Sony Shared\OpenMG\regsvr32.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\Sony Shared\StopMusicServer\StopMusicServer.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\DiMAGE Viewer\DiMAGEViewer.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\DiMAGE Viewer\MLTAdd_in\IndexSheetMaker.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\DiMAGE Viewer\MLTAdd_in\ME.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\DiMAGE Viewer\MLTPrn_app\PrintMaster.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Hijackthis\HijackThis.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\InstallShield Installation Information\{067D27FF-720F-421F-80E9-CF724DC5E072}\Setup.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\InstallShield Installation Information\{23BE930B-6AC4-4D0D-B5C3-03062A2BF2A3}\shutdown.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\InstallShield Installation Information\{3633BA28-67CE-4AC8-A677-3406CA84C3D8}\shutdown.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\InstallShield Installation Information\{4C968D18-5BD1-467B-9AC6-F451A068A96C}\Setup.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\InstallShield Installation Information\{CC93D1AA-B881-489A-8D7E-C2DBC1E6F350}\Setup.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\iTunes\iTunesHelper.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Microsoft Office\Office\1033\MSOHELP.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Microsoft Office\Office\GRAPH9.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Microsoft Office\Office\MSOHTMED.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Microsoft Office\Office\OSA9.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Microsoft Office\Office\WINWORD.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\bdlite.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\bdmcon.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\bdsubmit.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\bdswitch.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\bdlite.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\bdmcon.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\bdnagent.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\msnmsgr.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\realsched.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\spoolsv.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\SSAAD.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\updmgr.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\winoanhkaÓ.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\[email protected] Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\wmrandv32.dll	Infected: Trojan-Proxy.Win32.Agent.dd	skipped
C:\Program Files\Softwin\BitDefender8\register.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\rtvr.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\upgrepl.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Sony\Personal Audio Driver\CopyInf.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Sony\Personal Audio Driver\UnUsb.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Sony\SonicStage\AppReg.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Sony\SonicStage\Data\Temp\Module\Common Files\Sony Shared\AVLib\SSScsiSV.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Sony\SonicStage\JETCOMP.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Sony\SonicStage\Omg1to2.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Sony\SonicStage\OMG2OMA.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Sony\SonicStage\SSAAD.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Windows Media Player\wmsetsdk.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP24\A0008024.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP24\A0008025.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP24\A0008047.dll	Infected: Trojan-Proxy.Win32.Agent.dd	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP24\A0008209.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP24\A0008210.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP24\A0008211.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP24\A0008212.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP24\A0008217.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP24\A0008218.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP24\A0008224.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP24\A0008226.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP24\A0008227.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP24\A0008228.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP24\A0008229.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP24\A0008232.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP24\A0008233.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP24\A0008234.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP24\A0008240.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP24\A0008242.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP24\A0008260.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP24\A0008261.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP24\A0008340.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP24\A0008341.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP25\A0008359.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP25\A0008361.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP25\A0008363.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP25\A0008364.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP25\A0008370.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP25\A0008502.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP25\A0008503.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP25\A0008505.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP25\A0008687.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP25\A0008688.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP25\A0008689.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0008788.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0008789.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0008790.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0008791.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0008960.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0008961.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0008962.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0008963.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0008969.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0008970.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0008979.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0008980.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0008981.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0008983.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0008984.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0008985.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0008987.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0008988.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0008989.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0008997.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0008998.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011020.dll	Infected: Virus.Win32.Sality.k	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011126.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011210.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011211.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011212.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011214.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011222.dll	Infected: Virus.Win32.Sality.k	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011333.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011417.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011418.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011419.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011420.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011425.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011426.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011433.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011435.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011436.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011437.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011438.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011440.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011441.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011442.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011450.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011451.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011452.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011453.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011454.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011455.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011480.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011481.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011482.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011488.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011491.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011492.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011496.dll	Infected: Virus.Win32.Sality.k	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011497.dll	Infected: Virus.Win32.Sality.k	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011498.dll	Infected: Virus.Win32.Sality.k	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011539.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011540.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011576.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP26\A0011619.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011713.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011714.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011715.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011716.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011721.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011722.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011730.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011732.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011733.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011734.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011735.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011736.exe	Infected: Virus.Win32.Sality.l	skipped


----------



## tinytich (Jun 18, 2006)

Kaspersky Part 2

C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011738.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011739.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011740.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011747.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011748.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011749.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011751.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011752.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011753.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011780.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011782.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011783.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011784.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011785.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011790.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011810.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011811.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011812.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011813.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011814.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011834.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011835.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011836.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011837.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011838.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011839.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011840.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011844.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011845.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011846.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011847.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011848.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011849.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011850.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011851.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011852.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011853.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011854.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011855.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011860.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011862.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011864.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011865.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011873.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011997.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011998.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011999.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012000.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012001.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012002.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012003.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012004.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012005.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012007.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012008.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012010.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012034.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012035.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012036.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012037.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012038.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012039.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012040.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012041.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012042.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012043.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012044.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012160.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012238.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\change.log	Object is locked	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\accicons.exe	Infected: Virus.Win32.Sality.l	skipped
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\bindico.exe	Infected: Virus.Win32.Sality.l	skipped
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\fpicon.exe	Infected: Virus.Win32.Sality.l	skipped
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\misc.exe	Infected: Virus.Win32.Sality.l	skipped
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\outicon.exe	Infected: Virus.Win32.Sality.l	skipped
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\PEicons.exe	Infected: Virus.Win32.Sality.l	skipped
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\pptico.exe	Infected: Virus.Win32.Sality.l	skipped
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\wordicon.exe	Infected: Virus.Win32.Sality.l	skipped
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\xlicons.exe	Infected: Virus.Win32.Sality.l	skipped
C:\WINDOWS\Installer\{8BFFDBAB-FD81-4137-A98E-A769C828080C}\helpicon.exe	Infected: Virus.Win32.Sality.l	skipped
C:\WINDOWS\Installer\{8BFFDBAB-FD81-4137-A98E-A769C828080C}\maintenance_icon.exe	Infected: Virus.Win32.Sality.l	skipped
C:\WINDOWS\Installer\{8BFFDBAB-FD81-4137-A98E-A769C828080C}\texticon.exe	Infected: Virus.Win32.Sality.l	skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt	Object is locked	skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt	Object is locked	skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB	Object is locked	skipped
C:\WINDOWS\Internet Logs\TICH.ldb	Object is locked	skipped
C:\WINDOWS\Internet Logs\tvDebug.log	Object is locked	skipped


----------



## tinytich (Jun 18, 2006)

Additional to the above....i have just done back to back virus scans with avast! the first found 16 infections....the second done immediatly later found more but now i am unable to view the quarantine chest as a i believe the virus has infected the ashchest.exe file ! My computer does seem to be extremely infected.....any suggestions ???!??!?!??!?! Oh, and finally an Avast Warning continually pops up obver and over and over sayingC:\WINDOWS\system32\wmimgr32.dll is infected with the Win32:Sality-D-DLL [WRM] Virus...however, i contiually say move to chest and it just returns...i have to leave it open now in the corner of the screen......really not sure what to do here !!! Thanks for yr help


----------



## Cookiegal (Aug 27, 2003)

We need to continue running scans until they eventually come up clean.

*Click Here* and download Killbox and save it to your desktop but dont run it yet.


Reboot your computer into *Safe Mode* now. You can do this by restarting your computer and continually tapping the *F8* key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
*IMPORTANT:* Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
Select the "*Scanner*" icon at the top and then the "*Scan*" tab then click on "*Complete System Scan*".
Ewido will now begin the scanning process. Be patient this may take a little time.
*Once the scan is complete do the following:*
If you have any infections you will prompted, then select "*Apply all actions*"
Next select the "*Reports*" icon at the top.
Select the "*Save report as*" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close Ewido and reboot your system back into Normal Mode.

Double-click on Killbox.exe to run it. 

Put a tick by *Standard File Kill*. 
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

*C:\WINDOWS\system32\wmimgr32.dll

C:\Documents and Settings\Tich Williams\Local Settings\Temp\winebfdj¥.exe

C:\Documents and Settings\Tich Williams\Local Settings\Temp\winepsyà.exe

C:\Documents and Settings\Tich Williams\Local Settings\Temp\wingyotm¥.exe

C:\Documents and Settings\Tich Williams\Local Settings\Temp\winkprgà.exe

C:\Documents and Settings\Tich Williams\Local Settings\Temp\winneknr¥.exe

C:\Documents and Settings\Tich Williams\Local Settings\Temp\winwdwodxb.exe

C:\Documents and Settings\Tich Williams\Local Settings\Temp\winyyxoà.exe *

Click on the button that has the red circle with the X in the middle after you enter each file. 
It will ask for confirmation to delete the file. 
Click Yes. 
Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
Killbox may tell you that one or more files do not exist. 
If that happens, just continue on with all the files. Be sure you don't miss any.
Next in Killbox go to *Tools > Delete Temp Files*
In the window that pops up, put a check by *ALL* the options there *except* these three:
XP Prefetch
Recent
History

Now click the *Delete Selected Temp Files* button.
Exit the Killbox.

Do this on-line virus scan and post the results please:

*Housecall*

Run the Panda scan again and post the results please.

Reboot and post the logs from Ewido, Panda and Housecall please.


----------



## tinytich (Jun 18, 2006)

ok. will do. i will bring this up asap...thanks again.....


----------



## Cookiegal (Aug 27, 2003)

:up:


----------



## tinytich (Jun 18, 2006)

ok.

here we go.....Ewido Scan Results....

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 08:25:58, 10/07/2006
+ Report-Checksum: 4E0EBBBE

+ Scan result:

No infected objects found.


::Report End

This took 395 mins....

I then did the killbox thing. That was all ok....then the problems....

I have now done the Housecall. Have tried 3 scans. All crashed. Then i did Panda Scan. Did this twice and no viruses found. In this time though i have had Avast running on and off for scans and that has found 5 and 1 infected files. Also, since deleting wmimgr32.dl by killbox when i load internet explorer Avast is finding this virus. I am going to try Housecall again now but i dont think its gonna work.....

Thanks again


----------



## tinytich (Jun 18, 2006)

ok. just tried housecall again and crashed half way through scan again !!


----------



## Cookiegal (Aug 27, 2003)

Can you run Kaspersky again?

Where is Avast finding that file? It may be in Killbox's back-ups.


----------



## tinytich (Jun 18, 2006)

ok. Im gonna run kepesky again now. I have had my computer on for 45 mins and avast has been running since its been turned on...its found 3 infections....basically....when i turn interenet explorer on it immediatly comes up with finding that file.....i have to leaving the warning box open or it consistently opens over and over not allowing me to use the comp......i now have one open finding winxwma.exe in temp files......i dunno where or why they keep returning these weird win.exe files.....anyway.....i will post a kapesky scan shortly


----------



## Cookiegal (Aug 27, 2003)

:up:


----------



## tinytich (Jun 18, 2006)

Latest scan......hows this looking now..still pretty bad i think !!!!!

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, July 12, 2006 12:09:30 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/07/2006
Kaspersky Anti-Virus database records: 206653
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 69579
Number of viruses found: 3
Number of infected objects: 166 / 0
Number of suspicious objects: 0
Duration of the scan process: 03:36:22

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d1abe9818804117a356a7c29307798a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39007807066b6af39cd275e2ae251ec7_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\51f695f5a496072fe889241bfd1f087a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56f73e80629e8b7136f72c863d405136_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\76012b21f9852604c6a3f9f103dbf79a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c6c3d93312043a12a8f3bbabe5af908a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dddea9e36b93be314d858b554e3cbb8b_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd29345d01bb8c1690638bdf3e9dd08d_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Desktop\KillBox.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Documents and Settings\Tich Williams\Desktop\Tich Stuff\Temporary Internet Files\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\History\History.IE5\MSHist012006071120060712\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Temp\Perflib_Perfdata_1cc.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Temp\WERe4a1.dir00\iexplore.exe.hdmp	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Temp\winnxwmà.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Temp\winpsbem¥.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Temp\~DF4F74.tmp	Object is locked	skipped
C:\Documents and Settings\Tich Williams\ntuser.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Tich Williams\x_dtrace_log	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt	Object is locked	skipped
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriver.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriver2.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_07.b03\launcher.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_07.b03\zipper.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\Microsoft Shared\Artgalry\ARTGALRY.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdc.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\DiMAGE Viewer\DiMAGEViewer.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\DiMAGE Viewer\MLTAdd_in\IndexSheetMaker.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\DiMAGE Viewer\MLTAdd_in\ME.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\DiMAGE Viewer\MLTPrn_app\PrintMaster.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\ewido anti-malware\ewidoctrl.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\ewido anti-malware\SecuritySuite.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\InstallShield Installation Information\{CC93D1AA-B881-489A-8D7E-C2DBC1E6F350}\Setup.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\iTunes\iTunesHelper.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\java.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\javacpl.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\javaw.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\javaws.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\keytool.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\kinit.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\klist.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\ktab.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\orbd.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\pack200.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\policytool.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\rmid.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\rmiregistry.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\servertool.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\tnameserv.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\unpack200.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Microsoft Office\Office\1033\MSOHELP.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Microsoft Office\Office\GRAPH9.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Microsoft Office\Office\WINWORD.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\bdlite.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\bdmcon.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\bdsubmit.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\bdlite.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\bdmcon.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\msnmsgr.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\realsched.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\wmrandv32.dll	Infected: Trojan-Proxy.Win32.Agent.dd	skipped
C:\Program Files\Softwin\BitDefender8\register.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\rtvr.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\upgrepl.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Sony\Personal Audio Driver\UnUsb.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Sony\SonicStage\AppReg.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Sony\SonicStage\Omg1to2.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Sony\SonicStage\OMG2OMA.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Windows Media Player\wmsetsdk.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011713.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011714.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011716.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011721.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011730.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011749.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011751.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011752.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011753.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011790.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011810.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011811.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011814.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011834.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011835.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011837.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011838.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011840.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011844.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011850.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011851.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011852.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011854.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011855.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011864.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011865.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011873.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011997.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0011999.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012001.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012005.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012034.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012037.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012038.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012039.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012040.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012238.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012337.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012338.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012340.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012345.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012353.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012373.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012374.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012375.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012376.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012415.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012434.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012435.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012439.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012458.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012461.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012462.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012466.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012472.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012473.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012474.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012476.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012477.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012486.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012487.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012496.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012622.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012624.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012626.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012630.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012996.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012997.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012998.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0012999.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0013000.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0013001.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP27\A0013002.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP28\A0013195.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013253.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013393.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013394.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013397.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013402.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013410.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013428.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013429.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013430.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013431.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013464.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013488.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013489.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013509.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013511.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013512.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013513.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013514.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013517.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013518.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013519.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013521.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013529.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013530.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013661.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013662.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013663.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013664.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013726.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013727.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013731.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013732.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013733.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013734.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013735.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013742.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP34\A0013745.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP36\A0013836.dll	Infected: Virus.Win32.Sality.k	skipped

Scan was interrupted by user!


----------



## Cookiegal (Aug 27, 2003)

Do you have a good system restore point you could use to roll back to a date before you got this infection?


----------



## tinytich (Jun 18, 2006)

i had a clean up on the computer about a month ago after posting a question on here which temporarily sorted things but things changed quite rapidly after that.....i am sure i can work out when that was....how to i find the list of restore points and run this, im a bit shady on that area !!!

Cheers


----------



## rainforest123 (Dec 29, 2004)

start > programs / all programs > accessories > system tools > system restore. 
Select "restore my computer". A calendar will appear. Dates which contain restore points are bold. 

RF123


----------



## blkwlnt64 (Mar 28, 2005)

If you take a close look at the Kaspersky log in the section where it is processing the System Restore points, will see that the infection is already there and is skipped.

So I believe doing any restore would bring the infection back ???????


----------



## rainforest123 (Dec 29, 2004)

Yes, some restore points are infected. Does that mean that all are infected? 

RF123


----------



## Cookiegal (Aug 27, 2003)

System restore can be undone if it doesn't help. It can't get much worse.


----------



## tinytich (Jun 18, 2006)

ha ha cookiegal......thats a very fair point......i am going to do a sys restore as advised for about a month ago.....do then suggest i do another scan ??? this avast system is continually bringing up C:\WINDOWS\system32\wmimgr32.dll over and over and over after whatever scans and things we do.....anyway.....if i do a sys restore whats the next plan of action....which scan do u suggest ?


----------



## tinytich (Jun 18, 2006)

ok...rather upsettingly my last restore date is july 9......it is not allowing me to check any month earlier....i dunno why.....i dont think restoring this to 9th July will help much at all.....is it worth reinstalling windows ? Sorry taking up yr time on this....it really is quite a mess.....is it worth forgetting about this and getting a new hard drive ????


----------



## Cookiegal (Aug 27, 2003)

July 9th won't help us. Let's continue.

Please post a new HijackThis log.


----------



## tinytich (Jun 18, 2006)

Nice Plan....
Logfile of HijackThis v1.99.1
Scan saved at 22:11:11, on 13/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.ebay.co.uk/ws/eBayISAPI.dll?MyEbayForGuests
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\MSO7FTP.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098471789737
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150238421048
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


----------



## Cookiegal (Aug 27, 2003)

Go *Here* and download the *Free Trial* version of *SpySweeper*.

*Click here* to download the trial version of *Webroot SpySweeper*.

Click the Free Trial link under "SpySweeper" to download the program.
Install it. Once the program is installed, it will open.
It will prompt you to update to the latest definitions, click Yes.
Once the definitions are installed, click Options on the left side.
Click the Sweep Options tab.
Under What to Sweep please put a check next to the following:
Sweep Memory
Sweep Registry
Sweep Cookies
Sweep All User Accounts
Enable Direct Disk Sweeping
Sweep Contents of Compressed Files
Sweep for Rootkits

Please UNCHECK Do not Sweep System Restore Folder.

Click Sweep Now on the left side.
Click the Start button.
When it's done scanning, click the Next button.
Make sure everything has a check next to it, then click the Next button.
It will remove all of the items found.
Click Session Log in the upper right corner, copy everything in that window.
Click the Summary tab and click Finish.
Paste the contents of the session log you copied into your next reply.


----------



## tinytich (Jun 18, 2006)

23:48: Full Sweep has completed. Elapsed time 00:15:13
23:48: File Sweep Complete, Elapsed Time: 00:09:51
23:45: Warning: Failed to access drive F:
23:45: Warning: Failed to access drive E:
23:43: Warning: Failed to open file "c:\windows\$ntuninstallkb823182$\tmp00000000". The operation completed successfully
23:43: Warning: Failed to open file "c:\my pagemanager-1\branches.inf". The operation completed successfully
23:43: Warning: Failed to open file "c:\my pagemanager-1\updatebr.inf". The operation completed successfully
23:43: Warning: Failed to open file "c:\my pagemanager-1\update.ver". The operation completed successfully
23:43: Warning: Failed to open file "c:\drivers\mountpointmanagerremotedatabase". The operation completed successfully
23:40: Warning: DDA Failure, error reading MFT: 10448. of: 120592. Fragments: 2. TVolumeNtNTFS.Read failed 1: Read starts at: 0x6DC1C00 Len :0x400
23:38: Starting File Sweep
23:38: Warning: Failed to access drive A:
23:38: Cookie Sweep Complete, Elapsed Time: 00:00:00
23:38: Starting Cookie Sweep
23:38: Registry Sweep Complete, Elapsed Time:00:00:18
23:38: HKU\S-1-5-18\software\microsoft\windows nt\currentversion\windows\ || load (ID = 1194997)
23:38: Found Trojan Horse: trojan-backdoor-nochod
23:38: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {10e42047-deb9-4535-a118-b3f6ec39b807} (ID = 141778)
23:38: Found Adware: ist sidefind
23:38: HKU\S-1-5-18\software\microsoft\internet explorer\search\ || searchassistant (ID = 123750)
23:38: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search page (ID = 123744)
23:38: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || search bar (ID = 123743)
23:38: HKU\S-1-5-18\software\microsoft\internet explorer\main\ || homeoldsp (ID = 115923)
23:38: Found Adware: cws-aboutblank
23:38: HKU\S-1-5-21-842925246-1202660629-854245398-1004\software\microsoft\internet explorer\search\ || searchassistant_bak (ID = 123751)
23:38: Found Adware: cws sp.html hijack
23:38: HKLM\software\opistat\ (ID = 136464)
23:38: Found Adware: opistat
23:38: HKLM\software\microsoft\windows\currentversion\uninstall\windows sr 2.0\ (ID = 104552)
23:38: Found Adware: blazefind
23:38: Starting Registry Sweep
23:38: Memory Sweep Complete, Elapsed Time: 00:04:54
23:33: Starting Memory Sweep
23:33: Sweep initiated using definitions version 691
23:33: Spy Sweeper 5.0.5.1286 started
23:33: | Start of Session, 13 July 2006 |
********
23:33: | End of Session, 13 July 2006 |
23:31: BHO Shield: found: -- BHO installation allowed at user request
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
23:27: Shield States
23:27: Spyware Definitions: 691
23:26: Spy Sweeper 5.0.5.1286 started
23:26: Spy Sweeper 5.0.5.1286 started
23:26: | Start of Session, 13 July 2006


----------



## Cookiegal (Aug 27, 2003)

* *Click here* to download ATF Cleaner by Atribune and save it to your desktop.
Double-click *ATF-Cleaner.exe* to run the program.
Under *Main* choose: *Select All*
Click the *Empty Selected* button.
*If you use Firefox:*
Click *Firefox* at the top and choose: *Select All*
Click the *Empty Selected* button.
*NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.


*If you use Opera:*
Click *Opera* at the top and choose: *Select All*
Click the *Empty Selected* button.
*
[*]NOTE:* If you would like to keep your saved passwords, please click *No* at the prompt.


Click *Exit* on the Main menu to close the program.

Then run another scan with Kaspersky please and post that log.


----------



## tinytich (Jun 18, 2006)

hi again,

will do....i am off away for a couple off days so will get a log up when i get back...

cheers again

rich


----------



## Cookiegal (Aug 27, 2003)

That's fine. See you when you get back.


----------



## tinytich (Jun 18, 2006)

Ok.....back.....ATF cleaner done.....and then new Kaspersky Log is as follows !!! Still pretty bad.....

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, July 17, 2006 11:12:44 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 17/07/2006
Kaspersky Anti-Virus database records: 207960
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 87382
Number of viruses found: 4
Number of infected objects: 188 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:15:30

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d1abe9818804117a356a7c29307798a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39007807066b6af39cd275e2ae251ec7_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\51f695f5a496072fe889241bfd1f087a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56f73e80629e8b7136f72c863d405136_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\76012b21f9852604c6a3f9f103dbf79a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c6c3d93312043a12a8f3bbabe5af908a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dddea9e36b93be314d858b554e3cbb8b_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd29345d01bb8c1690638bdf3e9dd08d_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Data\settings.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS01DDBDE9-B186-4A15-9092-C1022FB9EC6C.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS05830E0E-F541-47E6-B926-EC1A742BD7BF.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS071CAE38-ABC4-4168-89E7-111E43505E43.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS090C31D8-7E04-4E88-A573-B2FAE7AF72E2.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS0CBEF2BF-3F61-4620-BFA9-69368E9BD4DA.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS0EFFF9D9-5C5B-4619-84BB-6F0A733B5CB8.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS1096CCC2-32E0-410B-A1EB-73C7BF818371.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS13447D24-98C9-4D19-95BC-1A3A7DF576A5.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS1565BA95-B852-4D73-B67D-F4BCB8470F4C.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS185847BD-5F24-442F-8D5C-4965481875D1.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS18D62342-9146-425D-AF05-B583802361D7.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS1BE8361B-197D-4614-8644-194EB38960E3.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS23A0A917-043B-4A46-852B-0E8DBF0A4D3C.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS28020C61-675A-4BC6-AF16-CD46DCD0BA66.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS293A800C-E7C3-4F6F-8D4F-8DF07F797678.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS2BD8DF88-AF7F-4EB8-ACAC-9BF8F5106BB8.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS2E90D99F-A75B-4447-A42C-51959575BEF0.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS2F7AACAF-76D2-4B0D-AFB6-20B79FE79F53.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS30F40C62-48E0-4E8F-8583-FA9080572836.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS320DCC4F-044E-4EB4-9B3D-E19F4B206FAA.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS34CB5BFC-F20C-4543-848B-6D3500375675.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS35CADC38-B8E9-46CE-A398-5BF03F60A89A.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS36F579DD-9E1B-47B8-9ECE-DE0B3DCFC51F.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS39E04E2A-D05C-45D0-A5CE-585D140E7465.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS3C0A32F2-187E-4623-A43E-D06CD472ADF1.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS3C3FCBC6-AF57-490C-A6E4-B5CE0FCB650A.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS3D92FFAF-2A07-4972-B639-356DAF842739.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS3FA3B34D-68BE-4158-B5F0-80A80FD17C13.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS40945747-3F13-408E-B0B8-400242BDA353.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS4139384D-39CB-4024-BDF3-50C34D4EC772.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS47710A61-C892-4445-B1FA-CC1C3A291A19.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS549B6238-9334-4599-8A6E-49A6E0347F88.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS56639C1F-6FCC-4EC9-962D-E180D505B05D.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS62966BF5-73AA-495A-91D4-E00D82FBA4C1.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS66073169-9363-4B5E-8E33-0524A52C128B.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS6AFDAB16-BF9E-4E3D-B237-6254C841B454.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS6D96772E-8276-4118-9501-A82EF1A1FF98.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS70307F7E-AF34-4BA3-BAF7-9E375016CBE3.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS70D73EFE-150F-47E4-BD8A-70702369D88D.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS7159333D-2A7A-4308-AA73-463EA3466496.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS719EC3B3-8F36-4977-B69A-2DDBFEE82145.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS71F442AA-3C3C-4DCF-A9BC-3E08739F18D9.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS72CFC107-2501-4CC4-BBBA-E4F83911E242.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS78081F82-E81F-4DF2-A33A-CDE15367CFEA.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS7BDA848F-72AF-4E6F-BBEB-3952810197C3.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS7F617D01-C772-4AB6-B65F-4115E31F3C39.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS80BED7B5-6A28-4418-86C5-A0AAED2AB144.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS8275DC4A-574E-4BB1-8A33-0D72D6A4F57B.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS82CD73FA-FB03-4836-AA66-0856A781736E.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS8490CF90-0A03-4EBD-958B-908AED899F3C.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS86B320E1-AEFA-47AF-92A7-1CE7E79ECD3B.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS8833D590-6CD5-49C7-AB33-914ABE7CA2CF.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS8D3D59C8-4DDA-4D4A-91F3-84F178F79C06.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS9290B428-0200-472D-96DB-2A287D11609E.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS941F1D2A-2398-4F9F-9A2D-98BDD751FFB9.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS95ED2842-29DE-4103-957C-C0119FA56541.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS97F9D528-DEF0-4A5E-B3F9-1B27A6110874.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS98CEFA15-1690-4F84-8F29-DE5CEB3DE887.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCS9B1E849B-9E97-458D-AF0D-790B881FDE68.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSA2017E97-8C1D-4017-8283-05C67887A0A1.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSA3077B72-2C60-47FB-B79E-0294E63F6DE2.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSA63457BE-A552-4D00-AAEE-8FCBEE9F517B.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSA682E54B-3B2B-4B70-A57F-C65CB4812A94.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSA797A9E1-BB99-400E-A612-BBE57B349D8E.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSA8C19758-B619-4DC9-A759-464A2F082C1C.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSA9A4E2F6-AE68-4A48-A15A-12986D0F63E9.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSAA73875C-699C-486C-BE5E-554058F546D1.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSAA80E2A9-BDEC-4385-BD50-AFD5C6200E8A.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSAB13DDA3-4891-4673-802C-D585938944D7.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSAF1982FE-CD83-48B2-8C29-6E28AFBC0F06.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSAF4A4429-94E5-4983-9F59-F3C7910C98E0.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSB18B5D60-2E38-423E-BF11-560CE248008C.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSB5992817-5986-46C9-9767-C5DEA73682E2.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSBB489BF9-83B1-49B6-BDF4-206F9855B183.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSBBE9EF0A-385E-409F-B2FA-81D24DB37ADB.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSBCB78CEB-75D3-44FC-A747-CF9165888C12.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSC2F2887D-FFDB-415D-8961-641CECD45F9A.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSC478B7DA-35C7-4CC5-AFD9-3EC026489BA4.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSC7AC53CF-EF39-429E-B60A-BAA32FFC0F59.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSC9C2535B-0FF2-4EB5-B31C-CBBFA75A3CFA.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSCE8B39B6-ECDA-42CE-A456-4C4D3B088B64.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSCEF68618-CFF6-4A18-9443-B4CCC71ACC27.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSD1017CF0-BB1B-474D-890F-DC83346CB11A.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSD1394D55-4429-4173-A4E1-3137CC4BC48D.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSD6B3FD84-202D-46CF-B501-3A61BACB36C7.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSD6EF9EFE-B1CD-4648-A8CE-2FDD121241BA.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSD7538B30-9D9B-42B2-B324-B84CE32BE7A1.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSD7B72237-DC13-4F04-AF85-3FF447594DEB.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSD7D90FE5-44A0-48D5-801D-7ECE4FB0E3EC.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSD99EFE25-4176-4A05-B4A9-127E00C8FEA7.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSDB1A108B-0655-403F-BED3-212A28A8436E.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSDD90E95E-A2B2-4C42-B707-0F97D64F4C3F.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSDDC5B250-ABD1-40C7-B4BF-C964A2415C10.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSDE696171-488E-4521-A220-4C2417F60A4D.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSE021B2CF-2907-45F0-9861-3F8E56A35593.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSE185A62B-D61D-4F56-BF91-4FA1A09247B4.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSE36ACB73-5999-46FF-A611-ABA8587A1C90.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSE3FBD82D-F284-4C01-B4F1-E2109C708828.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSE8326248-1FF8-45B4-88D9-2D3D371A5107.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSECB256F2-7A6F-491A-A01E-3B666C4CACBB.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSF0589408-4702-4B57-904D-E42EA9261927.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSF1451B70-86FC-4E07-963F-92191B8D6318.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSF3089704-6EF3-433F-A5EE-B0C542CB7527.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSF30E7A7E-E28E-41C9-A9E4-54EAFB8E4C0D.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSF3683429-85D2-4CCB-B17B-C12220C044A1.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSF78F8093-39AB-4643-A35B-735874C54526.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSFA331073-C25F-49BE-A02D-4DABA93E2A8B.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSFB1D9EA7-A88F-458C-BF07-26360B2A8909.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Temp\SSCSFEA238A7-18AD-41DA-8B3E-AE43C9CD45F6.tmp	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Application Data\Webroot\Spy Sweeper\Logs\060713232646.ses	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Desktop\KillBox.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Documents and Settings\Tich Williams\Desktop\Tich Stuff\Temporary Internet Files\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\History\History.IE5\MSHist012006071720060718\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Temp\Perflib_Perfdata_1c8.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Temp\winoipsu¥.exe	Infected: Trojan-Downloader.Win32.Agent.amt	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Temp\~DF83F.tmp	Object is locked	skipped
C:\Documents and Settings\Tich Williams\ntuser.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\ntuser.dat.LOG	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log	Object is locked	skipped
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriver.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriver2.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_07.b03\launcher.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_07.b03\zipper.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\Microsoft Shared\Artgalry\ARTGALRY.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdc.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\DiMAGE Viewer\DiMAGEViewer.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\DiMAGE Viewer\MLTAdd_in\IndexSheetMaker.exe	Infected: Virus.Win32.Sality.l	skipped


----------



## tinytich (Jun 18, 2006)

Part 2 !!!

C:\Program Files\DiMAGE Viewer\MLTAdd_in\ME.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\DiMAGE Viewer\MLTPrn_app\PrintMaster.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Driving Test Success 2005-2006\DTS_HPT.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Driving Test Success 2005-2006\FT3.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Driving Test Success 2005-2006\HPT_Diag.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Driving Test Success 2005-2006\Vouchers.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\ewido anti-malware\ewidoctrl.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\ewido anti-malware\SecuritySuite.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Hijackthis\HijackThis.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\InstallShield Installation Information\{CC93D1AA-B881-489A-8D7E-C2DBC1E6F350}\Setup.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\iTunes\iTunesHelper.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\java.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\javacpl.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\javaw.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\javaws.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\keytool.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\kinit.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\klist.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\ktab.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\orbd.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\pack200.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\policytool.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\rmid.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\rmiregistry.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\servertool.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\tnameserv.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Java\jre1.5.0_07\bin\unpack200.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Microsoft Office\Office\1033\MSOHELP.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Microsoft Office\Office\GRAPH9.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Microsoft Office\Office\WINWORD.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\bdlite.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\bdmcon.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\bdsubmit.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\bdlite.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\bdmcon.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\msnmsgr.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\realsched.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\wmrandv32.dll	Infected: Trojan-Proxy.Win32.Agent.dd	skipped
C:\Program Files\Softwin\BitDefender8\register.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\rtvr.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\upgrepl.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Sony\Personal Audio Driver\UnUsb.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Sony\SonicStage\AppReg.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Sony\SonicStage\Omg1to2.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Sony\SonicStage\OMG2OMA.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const	Object is locked	skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.mst	Object is locked	skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base	Object is locked	skipped
C:\Program Files\Windows Media Player\wmsetsdk.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP38\A0014560.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP38\A0014594.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP38\A0014666.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP38\A0014731.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP38\A0014732.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP38\A0014733.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP38\A0014734.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP38\A0014735.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP38\A0014736.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP38\A0014737.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP38\A0014738.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP38\A0014739.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP38\A0014740.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP38\A0014741.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP38\A0014776.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP38\A0014814.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP38\A0014815.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP38\A0014834.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP38\A0014859.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP38\A0015895.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016064.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016065.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016067.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016072.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016074.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016076.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016083.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016090.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016092.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016093.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016094.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016100.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016101.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016122.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016145.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016176.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016177.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0017107.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0017108.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0017109.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0017110.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0017111.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0017112.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0017113.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0017114.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0017115.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0017116.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0017117.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0017144.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0017145.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0017147.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0018130.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0018154.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018186.dll	Infected: Trojan-Proxy.Win32.Agent.dd	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018331.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018332.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018333.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018339.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018341.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018342.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018349.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018357.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018358.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018359.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018360.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018361.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018362.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018364.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018365.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018366.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018396.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018399.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018400.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018401.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018402.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018403.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018404.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018405.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018406.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018407.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018408.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018409.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018410.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018411.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018412.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018413.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018414.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018415.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018435.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018436.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018439.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018464.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018576.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018615.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018616.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018617.EXE	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018635.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018636.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018638.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018639.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018640.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018643.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018644.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018645.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018646.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018647.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018649.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018654.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018655.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018664.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018796.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018797.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018798.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018799.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018811.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0022581.dll	Infected: Virus.Win32.Sality.k	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0022710.dll	Infected: Virus.Win32.Sality.k	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0022727.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0022728.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0022749.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023732.dll	Infected: Virus.Win32.Sality.k	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023746.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023754.exe	Infected: Virus.Win32.Sality.l	skipped
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\change.log	Object is locked	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\accicons.exe	Infected: Virus.Win32.Sality.l	skipped
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\fpicon.exe	Infected: Virus.Win32.Sality.l	skipped
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\outicon.exe	Infected: Virus.Win32.Sality.l	skipped
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\xlicons.exe	Infected: Virus.Win32.Sality.l	skipped
C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe	Infected: Virus.Win32.Sality.l	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\system32\config\Antivirus.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\default	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\software	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\system	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\system32\wmimgr32.dll	Infected: Virus.Win32.Sality.k	skipped
C:\WINDOWS\Temp\Perflib_Perfdata_6b8.dat	Object is locked	skipped
C:\WINDOWS\Temp\tmp0000545a\tmp00000000	Object is locked	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped

Scan process completed.


----------



## Cookiegal (Aug 27, 2003)

Boot to safe mode and run Killbox on these files:

*C:\WINDOWS\System32\wmimgr32.dll

C:\WINDOWS\System32\winxwma.exe

C:\Documents and Settings\Tich Williams\Local Settings\Temp\winoipsu¥.exe*

Run Panda ActiveScan again and be sure to select "my computer" for the scan. Save the scan log and post it please.


----------



## tinytich (Jun 18, 2006)

Ok...did kill box....where on each of the files it said it couldnt find it but thats normal i presume....then did active pandascan.....it resulted in finding no viruses or anythign again....however, im not entirly sure its working properly....after going through all the prompts it gets too the screen where it lists Virus, Spyware, Hacking Tools etc... and just sits there with Scanning.....My Computer.....the number of files scanned never changes from 0 until after 30 mins it tells me it has found nothing !!! Also....after the killbox today and everything else done so far avast always always always alerts me to the virus found in....

C:\WINDOWS\System32\wmimgr32.dll

I now have bitdefender / avast / zone alarm and spydoctor all running in the background and i think this is alowing my computer as well.....anyway.....not sure the panda activescan is helping much.....


----------



## Cookiegal (Aug 27, 2003)

Run a scan with Ewido and post that log.

Also, run a new scan with BitDefender and post that log please.


----------



## tinytich (Jun 18, 2006)

ok.......ewido first......and then bit defender which found almost 300 infections....the majority of which were in system volume information as u will see......again this is as two posts and i have not included all infections in system volume information as over 90000 characters......cheers again

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:45:02, 21/07/2006
+ Report-Checksum: 71C52C5B

+ Scan result:

C:\Documents and Settings\Tich Williams\Cookies\tich [email protected][1].txt -> TrackingCookie.Hitbox : Cleaned with backup

::Report End

//-----------------------------------------------------------------
//
//	Product: BitDefender 8 Free Edition
//	Version: 8.0
//
//	Created on:	21/07/2006	10:46:34
//
//-----------------------------------------------------------------

Statistics

Scan path	: C:\
Folders	: 6550
Files	: 343244
Archives	: 10892 
Packed files	: 30449
Identified viruses	: 2
Infected files	: 293
Warnings	: 0
Suspect files	: 1
Disinfected files	: 0
Deleted files	: 0
Copied files	: 0
Moved files	: 259
Renamed files	: 0
I/O errors	: 77
Scan time	: 01:50:42
Scan speed (files/sec)	: 51

Virus definitions	: 416036
Scan plugins	: 13
Archive plugins	: 39
Unpack plugins	: 5
Mail plugins	: 6
System plugins	: 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions: 
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\!KillBox\wmimgr32.dll( 1).{65863120-4316-4874-b547-331286cd39a5}.QQQ=>{65863120-4316-4874-b547-331286cd39a5}	Infected Win32.Sality.E
C:\!KillBox\wmimgr32.dll( 1).{65863120-4316-4874-b547-331286cd39a5}.QQQ=>{65863120-4316-4874-b547-331286cd39a5}	Disinfection failed
C:\!KillBox\wmimgr32.dll( 1).{65863120-4316-4874-b547-331286cd39a5}.QQQ=>{65863120-4316-4874-b547-331286cd39a5}	Move failed
C:\!KillBox\wmimgr32.dll.{4a81d385-a19d-490b-9a9e-2e5b848cbca5}.QQQ=>{4a81d385-a19d-490b-9a9e-2e5b848cbca5}	Infected Win32.Sality.E
C:\!KillBox\wmimgr32.dll.{4a81d385-a19d-490b-9a9e-2e5b848cbca5}.QQQ=>{4a81d385-a19d-490b-9a9e-2e5b848cbca5}	Disinfection failed
C:\!KillBox\wmimgr32.dll.{4a81d385-a19d-490b-9a9e-2e5b848cbca5}.QQQ=>{4a81d385-a19d-490b-9a9e-2e5b848cbca5}	Move failed
C:\Documents and Settings\All Users\Desktop\BitDefender 8 Free Edition.lnk=>C:\Program Files\Softwin\BitDefender8\bdmcon.exe	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Desktop\BitDefender 8 Free Edition.lnk=>C:\Program Files\Softwin\BitDefender8\bdmcon.exe	Disinfection failed
C:\Documents and Settings\All Users\Desktop\BitDefender 8 Free Edition.lnk=>C:\Program Files\Softwin\BitDefender8\bdmcon.exe	Move failed
C:\Documents and Settings\All Users\Desktop\ewido anti-malware.lnk=>C:\Program Files\ewido anti-malware\SecuritySuite.exe	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Desktop\ewido anti-malware.lnk=>C:\Program Files\ewido anti-malware\SecuritySuite.exe	Disinfection failed
C:\Documents and Settings\All Users\Desktop\ewido anti-malware.lnk=>C:\Program Files\ewido anti-malware\SecuritySuite.exe	Move failed
C:\Documents and Settings\All Users\Desktop\MSN Messenger 7.5.lnk=>C:\Program Files\Softwin\BitDefender8\Quarantine\msnmsgr.exe	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Desktop\MSN Messenger 7.5.lnk=>C:\Program Files\Softwin\BitDefender8\Quarantine\msnmsgr.exe	Disinfection failed
C:\Documents and Settings\All Users\Desktop\MSN Messenger 7.5.lnk=>C:\Program Files\Softwin\BitDefender8\Quarantine\msnmsgr.exe	Move failed
C:\Documents and Settings\All Users\Desktop\Spy Sweeper.lnk=>C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Desktop\Spy Sweeper.lnk=>C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe	Disinfection failed
C:\Documents and Settings\All Users\Desktop\Spy Sweeper.lnk=>C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe	Move failed
C:\Documents and Settings\All Users\Start Menu\Programs\BitDefender 8\BitDefender Register Online.lnk=>C:\Program Files\Softwin\BitDefender8\register.exe	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Start Menu\Programs\BitDefender 8\BitDefender Register Online.lnk=>C:\Program Files\Softwin\BitDefender8\register.exe	Disinfection failed
C:\Documents and Settings\All Users\Start Menu\Programs\BitDefender 8\BitDefender Register Online.lnk=>C:\Program Files\Softwin\BitDefender8\register.exe	Move failed
C:\Documents and Settings\All Users\Start Menu\Programs\Driving Test Success 2005-2006\Driving Test Success - Hazard Perception.lnk=>C:\Program Files\Driving Test Success 2005-2006\DTS_HPT.exe	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Start Menu\Programs\Driving Test Success 2005-2006\Driving Test Success - Hazard Perception.lnk=>C:\Program Files\Driving Test Success 2005-2006\DTS_HPT.exe	Disinfection failed
C:\Documents and Settings\All Users\Start Menu\Programs\Driving Test Success 2005-2006\Driving Test Success - Hazard Perception.lnk=>C:\Program Files\Driving Test Success 2005-2006\DTS_HPT.exe	Move failed
C:\Documents and Settings\All Users\Start Menu\Programs\Driving Test Success 2005-2006\Driving Test Success - Theory.lnk=>C:\Program Files\Driving Test Success 2005-2006\FT3.exe	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Start Menu\Programs\Driving Test Success 2005-2006\Driving Test Success - Theory.lnk=>C:\Program Files\Driving Test Success 2005-2006\FT3.exe	Disinfection failed
C:\Documents and Settings\All Users\Start Menu\Programs\Driving Test Success 2005-2006\Driving Test Success - Theory.lnk=>C:\Program Files\Driving Test Success 2005-2006\FT3.exe	Move failed
C:\Documents and Settings\All Users\Start Menu\Programs\Driving Test Success 2005-2006\Special Offer Vouchers.lnk=>C:\Program Files\Driving Test Success 2005-2006\Vouchers.exe	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Start Menu\Programs\Driving Test Success 2005-2006\Special Offer Vouchers.lnk=>C:\Program Files\Driving Test Success 2005-2006\Vouchers.exe	Disinfection failed
C:\Documents and Settings\All Users\Start Menu\Programs\Driving Test Success 2005-2006\Special Offer Vouchers.lnk=>C:\Program Files\Driving Test Success 2005-2006\Vouchers.exe	Move failed
C:\Documents and Settings\All Users\Start Menu\Programs\Driving Test Success 2005-2006\Technical Support\Hazard Perception Diagnostics Tool.lnk=>C:\Program Files\Driving Test Success 2005-2006\HPT_Diag.exe	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Start Menu\Programs\Driving Test Success 2005-2006\Technical Support\Hazard Perception Diagnostics Tool.lnk=>C:\Program Files\Driving Test Success 2005-2006\HPT_Diag.exe	Disinfection failed
C:\Documents and Settings\All Users\Start Menu\Programs\Driving Test Success 2005-2006\Technical Support\Hazard Perception Diagnostics Tool.lnk=>C:\Program Files\Driving Test Success 2005-2006\HPT_Diag.exe	Move failed
C:\Documents and Settings\All Users\Start Menu\Programs\ewido networks\ewido anti-malware.lnk=>C:\Program Files\ewido anti-malware\SecuritySuite.exe	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Start Menu\Programs\ewido networks\ewido anti-malware.lnk=>C:\Program Files\ewido anti-malware\SecuritySuite.exe	Disinfection failed
C:\Documents and Settings\All Users\Start Menu\Programs\ewido networks\ewido anti-malware.lnk=>C:\Program Files\ewido anti-malware\SecuritySuite.exe	Move failed
C:\Documents and Settings\All Users\Start Menu\Programs\Hijackthis\Hijackthis.lnk=>C:\Program Files\Hijackthis\HijackThis.exe	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Start Menu\Programs\Hijackthis\Hijackthis.lnk=>C:\Program Files\Hijackthis\HijackThis.exe	Disinfection failed
C:\Documents and Settings\All Users\Start Menu\Programs\Hijackthis\Hijackthis.lnk=>C:\Program Files\Hijackthis\HijackThis.exe	Move failed
C:\Documents and Settings\All Users\Start Menu\Programs\SonicStage\SonicStage File Conversion Tool.lnk=>C:\Program Files\Sony\SonicStage\OMG2OMA.exe	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Start Menu\Programs\SonicStage\SonicStage File Conversion Tool.lnk=>C:\Program Files\Sony\SonicStage\OMG2OMA.exe	Disinfection failed
C:\Documents and Settings\All Users\Start Menu\Programs\SonicStage\SonicStage File Conversion Tool.lnk=>C:\Program Files\Sony\SonicStage\OMG2OMA.exe	Move failed
C:\Documents and Settings\All Users\Start Menu\Programs\Webroot\Spy Sweeper\Spy Sweeper.lnk=>C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Start Menu\Programs\Webroot\Spy Sweeper\Spy Sweeper.lnk=>C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe	Disinfection failed
C:\Documents and Settings\All Users\Start Menu\Programs\Webroot\Spy Sweeper\Spy Sweeper.lnk=>C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe	Move failed
C:\Documents and Settings\Tich Williams\Desktop\Driving Test Success - Hazard Perception.lnk=>C:\Program Files\Driving Test Success 2005-2006\DTS_HPT.exe	Infected Win32.Sality.E
C:\Documents and Settings\Tich Williams\Desktop\Driving Test Success - Hazard Perception.lnk=>C:\Program Files\Driving Test Success 2005-2006\DTS_HPT.exe	Disinfection failed
C:\Documents and Settings\Tich Williams\Desktop\Driving Test Success - Hazard Perception.lnk=>C:\Program Files\Driving Test Success 2005-2006\DTS_HPT.exe	Move failed
C:\Documents and Settings\Tich Williams\Desktop\Driving Test Success - Theory.lnk=>C:\Program Files\Driving Test Success 2005-2006\FT3.exe	Infected Win32.Sality.E
C:\Documents and Settings\Tich Williams\Desktop\Driving Test Success - Theory.lnk=>C:\Program Files\Driving Test Success 2005-2006\FT3.exe	Disinfection failed
C:\Documents and Settings\Tich Williams\Desktop\Driving Test Success - Theory.lnk=>C:\Program Files\Driving Test Success 2005-2006\FT3.exe	Move failed
C:\Documents and Settings\Tich Williams\Desktop\Hijackthis.lnk=>C:\Program Files\Hijackthis\HijackThis.exe	Infected Win32.Sality.E
C:\Documents and Settings\Tich Williams\Desktop\Hijackthis.lnk=>C:\Program Files\Hijackthis\HijackThis.exe	Disinfection failed
C:\Documents and Settings\Tich Williams\Desktop\Hijackthis.lnk=>C:\Program Files\Hijackthis\HijackThis.exe	Move failed
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriver.exe	Infected Win32.Sality.E
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriver.exe	Disinfection failed
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriver.exe	Moved
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriver2.exe	Infected Win32.Sality.E
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriver2.exe	Disinfection failed
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriver2.exe	Moved
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Infected Win32.Sality.E
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Disinfection failed
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe	Moved
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_07.b03\launcher.exe	Infected Win32.Sality.E
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_07.b03\launcher.exe	Disinfection failed
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_07.b03\launcher.exe	Moved
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_07.b03\zipper.exe	Infected Win32.Sality.E
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_07.b03\zipper.exe	Disinfection failed
C:\Program Files\Common Files\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_07.b03\zipper.exe	Moved
C:\Program Files\Common Files\Microsoft Shared\Artgalry\ARTGALRY.EXE	Infected Win32.Sality.E
C:\Program Files\Common Files\Microsoft Shared\Artgalry\ARTGALRY.EXE	Disinfection failed
C:\Program Files\Common Files\Microsoft Shared\Artgalry\ARTGALRY.EXE	Moved
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdc.exe	Infected Win32.Sality.E
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdc.exe	Disinfection failed
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdc.exe	Moved
C:\Program Files\DiMAGE Viewer\DiMAGEViewer.exe	Infected Win32.Sality.E
C:\Program Files\DiMAGE Viewer\DiMAGEViewer.exe	Disinfection failed
C:\Program Files\DiMAGE Viewer\DiMAGEViewer.exe	Moved
C:\Program Files\DiMAGE Viewer\MLTAdd_in\IndexSheetMaker.exe	Infected Win32.Sality.E
C:\Program Files\DiMAGE Viewer\MLTAdd_in\IndexSheetMaker.exe	Disinfection failed
C:\Program Files\DiMAGE Viewer\MLTAdd_in\IndexSheetMaker.exe	Moved
C:\Program Files\DiMAGE Viewer\MLTAdd_in\ME.exe	Infected Win32.Sality.E
C:\Program Files\DiMAGE Viewer\MLTAdd_in\ME.exe	Disinfection failed
C:\Program Files\DiMAGE Viewer\MLTAdd_in\ME.exe	Moved
C:\Program Files\DiMAGE Viewer\MLTPrn_app\PrintMaster.exe	Infected Win32.Sality.E
C:\Program Files\DiMAGE Viewer\MLTPrn_app\PrintMaster.exe	Disinfection failed
C:\Program Files\DiMAGE Viewer\MLTPrn_app\PrintMaster.exe	Moved
C:\Program Files\Driving Test Success 2005-2006\DTS_HPT.exe	Infected Win32.Sality.E
C:\Program Files\Driving Test Success 2005-2006\DTS_HPT.exe	Disinfection failed
C:\Program Files\Driving Test Success 2005-2006\DTS_HPT.exe	Moved
C:\Program Files\Driving Test Success 2005-2006\FT3.exe Infected Win32.Sality.E
C:\Program Files\Driving Test Success 2005-2006\FT3.exe	Disinfection failed
C:\Program Files\Driving Test Success 2005-2006\FT3.exe	Moved
C:\Program Files\Driving Test Success 2005-2006\HPT_Diag.exe	Infected Win32.Sality.E
C:\Program Files\Driving Test Success 2005-2006\HPT_Diag.exe	Disinfection failed
C:\Program Files\Driving Test Success 2005-2006\HPT_Diag.exe	Moved
C:\Program Files\Driving Test Success 2005-2006\Vouchers.exe	Infected Win32.Sality.E
C:\Program Files\Driving Test Success 2005-2006\Vouchers.exe	Disinfection failed
C:\Program Files\Driving Test Success 2005-2006\Vouchers.exe	Moved
C:\Program Files\ewido anti-malware\ewidoctrl.exe	Infected Win32.Sality.E
C:\Program Files\ewido anti-malware\ewidoctrl.exe	Disinfection failed
C:\Program Files\ewido anti-malware\ewidoctrl.exe	Moved
C:\Program Files\ewido anti-malware\SecuritySuite.exe	Infected Win32.Sality.E
C:\Program Files\ewido anti-malware\SecuritySuite.exe	Disinfection failed
C:\Program Files\ewido anti-malware\SecuritySuite.exe	Moved
C:\Program Files\Hijackthis\HijackThis.exe	Infected Win32.Sality.E
C:\Program Files\Hijackthis\HijackThis.exe	Disinfection failed
C:\Program Files\Hijackthis\HijackThis.exe	Moved
C:\Program Files\InstallShield Installation Information\{CC93D1AA-B881-489A-8D7E-C2DBC1E6F350}\Setup.exe	Infected Win32.Sality.E
C:\Program Files\InstallShield Installation Information\{CC93D1AA-B881-489A-8D7E-C2DBC1E6F350}\Setup.exe	Disinfection failed
C:\Program Files\InstallShield Installation Information\{CC93D1AA-B881-489A-8D7E-C2DBC1E6F350}\Setup.exe	Moved
C:\Program Files\iTunes\iTunesHelper.exe	Infected Win32.Sality.E
C:\Program Files\iTunes\iTunesHelper.exe	Disinfection failed
C:\Program Files\iTunes\iTunesHelper.exe	Moved
C:\Program Files\Java\jre1.5.0_07\bin\java.exe	Infected Win32.Sality.E
C:\Program Files\Java\jre1.5.0_07\bin\java.exe	Disinfection failed
C:\Program Files\Java\jre1.5.0_07\bin\java.exe	Moved
C:\Program Files\Java\jre1.5.0_07\bin\javacpl.exe	Infected Win32.Sality.E
C:\Program Files\Java\jre1.5.0_07\bin\javacpl.exe	Disinfection failed
C:\Program Files\Java\jre1.5.0_07\bin\javacpl.exe	Moved
C:\Program Files\Java\jre1.5.0_07\bin\javaw.exe	Infected Win32.Sality.E
C:\Program Files\Java\jre1.5.0_07\bin\javaw.exe	Disinfection failed
C:\Program Files\Java\jre1.5.0_07\bin\javaw.exe	Moved
C:\Program Files\Java\jre1.5.0_07\bin\javaws.exe	Infected Win32.Sality.E
C:\Program Files\Java\jre1.5.0_07\bin\javaws.exe	Disinfection failed
C:\Program Files\Java\jre1.5.0_07\bin\javaws.exe	Moved
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe	Infected Win32.Sality.E
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe	Disinfection failed
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe	Moved
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe	Infected Win32.Sality.E
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe	Disinfection failed
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe	Moved
C:\Program Files\Java\jre1.5.0_07\bin\keytool.exe	Infected Win32.Sality.E
C:\Program Files\Java\jre1.5.0_07\bin\keytool.exe	Disinfection failed
C:\Program Files\Java\jre1.5.0_07\bin\keytool.exe	Moved
C:\Program Files\Java\jre1.5.0_07\bin\kinit.exe	Infected Win32.Sality.E
C:\Program Files\Java\jre1.5.0_07\bin\kinit.exe	Disinfection failed
C:\Program Files\Java\jre1.5.0_07\bin\kinit.exe	Moved
C:\Program Files\Java\jre1.5.0_07\bin\klist.exe	Infected Win32.Sality.E
C:\Program Files\Java\jre1.5.0_07\bin\klist.exe	Disinfection failed
C:\Program Files\Java\jre1.5.0_07\bin\klist.exe	Moved
C:\Program Files\Java\jre1.5.0_07\bin\ktab.exe	Infected Win32.Sality.E
C:\Program Files\Java\jre1.5.0_07\bin\ktab.exe	Disinfection failed
C:\Program Files\Java\jre1.5.0_07\bin\ktab.exe	Moved
C:\Program Files\Java\jre1.5.0_07\bin\orbd.exe	Infected Win32.Sality.E
C:\Program Files\Java\jre1.5.0_07\bin\orbd.exe	Disinfection failed
C:\Program Files\Java\jre1.5.0_07\bin\orbd.exe	Moved
C:\Program Files\Java\jre1.5.0_07\bin\pack200.exe	Infected Win32.Sality.E
C:\Program Files\Java\jre1.5.0_07\bin\pack200.exe	Disinfection failed
C:\Program Files\Java\jre1.5.0_07\bin\pack200.exe	Moved
C:\Program Files\Java\jre1.5.0_07\bin\policytool.exe	Infected Win32.Sality.E
C:\Program Files\Java\jre1.5.0_07\bin\policytool.exe	Disinfection failed
C:\Program Files\Java\jre1.5.0_07\bin\policytool.exe	Moved
C:\Program Files\Java\jre1.5.0_07\bin\rmid.exe	Infected Win32.Sality.E
C:\Program Files\Java\jre1.5.0_07\bin\rmid.exe	Disinfection failed
C:\Program Files\Java\jre1.5.0_07\bin\rmid.exe	Moved
C:\Program Files\Java\jre1.5.0_07\bin\rmiregistry.exe	Infected Win32.Sality.E
C:\Program Files\Java\jre1.5.0_07\bin\rmiregistry.exe	Disinfection failed
C:\Program Files\Java\jre1.5.0_07\bin\rmiregistry.exe	Moved
C:\Program Files\Java\jre1.5.0_07\bin\servertool.exe	Infected Win32.Sality.E
C:\Program Files\Java\jre1.5.0_07\bin\servertool.exe	Disinfection failed
C:\Program Files\Java\jre1.5.0_07\bin\servertool.exe	Moved
C:\Program Files\Java\jre1.5.0_07\bin\tnameserv.exe	Infected Win32.Sality.E
C:\Program Files\Java\jre1.5.0_07\bin\tnameserv.exe	Disinfection failed
C:\Program Files\Java\jre1.5.0_07\bin\tnameserv.exe	Moved
C:\Program Files\Java\jre1.5.0_07\bin\unpack200.exe	Infected Win32.Sality.E
C:\Program Files\Java\jre1.5.0_07\bin\unpack200.exe	Disinfection failed
C:\Program Files\Java\jre1.5.0_07\bin\unpack200.exe	Moved
C:\Program Files\Microsoft Office\Office\1033\MSOHELP.EXE	Infected Win32.Sality.E
C:\Program Files\Microsoft Office\Office\1033\MSOHELP.EXE	Disinfection failed
C:\Program Files\Microsoft Office\Office\1033\MSOHELP.EXE	Moved
C:\Program Files\Microsoft Office\Office\GRAPH9.EXE	Infected Win32.Sality.E
C:\Program Files\Microsoft Office\Office\GRAPH9.EXE	Disinfection failed
C:\Program Files\Microsoft Office\Office\GRAPH9.EXE	Moved
C:\Program Files\Microsoft Office\Office\WINWORD.EXE	Infected Win32.Sality.E
C:\Program Files\Microsoft Office\Office\WINWORD.EXE	Disinfection failed
C:\Program Files\Microsoft Office\Office\WINWORD.EXE	Moved
C:\Program Files\Softwin\BitDefender8\bdlite.exe	Infected Win32.Sality.E
C:\Program Files\Softwin\BitDefender8\bdlite.exe	Disinfection failed
C:\Program Files\Softwin\BitDefender8\bdlite.exe	Moved
C:\Program Files\Softwin\BitDefender8\bdmcon.exe	Infected Win32.Sality.E
C:\Program Files\Softwin\BitDefender8\bdmcon.exe	Disinfection failed
C:\Program Files\Softwin\BitDefender8\bdmcon.exe	Moved
C:\Program Files\Softwin\BitDefender8\bdsubmit.exe	Infected Win32.Sality.E
C:\Program Files\Softwin\BitDefender8\bdsubmit.exe	Disinfection failed
C:\Program Files\Softwin\BitDefender8\bdsubmit.exe	Moved
C:\Program Files\Softwin\BitDefender8\register.exe	Infected Win32.Sality.E
C:\Program Files\Softwin\BitDefender8\register.exe	Disinfection failed
C:\Program Files\Softwin\BitDefender8\register.exe	Moved
C:\Program Files\Softwin\BitDefender8\rtvr.exe	Infected Win32.Sality.E
C:\Program Files\Softwin\BitDefender8\rtvr.exe	Disinfection failed
C:\Program Files\Softwin\BitDefender8\rtvr.exe	Moved
C:\Program Files\Softwin\BitDefender8\upgrepl.exe	Infected Win32.Sality.E
C:\Program Files\Softwin\BitDefender8\upgrepl.exe	Disinfection failed
C:\Program Files\Softwin\BitDefender8\upgrepl.exe	Moved
C:\Program Files\Sony\Personal Audio Driver\UnUsb.exe	Infected Win32.Sality.E
C:\Program Files\Sony\Personal Audio Driver\UnUsb.exe	Disinfection failed
C:\Program Files\Sony\Personal Audio Driver\UnUsb.exe	Moved
C:\Program Files\Sony\SonicStage\AppReg.exe	Infected Win32.Sality.E
C:\Program Files\Sony\SonicStage\AppReg.exe	Disinfection failed
C:\Program Files\Sony\SonicStage\AppReg.exe	Moved
C:\Program Files\Sony\SonicStage\Omg1to2.exe	Infected Win32.Sality.E
C:\Program Files\Sony\SonicStage\Omg1to2.exe	Disinfection failed
C:\Program Files\Sony\SonicStage\Omg1to2.exe	Moved
C:\Program Files\Sony\SonicStage\OMG2OMA.exe	Infected Win32.Sality.E
C:\Program Files\Sony\SonicStage\OMG2OMA.exe	Disinfection failed
C:\Program Files\Sony\SonicStage\OMG2OMA.exe	Moved
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe	Infected Win32.Sality.E
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe	Disinfection failed
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe	Move failed
C:\Program Files\Windows Media Player\wmsetsdk.exe	Infected Win32.Sality.E
C:\Program Files\Windows Media Player\wmsetsdk.exe	Disinfection failed
C:\Program Files\Windows Media Player\wmsetsdk.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016064.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016064.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016064.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016065.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016065.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016065.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016067.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016067.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016067.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016072.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016072.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016072.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016074.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016074.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP39\A0016074.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018464.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018464.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018464.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018576.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018576.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018576.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018615.EXE	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018615.EXE	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018615.EXE	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018616.EXE	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018616.EXE	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018616.EXE	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018617.EXE	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018617.EXE	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018617.EXE	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018635.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018635.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018635.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018636.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018636.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018636.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018638.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018638.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018638.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018639.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018639.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018639.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018640.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018640.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018640.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018643.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018643.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018643.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018644.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018644.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018644.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018645.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018645.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018645.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018646.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018646.exe	Disinfection failed


----------



## tinytich (Jun 18, 2006)

C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018646.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018647.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018647.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018647.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018649.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018649.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018649.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018654.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018654.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018654.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018655.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018655.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018655.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018664.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018664.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018664.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018796.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018796.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018796.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018797.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018797.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018797.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018798.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018798.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018798.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018799.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018799.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018799.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018811.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018811.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP40\A0018811.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0022581.dll.{f21cd213-2a1e-46d7-88fa-28d1cc9cb4b5}.QQQ=>{f21cd213-2a1e-46d7-88fa-28d1cc9cb4b5}	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0022581.dll.{f21cd213-2a1e-46d7-88fa-28d1cc9cb4b5}.QQQ=>{f21cd213-2a1e-46d7-88fa-28d1cc9cb4b5}	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0022581.dll.{f21cd213-2a1e-46d7-88fa-28d1cc9cb4b5}.QQQ=>{f21cd213-2a1e-46d7-88fa-28d1cc9cb4b5}	Move failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0022710.dll.{85516e5c-20a6-41b2-9046-b6cb28235993}.QQQ=>{85516e5c-20a6-41b2-9046-b6cb28235993}	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0022710.dll.{85516e5c-20a6-41b2-9046-b6cb28235993}.QQQ=>{85516e5c-20a6-41b2-9046-b6cb28235993}	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0022710.dll.{85516e5c-20a6-41b2-9046-b6cb28235993}.QQQ=>{85516e5c-20a6-41b2-9046-b6cb28235993}	Move failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0022727.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0022727.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0022727.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0022728.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0022728.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0022728.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0022749.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0022749.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0022749.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023732.dll.{546bad75-8c69-40b4-9755-9f24bba309e3}.QQQ=>{546bad75-8c69-40b4-9755-9f24bba309e3}	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023732.dll.{546bad75-8c69-40b4-9755-9f24bba309e3}.QQQ=>{546bad75-8c69-40b4-9755-9f24bba309e3}	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023732.dll.{546bad75-8c69-40b4-9755-9f24bba309e3}.QQQ=>{546bad75-8c69-40b4-9755-9f24bba309e3}	Move failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023746.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023746.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023746.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023754.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023754.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023754.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023858.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023858.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023858.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023859.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023859.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023859.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023860.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023860.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023860.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023865.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023865.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023865.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023867.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023867.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023867.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023868.EXE	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023868.EXE	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023868.EXE	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023873.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023873.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023873.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023877.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023877.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023877.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023879.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023879.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0023879.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0024739.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0024739.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0024739.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0024741.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0024741.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0024741.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025729.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025729.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025729.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025730.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025730.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025730.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025731.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025731.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025731.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025732.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025732.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025732.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025733.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025733.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025733.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025734.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025734.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025734.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025735.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025735.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025735.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025736.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025736.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025736.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025737.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025737.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025737.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025738.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025738.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025738.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025739.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025739.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025739.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025740.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025740.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025740.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025741.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025741.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025741.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025745.dll.{85d3315d-8098-4348-91e9-facc448c39ab}.QQQ=>{85d3315d-8098-4348-91e9-facc448c39ab}	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP42\A0025745.dll.{85d3315d-8098-4348-91e9-facc448c39ab}.QQQ=>{85d3315d-8098-4348-91e9-facc448c39ab}	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027471.EXE	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027472.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027472.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027472.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027473.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027473.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027473.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027474.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027474.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027474.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027475.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027475.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027475.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027476.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027476.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027476.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027477.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027477.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027477.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027478.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027478.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027478.exe Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027479.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027479.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027479.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027480.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027480.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027480.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027481.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027481.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027481.exe	Moved
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027482.exe	Infected Win32.Sality.E
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027482.exe	Disinfection failed
C:\System Volume Information\_restore{F4F6420C-F981-4FF1-BA8F-837AE1216AFE}\RP54\A0027482.exe	Moved
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\accicons.exe	Infected Win32.Sality.E
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\accicons.exe	Disinfection failed
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\accicons.exe	Moved
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\fpicon.exe	Infected Win32.Sality.E
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\fpicon.exe	Disinfection failed
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\fpicon.exe	Moved
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\outicon.exe	Infected Win32.Sality.E
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\outicon.exe	Disinfection failed
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\outicon.exe	Moved
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\xlicons.exe	Infected Win32.Sality.E
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\xlicons.exe	Disinfection failed
C:\WINDOWS\Installer\{00170409-78E1-11D2-B60F-006097C998E7}\xlicons.exe	Moved
C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe	Infected Win32.Sality.E
C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe	Disinfection failed
C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe	Moved
C:\WINDOWS\system32\wmimgr32.dll.{27bf258c-a27e-42bf-ad1d-f40446c1f111}.QQQ=>{27bf258c-a27e-42bf-ad1d-f40446c1f111}	Infected Win32.Sality.E
C:\WINDOWS\system32\wmimgr32.dll.{27bf258c-a27e-42bf-ad1d-f40446c1f111}.QQQ=>{27bf258c-a27e-42bf-ad1d-f40446c1f111}	Disinfection failed
C:\WINDOWS\system32\wmimgr32.dll.{27bf258c-a27e-42bf-ad1d-f40446c1f111}.QQQ=>{27bf258c-a27e-42bf-ad1d-f40446c1f111}	Move failed
C:\WINDOWS\system32\wmimgr32.dll.{2b126e18-3b91-427f-bdba-2c6bee449465}.QQQ=>{2b126e18-3b91-427f-bdba-2c6bee449465}	Infected Win32.Sality.E
C:\WINDOWS\system32\wmimgr32.dll.{2b126e18-3b91-427f-bdba-2c6bee449465}.QQQ=>{2b126e18-3b91-427f-bdba-2c6bee449465}	Disinfection failed
C:\WINDOWS\system32\wmimgr32.dll.{2b126e18-3b91-427f-bdba-2c6bee449465}.QQQ=>{2b126e18-3b91-427f-bdba-2c6bee449465}	Move failed
C:\WINDOWS\system32\wmimgr32.dll.{3500cd1b-f352-425d-bb1c-53e8d6a7ea67}.QQQ=>{3500cd1b-f352-425d-bb1c-53e8d6a7ea67}	Infected Win32.Sality.E
C:\WINDOWS\system32\wmimgr32.dll.{3500cd1b-f352-425d-bb1c-53e8d6a7ea67}.QQQ=>{3500cd1b-f352-425d-bb1c-53e8d6a7ea67}	Disinfection failed
C:\WINDOWS\system32\wmimgr32.dll.{3500cd1b-f352-425d-bb1c-53e8d6a7ea67}.QQQ=>{3500cd1b-f352-425d-bb1c-53e8d6a7ea67}	Move failed
C:\WINDOWS\system32\wmimgr32.dll.{d4a62299-3418-4cc6-8b82-c7070b74d2b0}.QQQ=>{d4a62299-3418-4cc6-8b82-c7070b74d2b0}	Infected Win32.Sality.E
C:\WINDOWS\system32\wmimgr32.dll.{d4a62299-3418-4cc6-8b82-c7070b74d2b0}.QQQ=>{d4a62299-3418-4cc6-8b82-c7070b74d2b0}	Disinfection failed
C:\WINDOWS\system32\wmimgr32.dll.{d4a62299-3418-4cc6-8b82-c7070b74d2b0}.QQQ=>{d4a62299-3418-4cc6-8b82-c7070b74d2b0}	Move failed
C:\WINDOWS\system32\wmimgr32.dll.{d749159f-042a-4e14-a5b7-2312b80041b1}.QQQ=>{d749159f-042a-4e14-a5b7-2312b80041b1}	Infected Win32.Sality.E
C:\WINDOWS\system32\wmimgr32.dll.{d749159f-042a-4e14-a5b7-2312b80041b1}.QQQ=>{d749159f-042a-4e14-a5b7-2312b80041b1}	Disinfection failed
C:\WINDOWS\system32\wmimgr32.dll.{d749159f-042a-4e14-a5b7-2312b80041b1}.QQQ=>{d749159f-042a-4e14-a5b7-2312b80041b1}	Move failed
C:\WINDOWS\system32\wmimgr32.dll.{eaf36daf-052d-4b56-b200-da7c9bedc51f}.QQQ=>{eaf36daf-052d-4b56-b200-da7c9bedc51f}	Infected Win32.Sality.E
C:\WINDOWS\system32\wmimgr32.dll.{eaf36daf-052d-4b56-b200-da7c9bedc51f}.QQQ=>{eaf36daf-052d-4b56-b200-da7c9bedc51f}	Disinfection failed
C:\WINDOWS\system32\wmimgr32.dll.{eaf36daf-052d-4b56-b200-da7c9bedc51f}.QQQ=>{eaf36daf-052d-4b56-b200-da7c9bedc51f}	Move failed
C:\WINDOWS\system32\wmimgr32.dll.{f77f53b3-f8a3-4262-acf5-8dd184fb4504}.QQQ=>{f77f53b3-f8a3-4262-acf5-8dd184fb4504}	Infected Win32.Sality.E
C:\WINDOWS\system32\wmimgr32.dll.{f77f53b3-f8a3-4262-acf5-8dd184fb4504}.QQQ=>{f77f53b3-f8a3-4262-acf5-8dd184fb4504}	Disinfection failed
C:\WINDOWS\system32\wmimgr32.dll.{f77f53b3-f8a3-4262-acf5-8dd184fb4504}.QQQ=>{f77f53b3-f8a3-4262-acf5-8dd184fb4504}	Move failed
C:\WINDOWS\system32\wmimgr32.dll.{f9d6cb66-bf0a-4c9a-a7fb-0276f666ed40}.QQQ=>{f9d6cb66-bf0a-4c9a-a7fb-0276f666ed40}	Infected Win32.Sality.E
C:\WINDOWS\system32\wmimgr32.dll.{f9d6cb66-bf0a-4c9a-a7fb-0276f666ed40}.QQQ=>{f9d6cb66-bf0a-4c9a-a7fb-0276f666ed40}	Disinfection failed
C:\WINDOWS\system32\wmimgr32.dll.{f9d6cb66-bf0a-4c9a-a7fb-0276f666ed40}.QQQ=>{f9d6cb66-bf0a-4c9a-a7fb-0276f666ed40}	Move failed
C:\WINDOWS\system32\wmimgr32.dl_=>(MS-Compress 5)	Infected Win32.Worm.Sality.A
C:\WINDOWS\system32\wmimgr32.dl_=>(MS-Compress 5)	Disinfection failed
C:\WINDOWS\system32\wmimgr32.dl_	Moved


----------



## Cookiegal (Aug 27, 2003)

Turn off system restore. To do that, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Reboot your computer.

Now please do this:

1. Please *download* *The Avenger* by Swandog46 to your *Desktop*.
Click on Avenger.zip to open the file
Extract *avenger.exe* to your desktop

2. Copy all the text contained in the quote box below including the line "files to delete:" to your Clipboard by highlighting it and pressing (*Ctrl+C*):



> Files to delete:
> C:\WINDOWS\system32\wmimgr32.dll
> C:\WINDOWS\system32\syslib32.dll
> C:\WINDOWS\system32\oledsp32.dll
> ...


_*
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.*_

3. Now, *start The Avenger program* by clicking on its icon on your desktop.
 Under "*Script file to execute*" choose "*Input Script Manually*".
Now click on the *Magnifying Glass icon* which will open a new window titled "*View/edit script*" 
 Paste the text copied to clipboard into this window by pressing (*Ctrl+V*).
 Click *Done* 
 Now click on the *Green Light* to begin execution of the script 
 Answer "*Yes*" twice when prompted.
4. *The Avenger will automatically do the following*:
It will *Restart your computer*. ( In cases where the code to execute contains "*Drivers to Unload*", The Avenger will actually *restart your system twice.*) 
On reboot, it will briefly *open a black command window* on your desktop, this is normal.
After the restart, it *creates a log file* that should open with the results of Avengers actions. This log file will be located at *C:\avenger.txt*
 The Avenger will also have *backed up all the files, etc., that you asked it to delete*, and will have zipped them and moved the zip archives to *C:\avenger\backup.zip*.
5. Please *copy/paste* the content of *c:\avenger.txt* into your reply along with a fresh HJT log.

Do this on-line virus scan and post the results:

http://us.mcafee.com/root/mfs/default.asp?affid=294

Then run another Kaspersky scan and post the log please.


----------



## tinytich (Jun 18, 2006)

Ok....Avenger Log and HJT Log....mcafee and Kaspersky to follow....

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\yvvjwpml

*******************

Script file located at: \??\C:\Documents and Settings\jewatkqk.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\wmimgr32.dll deleted successfully.

File C:\WINDOWS\system32\syslib32.dll not found!
Deletion of file C:\WINDOWS\system32\syslib32.dll failed!

Could not process line:
C:\WINDOWS\system32\syslib32.dll
Status: 0xc0000034

File C:\WINDOWS\system32\oledsp32.dll not found!
Deletion of file C:\WINDOWS\system32\oledsp32.dll failed!

Could not process line:
C:\WINDOWS\system32\oledsp32.dll
Status: 0xc0000034

File C:\WINDOWS\system32\olemdb32.dll not found!
Deletion of file C:\WINDOWS\system32\olemdb32.dll failed!

Could not process line:
C:\WINDOWS\system32\olemdb32.dll
Status: 0xc0000034

File C:\WINDOWS\system32\\wcimgr32.dll not found!
Deletion of file C:\WINDOWS\system32\\wcimgr32.dll failed!

Could not process line:
C:\WINDOWS\system32\\wcimgr32.dll
Status: 0xc0000034

Completed script processing.

*******************

Finished! Terminate.

Logfile of HijackThis v1.99.1
Scan saved at 21:10:42, on 22/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.ebay.co.uk/ws/eBayISAPI.dll?MyEbayForGuests
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\MSO7FTP.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.36/WinSSWebAgent.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098471789737
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150238421048
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


----------



## Cookiegal (Aug 27, 2003)

Please run Avenger again using this script as I made an error in it the last time around:



> Files to delete:
> C:\WINDOWS\system32\wcimgr32.dll


Please post the log from Avenger and then run Kaspersky and post that log.


----------



## tinytich (Jun 18, 2006)

ok.....will do that asap......in the meantime...here is the mcafee log findings and i will do the avenger kaspersky log soon.....

C:\Play Rally Championship Xtreme Online free w... Adware-Url.gen 
C:\Program Files\...\Quarantine\bdlite.exe W32/Sality.n 
C:\Program Files\...\Quarantine\bdmcon.exe W32/Sality.n 
C:\Program Files\...\Quarantine\jusched.exe W32/Sality.n 
C:\Program Files\...\Quarantine\msnmsgr.exe W32/Sality.n 
C:\Program Files\...\Quarantine\realsched.exe W32/Sality.n 
C:\Program Files\...\Quarantine\cs142[1].ssq Exploit-ObscuredHtml 
C:\Program Files\...\Quarantine\cs142[2].ssq Exploit-ObscuredHtml 
C:\Program Files\...\Quarantine\cs142[3].ssq Exploit-ObscuredHtml 
C:\Program Files\...\Quarantine\cs142[4].ssq Exploit-ObscuredHtml 
C:\Program Files\...\SpySweeperUI.exe W32/Sality.n 
C:\WINDOWS\system32\wmimgr32.dl_ W32/Sality.n.dll


----------



## Cookiegal (Aug 27, 2003)

:up:


----------



## tinytich (Jun 18, 2006)

ok.....avenger log here.....kaspersky to follow mate...

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qdojdynh

*******************

Script file located at: \??\C:\ildxqagv.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\wmimgr32.dll deleted successfully.


File C:\WINDOWS\system32\syslib32.dll not found!
Deletion of file C:\WINDOWS\system32\syslib32.dll failed!

Could not process line:
C:\WINDOWS\system32\syslib32.dll
Status: 0xc0000034



File C:\WINDOWS\system32\oledsp32.dll not found!
Deletion of file C:\WINDOWS\system32\oledsp32.dll failed!

Could not process line:
C:\WINDOWS\system32\oledsp32.dll
Status: 0xc0000034



File C:\WINDOWS\system32\olemdb32.dll not found!
Deletion of file C:\WINDOWS\system32\olemdb32.dll failed!

Could not process line:
C:\WINDOWS\system32\olemdb32.dll
Status: 0xc0000034



File C:\WINDOWS\system32\wcimgr32.dll not found!
Deletion of file C:\WINDOWS\system32\wcimgr32.dll failed!

Could not process line:
C:\WINDOWS\system32\wcimgr32.dll
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


----------



## Cookiegal (Aug 27, 2003)

That's fine. Please post the Kaspersky scan when you can.


----------



## tinytich (Jun 18, 2006)

ok....kaspersky follows now...lookin far better....ill also mention now.....i have windows live one care installed and i am unsure whether its helpin...anyway.....avast and live one care are finding far less viruses however wmimgr32.dll its still making regular appearences....anyway...here is a far nicer lookin kaspersky log....

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, July 23, 2006 11:23:07 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 23/07/2006
Kaspersky Anti-Virus database records: 209391
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 87725
Number of viruses found: 3
Number of infected objects: 9 / 0
Number of suspicious objects: 0
Duration of the scan process: 02:00:49

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d1abe9818804117a356a7c29307798a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39007807066b6af39cd275e2ae251ec7_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\51f695f5a496072fe889241bfd1f087a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56f73e80629e8b7136f72c863d405136_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\76012b21f9852604c6a3f9f103dbf79a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c6c3d93312043a12a8f3bbabe5af908a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dddea9e36b93be314d858b554e3cbb8b_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd29345d01bb8c1690638bdf3e9dd08d_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\edb.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\MPSSVCPolicyIdLog.etl	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-07182006-235404.log	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Data\settings.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Desktop\Tich Stuff\Temporary Internet Files\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{20E5CECF-CEA1-4C72-A199-C92380B6BE09}	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\History\History.IE5\MSHist012006072320060724\index.dat Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Temp\Perflib_Perfdata_588.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\ntuser.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Tich Williams\UserData\index.dat	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Ent.dat	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\prov.xml	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\Service.xml	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\service.xml.bak	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\user.xml	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\user.xml.bak	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\edb.log	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\tmp.edb	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\WinSS_st.edb	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\WinSSSvc_log.bin	Object is locked	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\bdlite.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\bdmcon.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\jusched.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\msnmsgr.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\realsched.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\wmrandv32.dll	Infected: Trojan-Proxy.Win32.Agent.dd	skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const	Object is locked	skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.mst	Object is locked	skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base	Object is locked	skipped
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe	Infected: Virus.Win32.Sality.l	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb	Object is locked	skipped
C:\WINDOWS\system32\config\Antivirus.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\default	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\MSFWSVC.evt	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\software	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\system	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt	Object is locked	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\system32\wmimgr32.dll	Object is locked	skipped
C:\WINDOWS\system32\wmimgr32.dl_/	Infected: Virus.Win32.Sality.k	skipped
C:\WINDOWS\system32\wmimgr32.dl_	MS Expand: infected - 1	skipped
C:\WINDOWS\Temp\Perflib_Perfdata_784.dat	Object is locked	skipped
C:\WINDOWS\Temp\tmp00004179\tmp00000000	Object is locked	skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt	Object is locked	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped

Scan process completed.


----------



## Cookiegal (Aug 27, 2003)

It's looking much better.

Go to Start - Search and under *More advanced search options*, make sure there is a check by *Search System Folders* and *Search hidden files and folders* and *Search system subfolders*

Next click on My Computer. Go to Tools - Folder Options. Click on the View tab and make sure that *Show hidden files and folders* is checked. Also uncheck *Hide protected operating system files* and *Hide extensions for known file types. * Now click *Apply to all folders.* Click *Apply* then *OK*

Boot to safe mode.

Locate any files that begin with *wmimgr32 *and delete them.

Go to: C:\WINDOWS\Temp

Delete everything in the temp folder.

Scan again with BitDefender, Kaspersky and your resident anti-virus Avast and post all of the logs.


----------



## grandma77 (Apr 1, 2006)

Cookiegal,

I have been reading the posts. In post 46 tinytich is using avast...in posts 51 & 53 talks of using mcafee...could this be a problem???


----------



## Cookiegal (Aug 27, 2003)

grandma77 said:


> Cookiegal,
> 
> I have been reading the posts. In post 46 tinytich is using avast...in posts 51 & 53 talks of using mcafee...could this be a problem???


I know there are problems with Avast and Panda but I'm not aware of any with Avast and McAfee. This is just an on-line scan I asked tinytich to do so McAfee is not actually installed on the system.


----------



## tinytich (Jun 18, 2006)

well.....after last nights excitment with the kaspersky a little worse today....yesterday and this morn when rebooting avast was not locating any viruses but this afternoon on a couple of reboots its still finding that little critter wmimgr32.....also bit defnder has crashed on me twice tonight with it scans....therefore i decided to do a ewido anyway and kaspersky and avast will be done very soon and hopefully a bit defender by the morning....

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 23:04:24, 24/07/2006
+ Report-Checksum: 51F0BB3D

+ Scan result:

No infected objects found.


::Report End


----------



## Cookiegal (Aug 27, 2003)

OK, that's fine. :up:


----------



## tinytich (Jun 18, 2006)

well.....here is the kaspersky log now....bit defnder crashed again last night after only 2 mins....im not sure if its not compatible with something.....i tried an avast thorough scan also but after 13hrs hadnt finished.....will try a standard one later......so here is kaspersky...similar to the last one i think.....

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, July 25, 2006 4:49:13 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 24/07/2006
Kaspersky Anti-Virus database records: 209652
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 88768
Number of viruses found: 3
Number of infected objects: 9 / 0
Number of suspicious objects: 0
Duration of the scan process: 03:41:00

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d1abe9818804117a356a7c29307798a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39007807066b6af39cd275e2ae251ec7_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\51f695f5a496072fe889241bfd1f087a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56f73e80629e8b7136f72c863d405136_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\76012b21f9852604c6a3f9f103dbf79a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c6c3d93312043a12a8f3bbabe5af908a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dddea9e36b93be314d858b554e3cbb8b_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd29345d01bb8c1690638bdf3e9dd08d_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\edb.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\edbtmp.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\MPSSVCPolicyIdLog.etl	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-07182006-235404.log	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot\Spy Sweeper\Data\settings.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Desktop\Tich Stuff\Temporary Internet Files\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{5FD6C611-3200-409E-8A94-317995CF7591}	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\History\History.IE5\MSHist012006072420060725\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\ntuser.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\ntuser.dat.LOG	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Ent.dat	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\prov.xml	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\Service.xml	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\service.xml.bak	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\user.xml	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\user.xml.bak	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\edb.log	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\tmp.edb	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\WinSS_st.edb	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\WinSSSvc_log.bin	Object is locked	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\bdlite.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\bdmcon.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\jusched.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\msnmsgr.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\realsched.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\wmrandv32.dll	Infected: Trojan-Proxy.Win32.Agent.dd	skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const	Object is locked	skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.mst	Object is locked	skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base	Object is locked	skipped
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe	Infected: Virus.Win32.Sality.l	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb	Object is locked	skipped
C:\WINDOWS\system32\config\Antivirus.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\default	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\MSFWSVC.evt	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\software	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\system	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt	Object is locked	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\system32\wmimgr32.dl_/	Infected: Virus.Win32.Sality.k	skipped
C:\WINDOWS\system32\wmimgr32.dl_	MS Expand: infected - 1	skipped
C:\WINDOWS\Temp\Perflib_Perfdata_75c.dat	Object is locked	skipped
C:\WINDOWS\Temp\tmp000020eb\tmp00000000	Object is locked	skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt	Object is locked	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped

Scan process completed.


----------



## Cookiegal (Aug 27, 2003)

Did you do what I suggested in post no. 58?


----------



## tinytich (Jun 18, 2006)

i did do it but im gonna do it again now....bit defender is still messed up.....im gonna reinstall it completely now.....i will then run bit defender / kaspersky / avast again.....when i do these should i be turning off avast / spy doctor and i have windows live one care too now....i think havin all these on is slowin my comp and maybe disrupting each other possibly...


----------



## tinytich (Jun 18, 2006)

before i do that just did an avast quick virus scan...no infecinfections found.....gonna re do post 58 and kaspersky/bit defender to follow


----------



## tinytich (Jun 18, 2006)

re done the post 58 now.......have installed bit defender from scratch and on first initial scan found 0 viruses.....am doin a proper scan now......hopefully wont crash this time fingers crossed......to add have avast / windows live one care currently running in back ground and once again, even after that deletion, live one care informed me of wmimgr32 again...just keeps coming back.....lets see what bitdefender and kaspersky come up with !! cheers again


----------



## Cookiegal (Aug 27, 2003)

:up:


----------



## tinytich (Jun 18, 2006)

hi again...

did a bit defender scan again lst night that crashed computer again...then the kaspersky one was left overnight but on 95% stopped (approx 1.5 hrs)....so no results there either....it was on 5 infections by 2 viruses at the time (very similar to last two) ...any others scns i can try ? should i get rid of some of the other scans i have running as i have so many now i dont know whether they conflict but on the other hand im not sure i wanna turn them off !!


----------



## Cookiegal (Aug 27, 2003)

I'd like to try something so please do this:
*
notepad c:\windows\system.ini*

Copy and paste the text that comes up here please.


----------



## Cookiegal (Aug 27, 2003)

Was SP2 just recently installed by any chance?


----------



## tinytich (Jun 18, 2006)

hi there....

im away from my computer for a couple of nights. I will try that test on my return...would u like me to paste that info into notepad ?!??!!??.....also sp2 was installed initially over a year ago but i had to reinstall windows on my computer 3/4 months ago and therefore had to reinstall all updates, incl sp2.

cheers

rich


----------



## Cookiegal (Aug 27, 2003)

It should automatically open up in Notepad with the information already there. Please copy and paste that information here.


----------



## tinytich (Jun 18, 2006)

im back......so as requested....

; for 16-bit app support

[drivers]
wave=mmdrv.dll
timer=timer.drv

[mci]
[TFTempCache]
NOTICE=1
[mcidrv32]
VideoVer=473140
_hr=22
_dr=18
WININET=2
[IDslow]
IDVer32=308934
[driver32]
[386enh]
woafont=dosapp.FON
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON


----------



## Cookiegal (Aug 27, 2003)

Open the system.ini folder in Notepad as before (notepad c:\windows\system.ini) and remove all of these lines:

*[TFTempCache]
NOTICE=1
[mcidrv32]
VideoVer=473140
_hr=22
_dr=18
WININET=2
[IDslow]
IDVer32=308934*

Your new system.ini file should now look like this:

*; for 16-bit app support
[drivers]
wave=mmdrv.dll
timer=timer.drv
[mci]
[driver32]
[386enh]
woafont=dosapp.FON
EGA80WOA.FON=EGA80WOA.FON
EGA40WOA.FON=EGA40WOA.FON
CGA80WOA.FON=CGA80WOA.FON
CGA40WOA.FON=CGA40WOA.FON*

Click on File and "Save".

Reboot and then run the McAfee on-line scan again and another Bit Defender and Kaspersky scan.


----------



## tinytich (Jun 18, 2006)

wow !! things are lookin much better and both kaspersky and bit defender worked....a couple of things before i put the logs up....

1. my computer is still not set up to set retore points....is this ok ? i just asked as i haev reinstalled sonic stage and it reminded me of this...
2. bitdefender found a virus in msn messanger....i can in fact use msn messenger but every time i open it avast and windows live onecare alert me to this virus.
3. i only installed mozilla firefox last night and the exe file was infected on the scan....i have not reinstalled most of my software (ie. word/games/) yet until i sort computer out but it seems as soon as a new prog is installed the .exe is immediatly effected.....i shall see on a new scan later whether sonic stage is infected as i only reinstalled this this morning....

anyway.....dunno if that helpd but here are some far nicer looking logs...in order mcafee/bitdefender/kaspersky

mcafee

1 infected file

C:\Play Rally Championship Xtreme Online free w... Adware-Url.gen

bit defender

//-----------------------------------------------------------------
//
//	Product: BitDefender 8 Free Edition
//	Version: 8.0
//
//	Created on:	31/07/2006	11:31:36
//
//-----------------------------------------------------------------

Statistics

Scan path	: C:\
Folders	: 6685
Files	: 329850
Archives	: 9948 
Packed files	: 29244
Identified viruses	: 2
Infected files	: 4
Warnings	: 0
Suspect files	: 0
Disinfected files	: 0
Deleted files	: 0
Copied files	: 0
Moved files	: 1
Renamed files	: 0
I/O errors	: 71
Scan time	: 01:37:03
Scan speed (files/sec)	: 56

Virus definitions	: 425499
Scan plugins	: 13
Archive plugins	: 39
Unpack plugins	: 5
Mail plugins	: 6
System plugins	: 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions: 
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\Documents and Settings\All Users\Desktop\MSN Messenger 7.5.lnk=>C:\Program Files\Softwin\BitDefender8\Quarantine\msnmsgr.exe	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Desktop\MSN Messenger 7.5.lnk=>C:\Program Files\Softwin\BitDefender8\Quarantine\msnmsgr.exe	Disinfection failed
C:\Documents and Settings\All Users\Desktop\MSN Messenger 7.5.lnk=>C:\Program Files\Softwin\BitDefender8\Quarantine\msnmsgr.exe	Move failed
C:\Program Files\Mozilla Firefox\firefox.exe	Infected Backdoor.Ra.AS
C:\Program Files\Mozilla Firefox\firefox.exe	Disinfection failed
C:\Program Files\Mozilla Firefox\firefox.exe	Moved
C:\WINDOWS\system32\wmimgr32.dll.{5dac3adf-b76c-48a9-adf0-f0e55b5fb8d5}.QQQ=>{5dac3adf-b76c-48a9-adf0-f0e55b5fb8d5}	Infected Win32.Sality.E
C:\WINDOWS\system32\wmimgr32.dll.{5dac3adf-b76c-48a9-adf0-f0e55b5fb8d5}.QQQ=>{5dac3adf-b76c-48a9-adf0-f0e55b5fb8d5}	Disinfection failed
C:\WINDOWS\system32\wmimgr32.dll.{5dac3adf-b76c-48a9-adf0-f0e55b5fb8d5}.QQQ=>{5dac3adf-b76c-48a9-adf0-f0e55b5fb8d5}	Move failed
C:\WINDOWS\system32\wmimgr32.dll.{c04a7c8a-453d-4c70-bb78-865e44482943}.QQQ=>{c04a7c8a-453d-4c70-bb78-865e44482943}	Infected Win32.Sality.E
C:\WINDOWS\system32\wmimgr32.dll.{c04a7c8a-453d-4c70-bb78-865e44482943}.QQQ=>{c04a7c8a-453d-4c70-bb78-865e44482943}	Disinfection failed
C:\WINDOWS\system32\wmimgr32.dll.{c04a7c8a-453d-4c70-bb78-865e44482943}.QQQ=>{c04a7c8a-453d-4c70-bb78-865e44482943}	Move failed

Kaspersky

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, July 31, 2006 11:31:24 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 31/07/2006
Kaspersky Anti-Virus database records: 210980
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 88953
Number of viruses found: 2
Number of infected objects: 5 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:46:46

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d1abe9818804117a356a7c29307798a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39007807066b6af39cd275e2ae251ec7_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\51f695f5a496072fe889241bfd1f087a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56f73e80629e8b7136f72c863d405136_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\76012b21f9852604c6a3f9f103dbf79a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c6c3d93312043a12a8f3bbabe5af908a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dddea9e36b93be314d858b554e3cbb8b_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd29345d01bb8c1690638bdf3e9dd08d_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\edb.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\MPSSVCPolicyIdLog.etl	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-07182006-235404.log	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Desktop\Tich Stuff\Temporary Internet Files\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{EAC0D2DA-967D-4380-AC5B-0417CA005B4F}	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\History\History.IE5\MSHist012006073120060801\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Temp\Perflib_Perfdata_164.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\ntuser.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Tich Williams\UserData\index.dat	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Ent.dat	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\prov.xml	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\Service.xml	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\service.xml.bak	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\user.xml	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\user.xml.bak	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\edb.log	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\tmp.edb	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\WinSS_st.edb	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\WinSSSvc_log.bin	Object is locked	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\bdlite.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\bdmcon.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\msnmsgr.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\realsched.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\wmrandv32.dll	Infected: Trojan-Proxy.Win32.Agent.dd	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb	Object is locked	skipped
C:\WINDOWS\system32\config\Antivirus.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\default	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\MSFWSVC.evt	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\software	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\system	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt	Object is locked	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\Temp\Perflib_Perfdata_774.dat	Object is locked	skipped
C:\WINDOWS\Temp\tmp000071c1\tmp00000000	Object is locked	skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt	Object is locked	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped

Scan process completed.


----------



## Cookiegal (Aug 27, 2003)

Things are looking better.

Let's run Killbox again but this time using the delete on reboot option.


 Please double-click *Killbox.exe* to run it.
 Select:
*Delete on Reboot*
 then *Click* on the *All Files* button.

Please *copy the file paths below to the clipboard* by highlighting *ALL* of them and *pressing CTRL + C* (or, after highlighting, right-click and choose copy):

*C:\WINDOWS\system32\wmimgr32.dll*

 Return to Killbox, go to the *File* menu, and choose *Paste from Clipboard*.

Click the red-and-white *Delete File* button. Click *Yes* at the Delete on Reboot prompt. Click *OK* at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

_*If your computer does not restart automatically, please restart it manually*_.

Also, please do the following:

Download the Registry Search Tool here:

http://www.billsway.com/vbspage/

Unzip it and run it. If your antivirus interferes you may have to disable script blocking in the antivirus. Copy and Paste the following in the search box:

*5dac3adf-b76c-48a9-adf0-f0e55b5fb8d5*

Copy and paste the results here.

Do the same as above for this one as well:

*c04a7c8a-453d-4c70-bb78-865e44482943*


----------



## tinytich (Jun 18, 2006)

ok....

killbox done and PendingFileRenameOperations box did open and i ok'd it.....have just done the registry search tool on both those files and no results were found for either !!


----------



## Cookiegal (Aug 27, 2003)

Run Bit Defender again please.


----------



## tinytich (Jun 18, 2006)

slowly getting better !!

just to let u know that what i last said about firefox and recently installing it...well on the last scan it had an infection so i reinstalled and hey ho its infected again....dunno if thats a coincedence or if whenever i install somethign the virus infects the new .exe.

anyway...

//-----------------------------------------------------------------
//
//	Product: BitDefender 8 Free Edition
//	Version: 8.0
//
//	Created on:	31/07/2006	17:21:49
//
//-----------------------------------------------------------------

Statistics

Scan path	: C:\
Folders	: 6690
Files	: 332287
Archives	: 9970 
Packed files	: 29365
Identified viruses	: 2
Infected files	: 4
Warnings	: 0
Suspect files	: 0
Disinfected files	: 0
Deleted files	: 0
Copied files	: 0
Moved files	: 1
Renamed files	: 0
I/O errors	: 70
Scan time	: 01:55:08
Scan speed (files/sec)	: 48

Virus definitions	: 425545
Scan plugins	: 13
Archive plugins	: 39
Unpack plugins	: 5
Mail plugins	: 6
System plugins	: 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions: 
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\Documents and Settings\All Users\Desktop\MSN Messenger 7.5.lnk=>C:\Program Files\Softwin\BitDefender8\Quarantine\msnmsgr.exe	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Desktop\MSN Messenger 7.5.lnk=>C:\Program Files\Softwin\BitDefender8\Quarantine\msnmsgr.exe	Disinfection failed
C:\Documents and Settings\All Users\Desktop\MSN Messenger 7.5.lnk=>C:\Program Files\Softwin\BitDefender8\Quarantine\msnmsgr.exe	Move failed
C:\Program Files\Mozilla Firefox\firefox.exe	Infected Backdoor.Ra.AS
C:\Program Files\Mozilla Firefox\firefox.exe	Disinfection failed
C:\Program Files\Mozilla Firefox\firefox.exe	Moved
C:\WINDOWS\system32\wmimgr32.dll.{5dac3adf-b76c-48a9-adf0-f0e55b5fb8d5}.QQQ=>{5dac3adf-b76c-48a9-adf0-f0e55b5fb8d5}	Infected Win32.Sality.E
C:\WINDOWS\system32\wmimgr32.dll.{5dac3adf-b76c-48a9-adf0-f0e55b5fb8d5}.QQQ=>{5dac3adf-b76c-48a9-adf0-f0e55b5fb8d5}	Disinfection failed
C:\WINDOWS\system32\wmimgr32.dll.{5dac3adf-b76c-48a9-adf0-f0e55b5fb8d5}.QQQ=>{5dac3adf-b76c-48a9-adf0-f0e55b5fb8d5}	Move failed
C:\WINDOWS\system32\wmimgr32.dll.{c04a7c8a-453d-4c70-bb78-865e44482943}.QQQ=>{c04a7c8a-453d-4c70-bb78-865e44482943}	Infected Win32.Sality.E
C:\WINDOWS\system32\wmimgr32.dll.{c04a7c8a-453d-4c70-bb78-865e44482943}.QQQ=>{c04a7c8a-453d-4c70-bb78-865e44482943}	Disinfection failed
C:\WINDOWS\system32\wmimgr32.dll.{c04a7c8a-453d-4c70-bb78-865e44482943}.QQQ=>{c04a7c8a-453d-4c70-bb78-865e44482943}	Move failed


----------



## Cookiegal (Aug 27, 2003)

After much research rolleyes: ) it appears that these items are in the quarantined files of Windowls Live OneCare. The program has renamed them.

*C:\WINDOWS\system32\wmimgr32.dll.{5dac3adf-b76c-48a9-adf0-f0e55b5fb8d5}.QQQ=>{5dac3adf-b76c-48a9-adf0-f0e55b5fb8d5}

C:\WINDOWS\system32\wmimgr32.dll.{c04a7c8a-453d-4c70-bb78-865e44482943}.QQQ=>{c04a7c8a-453d-4c70-bb78-865e44482943}*

I'm not familiar with that program but can you open it and delete all of the quarantined files and then run Bit Defender again please.


----------



## tinytich (Jun 18, 2006)

ok...thats done and now running a new bit defender....appreciating this continued help....hopefully light is at the end of this tunnel.....was also wondering....should i delete all the quarinted files in bit defender ?


----------



## Cookiegal (Aug 27, 2003)

Let's hope it's not the train coming.  

I hate to let the scum win.... can you tell? But unfortunately, sometimes they do.  

Yes, please delete the quarantined files in Bit Defender as well.


----------



## tinytich (Jun 18, 2006)

ok...new log here....best yet.....am about to delete the bit defender quarantine too....

//-----------------------------------------------------------------
//
//	Product: BitDefender 8 Free Edition
//	Version: 8.0
//
//	Created on:	31/07/2006	23:12:48
//
//-----------------------------------------------------------------

Statistics

Scan path	: C:\
Folders	: 6690
Files	: 329962
Archives	: 9912 
Packed files	: 29225
Identified viruses	: 1
Infected files	: 1
Warnings	: 0
Suspect files	: 0
Disinfected files	: 0
Deleted files	: 0
Copied files	: 0
Moved files	: 0
Renamed files	: 0
I/O errors	: 67
Scan time	: 01:36:37
Scan speed (files/sec)	: 56

Virus definitions	: 425772
Scan plugins	: 13
Archive plugins	: 39
Unpack plugins	: 5
Mail plugins	: 6
System plugins	: 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions: 
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\Documents and Settings\All Users\Desktop\MSN Messenger 7.5.lnk=>C:\Program Files\Softwin\BitDefender8\Quarantine\msnmsgr.exe	Infected Win32.Sality.E
C:\Documents and Settings\All Users\Desktop\MSN Messenger 7.5.lnk=>C:\Program Files\Softwin\BitDefender8\Quarantine\msnmsgr.exe	Disinfection failed
C:\Documents and Settings\All Users\Desktop\MSN Messenger 7.5.lnk=>C:\Program Files\Softwin\BitDefender8\Quarantine\msnmsgr.exe	Move failed


----------



## Cookiegal (Aug 27, 2003)

This is encouraging. :up:

Once you've emptied the Bit Defender quarantine, please run Kaspersky again.


----------



## tinytich (Jun 18, 2006)

i have now emptied the quarantine of bit defender / ewido / windows live one care and avast......was unable to on spydoctor.....will do a kaspersky later today !!!!


----------



## Cookiegal (Aug 27, 2003)

:up:


----------



## tinytich (Jun 18, 2006)

you think your up and then........well, its not any worse anyway.....kaspersky seems as same as before....anyway...here it is...also i have now been able to delete all quaratine files in spydoctor as well......

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, August 01, 2006 10:41:55 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 1/08/2006
Kaspersky Anti-Virus database records: 211460
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 87372
Number of viruses found: 2
Number of infected objects: 5 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:44:37

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d1abe9818804117a356a7c29307798a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39007807066b6af39cd275e2ae251ec7_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\51f695f5a496072fe889241bfd1f087a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56f73e80629e8b7136f72c863d405136_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\76012b21f9852604c6a3f9f103dbf79a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c6c3d93312043a12a8f3bbabe5af908a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dddea9e36b93be314d858b554e3cbb8b_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd29345d01bb8c1690638bdf3e9dd08d_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\edb.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\MPSSVCPolicyIdLog.etl	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-07182006-235404.log	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Desktop\Tich Stuff\Temporary Internet Files\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{18AA0054-7E6E-41AE-A2CC-1DC623997FFA}	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\History\History.IE5\MSHist012006080120060802\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Temp\Perflib_Perfdata_878.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\ntuser.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Tich Williams\UserData\index.dat	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Ent.dat	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\prov.xml	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\Service.xml	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\service.xml.bak	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\user.xml	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\user.xml.bak	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\edb.log	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\tmp.edb	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\WinSS_st.edb	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\WinSSSvc_log.bin	Object is locked	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\bdlite.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\bdmcon.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\msnmsgr.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\realsched.exe	Infected: Virus.Win32.Sality.l	skipped
C:\Program Files\Softwin\BitDefender8\Quarantine\wmrandv32.dll	Infected: Trojan-Proxy.Win32.Agent.dd	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{33A9048D-047B-4EA8-B263-B3334FF5EA75}.bin	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb	Object is locked	skipped
C:\WINDOWS\system32\config\Antivirus.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\default	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\MSFWSVC.evt	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\software	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\system	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt	Object is locked	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\Temp\Perflib_Perfdata_754.dat	Object is locked	skipped
C:\WINDOWS\Temp\tmp0000599d\tmp00000000	Object is locked	skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt	Object is locked	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped

Scan process completed.


----------



## Cookiegal (Aug 27, 2003)

That last scan looks clear. The only files detected are in Bit Defender's quarantine folder.

Try running Avast again and see if it detects anything.

Try running Housecall again as well.

Let me know if they come up clean.

Please post a new HijackThis log.


----------



## tinytich (Jun 18, 2006)

ok...i have located those five last files in quarantine and deleted them and i have now deleted all quarantine files....im gonna do those scans later today....fingers crossed !!! i think after ive done them all if, and only if, my comp seems clean ill start reloading software to see if they get infected immediatly but hopefully my computer is healthy once more !!


----------



## Cookiegal (Aug 27, 2003)

Before you start reloading software, please do this:

Clear out all of your cookies in IE:

Open the *Tools* menu. 
Select *Internet Options* to open the Dialog box. 
Click the *Delete Cookies* button.

Then reset cookies as follows:

In IE click on Tools - Internet Options - privacy tab and select "advanced". Set both First Party and Third Party cookies to "prompt" and check "always allow session cookies".

Basically, you should refuse all cookies except those from sites you trust or need to log in to. In those cases, you can add the sites to the Trusted Zone or simply choose to "always accept" them.

You can refuse a cookie each time it asks (if you're not sure and don't want to block it all the time) or you can select the option to "apply my decision to all cookies from this website" and then select "block or allow". If you block a cookie and later find it's needed, you can go back into Internet Options, under the privacy tab and click on "Sites" and remove it from the list of blocked cookies there.

*Delete your temporary files:*

In safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit - Select All then Edit - Delete to delete the entire contents of the Temp folder.

Go to Start - Run and type *%temp%* in the Run box. The Temp folder will open. Click *Edit - Select All* then hit *Delete* to delete the entire contents of the Temp folder.

Finally go to Control Panel - Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

While still in safe mode, go to Start - Run and copy and paste then click OK:

*shell:cache\content.ie5*

This should open your content.ie5 folder. Select everything in there and click delete. You will not be able to delete the index.bat file and thats normal.

*Empty the recycle bin*.


----------



## tinytich (Jun 18, 2006)

ok.....one step at a time then !!! firstly avast / housecall / hijack log.....

then i'll look at reloading....since we began this my computer is running quite slow so hopefully after the hijack log we can do some cleaning and fingers crossed we shall have a happy computer....once again thanks so far on all this......avast etc... to follow


----------



## tinytich (Jun 18, 2006)

Ok....

Avast

C:\WINDOWS\Cursors\handns.ani Unable to scan: Data error (cyclic redundancy check)
C:\WINDOWS\Cursors\handnwse.ani Unable to scan: Data error (cyclic redundancy check)
C:\WINDOWS\Cursors\handwait.ani Unable to scan: Data error (cyclic redundancy check)
C:\WINDOWS\Cursors\handwe.ani Unable to scan: Data error (cyclic redundancy check)
F: Unable to scan: The volume does not contain a recongnized file system

I dont know why i have an F Drive Icon.....i have no F hard drive its just there and has been when i rebooted windows ages ago.....

Spy Doctor ran also this evening and found 31 infections but these were all advertising malware and stuff....wouldnt alllow me to view the log....

House Doctor just crashed......my computer really doesnt like it....finally.....

Hijack Log....

Logfile of HijackThis v1.99.1
Scan saved at 21:12:23, on 02/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.ebay.co.uk/ws/eBayISAPI.dll?MyEbayForGuests
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\MSO7FTP.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/1.0.0971.36/WinSSWebAgent.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098471789737
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150238421048
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} (MSN Music Mediabar) - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4815/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)


----------



## tinytich (Jun 18, 2006)

i am going to delete all programmes i know of that were infected and dont work anymore as .exe files were infected before reinstalling them however i will wait for yr response from the last logs i posted before reinstalling. I also havnt yet done as suggested in Post 91, again waiting for yr reponse as housecall didnt work...


----------



## tinytich (Jun 18, 2006)

ok...i have now deleted all the infected programmes that i can remember and followed the instructions on post 94...im gonna try a house call but dont think it will work so am gonna do another kaspersky if it fails....


----------



## tinytich (Jun 18, 2006)

as u could have probably predicted......kaspersky was a perfect scan !!! anyway....here it is......

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, August 03, 2006 12:25:22 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/08/2006
Kaspersky Anti-Virus database records: 211735
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 73532
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:49:19

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\0d1abe9818804117a356a7c29307798a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\39007807066b6af39cd275e2ae251ec7_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\51f695f5a496072fe889241bfd1f087a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\56f73e80629e8b7136f72c863d405136_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\76012b21f9852604c6a3f9f103dbf79a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\c6c3d93312043a12a8f3bbabe5af908a_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\dddea9e36b93be314d858b554e3cbb8b_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fd29345d01bb8c1690638bdf3e9dd08d_805982e6-8a26-4eec-be48-11f037f87ed5	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\edb.log	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Protection Service\MPSSVCPolicyIdLog.etl	Object is locked	skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-07182006-235404.log	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT	Object is locked	skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Application Data\Mozilla\Firefox\Profiles\ecaqmjdt.default\cert8.db	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Application Data\Mozilla\Firefox\Profiles\ecaqmjdt.default\googlesafebrowsing.db	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Application Data\Mozilla\Firefox\Profiles\ecaqmjdt.default\history.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Application Data\Mozilla\Firefox\Profiles\ecaqmjdt.default\key3.db	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Application Data\Mozilla\Firefox\Profiles\ecaqmjdt.default\parent.lock	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Cookies\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Desktop\Tich Stuff\Temporary Internet Files\Temporary Internet Files\Content.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{A0FAB5FD-B9DD-423E-B221-431D6934AAAB}	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Mozilla\Firefox\Profiles\ecaqmjdt.default\Cache\_CACHE_001_	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Mozilla\Firefox\Profiles\ecaqmjdt.default\Cache\_CACHE_002_	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Mozilla\Firefox\Profiles\ecaqmjdt.default\Cache\_CACHE_003_	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Application Data\Mozilla\Firefox\Profiles\ecaqmjdt.default\Cache\_CACHE_MAP_	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\History\History.IE5\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\History\History.IE5\MSHist012006080120060802\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\History\History.IE5\MSHist012006080220060803\index.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\Local Settings\Temp\Perflib_Perfdata_bcc.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\ntuser.dat	Object is locked	skipped
C:\Documents and Settings\Tich Williams\ntuser.dat.LOG	Object is locked	skipped
C:\Documents and Settings\Tich Williams\UserData\index.dat	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log	Object is locked	skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\Ent.dat	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\prov.xml	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\Service.xml	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\service.xml.bak	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\user.xml	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\ClientSD\prov\user.xml.bak	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\edb.log	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\tmp.edb	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\Database\WinSS_st.edb	Object is locked	skipped
C:\Program Files\Microsoft Windows OneCare Live\WinSSSvc_log.bin	Object is locked	skipped
C:\WINDOWS\Debug\PASSWD.LOG	Object is locked	skipped
C:\WINDOWS\SchedLgU.Txt	Object is locked	skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log	Object is locked	skipped
C:\WINDOWS\Sti_Trace.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\edb.log	Object is locked	skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb	Object is locked	skipped
C:\WINDOWS\system32\config\Antivirus.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\AppEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\default	Object is locked	skipped
C:\WINDOWS\system32\config\default.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\MSFWSVC.evt	Object is locked	skipped
C:\WINDOWS\system32\config\SAM	Object is locked	skipped
C:\WINDOWS\system32\config\SAM.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SecEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY	Object is locked	skipped
C:\WINDOWS\system32\config\SECURITY.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\software	Object is locked	skipped
C:\WINDOWS\system32\config\software.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\SysEvent.Evt	Object is locked	skipped
C:\WINDOWS\system32\config\system	Object is locked	skipped
C:\WINDOWS\system32\config\system.LOG	Object is locked	skipped
C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt	Object is locked	skipped
C:\WINDOWS\system32\h323log.txt	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA	Object is locked	skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP	Object is locked	skipped
C:\WINDOWS\Temp\Perflib_Perfdata_79c.dat	Object is locked	skipped
C:\WINDOWS\Temp\tmp0000782c\tmp00000000	Object is locked	skipped
C:\WINDOWS\Temp\_avast4_\Webshlock.txt	Object is locked	skipped
C:\WINDOWS\wiadebug.log	Object is locked	skipped
C:\WINDOWS\wiaservc.log	Object is locked	skipped
C:\WINDOWS\WindowsUpdate.log	Object is locked	skipped

Scan process completed.


----------



## Cookiegal (Aug 27, 2003)

There may be a conflict between Bit Defender and Avast. You should only be running one or the other.

That's a nice Kaspersky scan. :up: 

Data error (cyclic redundancy check) usually means files are corrupt. Those files are animated cursors.


Let's see how things go when you follow the steps in post 91 and start reloading stuff.


----------



## tinytich (Jun 18, 2006)

ok.....i did the post 91 instructions already last night.....i will start reinstalling the software today starting with the prime suspect msn messenger as that was a major problem and will update you later....i will also try and do another housecall with avast and bit defender turned off......i currently have ewido, windows live care, bit defender, spy doctor and avast all loading on start up so when all is good can u please suggest which i should keep live as computer is running quite slow with all up !! will be back soon....


----------



## Cookiegal (Aug 27, 2003)

:up:


----------



## tinytich (Jun 18, 2006)

well.....so far msn messenger and firefox reinstalled and no probs, am reinstalling other stuff now and housecall to be done tomorrow.....things are lookin very good thanks to u.....again many thanks and fingers crossed tomorrow still things are ok.....if things are ok then i would appreciate yr advice on a hijack log as comp is running a bit slow and last time (many moons ago) when i posted one and had advice it really speeded up my comp and also advice on how not to get in this bother again and which virus / spyware i should keep goin in yr opinion.....until then.....thanks


----------



## Cookiegal (Aug 27, 2003)

:up:


----------



## tinytich (Jun 18, 2006)

hi there !!

well....i havnt reinstalled everything yet but what i have done has not been a problem....however i have only really been using a couple of reinstalled programs....i am going reinstall bit defender later and do a scan and housecall and hopefully we will have the all the clear !!!!


----------



## tinytich (Jun 18, 2006)

well !!! look at this !! firstly spydoctor did a scan and was all clear and just did this bit defender....clean !!! sweet !!! i am most most grateful....i really am. You have spent a lot of time helping me out and i really really appreciate it....before we part company can u just please give me some advice on the running of my comp from now on.....as i have said before i still have not re set up my comp for system restore points and also when windows boots up i am running ewido / spydoctor / windows live care / bitdefender / avast. Surely i dont need all these.....my computer is taking a very long time to set up on loading.....can u have a quick peek at my hijack log and see if all ok....and what do u suggest for me to do to not have this prob again....which software should i keep ?!?!? Thanks again mate......really i cant thank u enough....


----------



## tinytich (Jun 18, 2006)

oh yeah...bit defender....lovely to see !!

//-----------------------------------------------------------------
//
//	Product: BitDefender 8 Free Edition
//	Version: 8.0
//
//	Created on:	05/08/2006	20:16:28
//
//-----------------------------------------------------------------

Statistics

Scan path	: C:\
Folders	: 6319
Files	: 284979
Archives	: 9664 
Packed files	: 24298
Identified viruses	: 0
Infected files	: 0
Warnings	: 0
Suspect files	: 0
Disinfected files	: 0
Deleted files	: 0
Copied files	: 0
Moved files	: 0
Renamed files	: 0
I/O errors	: 69
Scan time	: 01:50:12
Scan speed (files/sec)	: 43

Virus definitions	: 426926
Scan plugins	: 13
Archive plugins	: 39
Unpack plugins	: 5
Mail plugins	: 6
System plugins	: 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions: 
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report


----------



## Cookiegal (Aug 27, 2003)

That is great to see! :up:

I would remove Bit Defender and keep AVAST as you can't have to anti-virus programs. I would also remove Windows OneCare Live.

These can all be unchecked via msconfig so they don't run on startup.

C-Media Mixer
NvMediaCenter 
NvCplDaemon
QuickTime Task
iTunesHelper
SunJavaUpdateSched
Adobe Photo Downloader
TkBellExe
MsnMsgr

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on *My Computer* and click on *Properties.*
Click the *System Restore* tab.
Check *Turn off System Restore.*
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on *Start*  *All Programs*  *Accessories*  *System Tools* and then select *System Restore*.

In the System Restore wizard, select *Create a restore point* and click the Next button.

Type a name for your new restore point then click on Create.

I also recommend downloading  *SPYWAREBLASTER* for added protection.

*Read here* for info on how to tighten your security.

*Delete your temporary files:*

In safe mode navigate to the C:\Windows\Temp folder. Open the Temp folder and go to Edit - Select All then Edit - Delete to delete the entire contents of the Temp folder.

Go to Start - Run and type *%temp%* in the Run box. The Temp folder will open. Click *Edit - Select All* then hit *Delete* to delete the entire contents of the Temp folder.

Finally go to Control Panel - Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

While still in safe mode, go to Start - Run and copy and paste then click OK:

*shell:cache\content.ie5*

This should open your content.ie5 folder. Select everything in there and click delete. You will not be able to delete the index.bat file and thats normal.

*Empty the recycle bin*.


----------



## tinytich (Jun 18, 2006)

well....i can feel the end is near now and im getting somewhat emotional. As per the last post i have now deleted windows live care and bit defender. Ah, bit defender. What a rollercoaster affair we had.....she will be missed. As suggested i have unchecked the files and then did everything else so we are clean and have a restore point. As i sit here now the computer booted and loaded windows efficiently....a little slow on settling into windows but i guess thats spydoc / avast loading up.....as it stands i now have these running :-

- Spydoctor
- Avast
- Ewido (although i guess thats not running, just a link)

Anyway, all seems to be clean...no virus detections for ages.....im gonna post a final hijack log here just to check all seems ok but im thinking maybe this is going to be ok !!!

Well, here it is.....has our journey come to a close ?

Logfile of HijackThis v1.99.1
Scan saved at 21:11:01, on 06/08/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://downloadcenter.samsung.com/content/common/cab/DjVuControlLite_EN.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098471789737
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150238421048
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C45B1500-7B63-47C2-AB25-C28CB46AFDEE} - http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4815/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe


----------



## Cookiegal (Aug 27, 2003)

It sure looks like we have no more reason to keep on meeting like this.  

SpywareDoctor doesn't have to be running at startup nor does MS Office.


----------



## tinytich (Jun 18, 2006)

ok. many thanks again.....appreciate the time and effort you have put in here.

Case closed.


----------



## Cookiegal (Aug 27, 2003)

It's my pleasure.


----------

