# "Invalid Picture" pop up virus



## chimaykaren (Nov 6, 2005)

I am wondering if anybody has any advice about what I can do...this pop-up virus will not let me run HJT, or install or uninstall anything. I can't uninstall old virus protection software to reinstall newer versions, for example. The pop-ups escalate in number/frequency as time passes in whatever application I am trying to run. I have gone to Symantec to try to get the appropriate virus download removal, but since I don't know the name of this thing, it's been hit and miss, and nothing is working so far. How can I find out: #1. what it is called, and then obviously, #2. remove it. It has slowed my computer down to the point where I can barely do anything. Also, once the po-ups have ballooned all over the page, it then puts out a "can't quit" pop-up that prevents me from properly closing down Windows. All I can do at that point is shut off the computer.

Thanks, and apologies if this question has been asked before. I just joined here, as I am at wits end about how to fix my computer.


----------



## Surreal2 (May 21, 2005)

You say you can't 'run' HJT so I presume you have been able to download it to your computer? It's possible you have a virus that specifically tries to stop anti-malware tools from running, so I suggest you try this:

First, rename the *hijackthis.exe* file - call it anything such as *chimayhj.exe*. Try running it again and seeing if it will start - if so, scan and post a log.

Second - if the above doesn't work, click *HERE* to download Itty Bitty Process Manager from Merijn (author of HJT). Unzip and run it (if it won't run then, as before, try renaming it). If you are able to run it, the program will provide a window like 'Task Manager'. Don't use it to stop any programs yet, just copy the list of running processes and paste that into a new post.

Good luck...


----------



## Jag11 (May 30, 2005)

Can I suggest another way if HJT doesn't start?

Try to use it in Safe Mode, how to boot in Safe Mode:

click Start then click Run.

type in:

msconfig

click the BOOT.INI tab, then select /SAFEMODE, click OK, then Restart.


----------



## Surreal2 (May 21, 2005)

Hi Jag11 - yes, the user may be able to run HJT in Safe Mode but since the reason it might work is that the 'problem' malware doesn't 'start', then it obviously won't show up in the HJT log.

Also, as a general comment, when booting into safe mode the Msconfig method is not recommended by experts. The reason for this is that if there is a problem with Safe Mode, the computer will go into a 'loop' trying and failing to load Safe Mode and the user won't be able to get back into Normal mode. They'll then have to manually edit the boot.ini file, which is a slightly complex process.

Cheers...


----------



## Jag11 (May 30, 2005)

> Also, as a general comment, when booting into safe mode the Msconfig method is not recommended by experts. The reason for this is that if there is a problem with Safe Mode, the computer will go into a 'loop' trying and failing to load Safe Mode and the user won't be able to get back into Normal mode. They'll then have to manually edit the boot.ini file, which is a slightly complex process.


thanks for the info man. But, can't we just tap F8 repeatedly when starting so we can go back to Normal?


----------



## Surreal2 (May 21, 2005)

Jag11 said:


> ... can't we just tap F8 repeatedly when starting so we can go back to Normal?


Hi Jag11 - the F8 method (some computers use a different 'F' key) can be used to choose either Safe Mode or Normal Mode. However, if the Msconfig method is used, the computer will try to boot into Safe Mode first, even if the user selects Normal Mode, and if there's a problem with Safe Mode it'll never boot into Normal Mode until the boot.ini file is edited.

Cheers...


----------



## chimaykaren (Nov 6, 2005)

Thanks both of you, for your suggestions. I can't tell you how much it means to have support, because I am obviously pulling my hair out here.

Yes, HJT did download, all 213 kb of it. And I did rename it, (clever suggestion) but it still won't open/run. It's there, just doesn't run.
I can't get IBProcMan to run either...And given that I can't even scroll/copy/paste very long emails because my computer is operating so slowly, am thinking there could be problems to paste in the results of HJT if I even could get it to run...I can't even run Word at this point...

I want to give trying to reboot in SafeMode a try, but now you've got me scared...Should I just try it anyway, as I can't do anything else?


----------



## chimaykaren (Nov 6, 2005)

Well, after weighing the pros and cons, decided to give rebooting in Safe Mode a try. However, I couldn't do it via the method you described, as I got an error message ("Cannot find the file 'msconfig' or one of its components. Make sure the path and file name are correct and that all required libraries are available") message. So, I hit F8 when the computer was starting up, and entered Safe Mode that way. 

And get this: so, I try to run Highjack This in SM, and the pop-up appeared RIGHT AWAY, and instead of it saying its usual "invalid picture" it now said, "Highjack This." I exited SM, and had no problem starting up again normally, so the computer didn't loop, as you feared. Also, in SM, I couldn't access Internet Explorer, which is about the only program the virus doesn't seem to impact, at least, so far.

So, okay. I am totally depressed here. Are we talking about wiping out the hard drive? The only thing that I really want to save, if that is going to be the case, are a year-and-a-half worth's of dphotos that I foolishly don't have backed-up anywhere else...It goes without saying that the virus could be in the photos as well, doesn't it?
!!! Grrr. I feel so stupid and defeated....


----------



## Surreal2 (May 21, 2005)

Hi chimaykaren - sorry for the delay in responding. I know it's a pain when computers play up but don't get depressed. There are plenty of experts in this forum and many things we can try before we have to resort to reinstalling.



chimaykaren said:


> Well, after weighing the pros and cons, decided to give rebooting in Safe Mode a try. However, I couldn't do it via the method you described, as I got an error message ("Cannot find the file 'msconfig' or one of its components. Make sure the path and file name are correct and that all required libraries are available") message. So, I hit F8 when the computer was starting up, and entered Safe Mode that way.
> 
> And get this: so, I try to run Highjack This in SM, and the pop-up appeared RIGHT AWAY, and instead of it saying its usual "invalid picture" it now said, "Highjack This." I exited SM, and had no problem starting up again normally, so the computer didn't loop, as you feared. Also, in SM, I couldn't access Internet Explorer, which is about the only program the virus doesn't seem to impact, at least, so far.


The 'loop' problem I described won't appear if you use the F8 method - it can happen if you use the Msconfig method, but you couldn't do that. You can safely use the F8 method.

You said that you received a pop-up saying 'HijackThis' when you started HJT in Safe Mode. Did the program start?

If it did, click 'Scan and save a log file'. *DO NOT try to 'fix' anything with HJT at this stage - most of the entries it shows are valid and necessary for Windows to operate.* When it's finished scanning, a new notepad window will open with the log. Please save this to your desktop (call it anything).

You won't be able to access the Internet in Safe Mode, so you'll then need to reboot into Normal mode. Then connect to the Internet, open the notepad log file on the desktop, copy the contents and paste them into your next post so that an expert can review it.

If HJT will not run even in Safe Mode, let us know.

Cheers...


----------



## chimaykaren (Nov 6, 2005)

Thanks again Surreal2, that's good to hear.

Tried again to run it in SM, but no go. Sounds like the program is about to run, but then the "Invalid Picture" Pop-up comes up instead, and as I said, "Hijack This" is written in the blue bar at the top of the pop-up. I did rename HJ this too, which is weird that that name doesn't come up.

Also, I can't shut down properly. Instead, I get a "Program Not Responding" box with all sorts of weird exe names...such as: plulmd.exe., vgaxsy.exe, dmamah.exe and messeti.exe
I never saw those before this problem happened.


----------



## Surreal2 (May 21, 2005)

Hi chimaykaren - I can't find info on the names of the 'Program not responding' files you mention which suggests they are not legitimate. I'll check out a few things and get back to you as soon as I can.

Cheers...


----------



## Surreal2 (May 21, 2005)

Hi chimaykaren - let's start over and take things step by step.

Can you tell me:

What your Operating System is?

What is the specification of your computer - CPU, amount of RAM, how many and what size Hard drives, whether you have a floppy drive/cd drive?

Where did you download HijackThis from - do you know which format you downloaded (was it a Zip file or an Exe file)?

Cheers...


----------



## chimaykaren (Nov 6, 2005)

Hi Surreal,
It's a Dell Optiplex GX150 which I 'inherited,' so I am without the original paperwork with all the specs. 
It's Windows 2000, Pentium III, 1-2 CPU, 259,646 KB Ram, one hard drive, which I believe is 20GB, CD drive and I downloaded Hihack This from: www.download.com, and it was a zip file (the shortcut on the desktop says chimayjh.exe) What else....


----------



## Surreal2 (May 21, 2005)

Hi chimaykaren...OK, try this:

Click *HERE* to download Startuplist.zip. Unzip it and try running the program in Normal mode or in Safe mode if that doesn't work. It'll scan your computer and open a log in Notepad - copy the entire contents of the Notepad file and post back with the results.

Cheers...


----------



## chimaykaren (Nov 6, 2005)

Hi Surreal,
Hope I got all of it here...

StartupList report, 11/11/2005, 7:31:15 AM
StartupList version: 1.52
Started from : C:\unzipped\startuplist[1]\StartupList.EXE
Detected: Windows 2000 SP4 (WinNT 5.00.2195)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\HPCD-W~1\DirectCD\directcd.exe
C:\HP CD-Writer\Mmenu\hpcdtray.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Hello\Hello.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\winnt\system32\nddtxo.exe
C:\winnt\system32\plulmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\winnt\system32\vgaxsv.exe
C:\winnt\system32\dmamah.exe
C:\winnt\system32\msseti.exe
C:\winnt\system32\dmutpm.exe
C:\winnt\system32\javdne.exe
C:\winnt\system32\expnam.exe
C:\winnt\system32\wpnpth.exe
C:\winnt\system32\licust.exe
C:\winnt\system32\foraic.exe
C:\winnt\system32\faxbrd.exe
C:\winnt\system32\stinfe.exe
C:\winnt\system32\asfdcb.exe
C:\winnt\system32\schcla.exe
C:\winnt\system32\mdtlmq.exe
C:\winnt\system32\ntdnbc.exe
C:\winnt\system32\odbnlo.exe
C:\winnt\system32\mssrnu.exe
C:\winnt\system32\kbdwav.exe
C:\winnt\system32\qossst.exe
C:\winnt\system32\cnbcly.exe
C:\winnt\system32\protab.exe
C:\winnt\system32\msdtxp.exe
C:\winnt\system32\msdrui.exe
C:\winnt\system32\appvrh.exe
C:\winnt\system32\slbpor.exe
C:\winnt\system32\comisg.exe
C:\winnt\system32\icwcfc.exe
C:\winnt\system32\stripm.exe
C:\winnt\system32\lzet5a.exe
C:\winnt\system32\dspspb.exe
C:\winnt\system32\wzcspd.exe
C:\winnt\system32\regedi.exe
C:\winnt\system32\ddrsre.exe
C:\winnt\system32\intabb.exe
C:\winnt\system32\odbvfe.exe
C:\winnt\system32\lsadii.exe
C:\winnt\system32\mmfmms.exe
C:\winnt\system32\msvdlr.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\winnt\system32\usetve.exe
C:\winnt\system32\jobbws.exe
C:\winnt\system32\netegc.exe
C:\winnt\system32\nwaspi.exe
C:\winnt\system32\acsnpe.exe
C:\winnt\system32\finjnt.exe
C:\winnt\system32\logtem.exe
C:\winnt\system32\mspnts.exe
C:\winnt\system32\dbmalc.exe
C:\winnt\system32\appsut.exe
C:\winnt\system32\msviis.exe
C:\winnt\system32\wingco.exe
C:\winnt\system32\strsec.exe
C:\winnt\system32\wmpd5m.exe
C:\winnt\system32\iasmsv.exe
C:\winnt\system32\nwapdx.exe
C:\winnt\system32\sdbxvf.exe
C:\winnt\system32\oisvpv.exe
C:\winnt\system32\vbaejt.exe
C:\winnt\system32\scrd10.exe
C:\winnt\system32\olemds.exe
C:\winnt\system32\jobwat.exe
C:\winnt\system32\roussr.exe
C:\winnt\system32\ksuont.exe
C:\winnt\system32\spinae.exe
C:\winnt\system32\sclisg.exe
C:\winnt\system32\objots.exe
C:\winnt\system32\fnfirg.exe
C:\winnt\system32\ntdame.exe
C:\winnt\system32\dcinet.exe
C:\winnt\system32\hhsxsh.exe
C:\winnt\system32\regiim.exe
C:\winnt\system32\inersv.exe
C:\winnt\system32\odbsnc.exe
C:\winnt\system32\boodap.exe
C:\winnt\system32\spocvc.exe
C:\winnt\system32\sqlkft.exe
C:\winnt\system32\ntdoav.exe
C:\winnt\system32\odbrbr.exe
C:\winnt\system32\tcpisd.exe
C:\winnt\system32\msdtbm.exe
C:\winnt\system32\ntdspi.exe
C:\winnt\system32\periks.exe
C:\winnt\system32\pngrgc.exe
C:\winnt\system32\shdmre.exe
C:\winnt\system32\netgap.exe
C:\winnt\system32\odbeol.exe
C:\winnt\system32\stiyvh.exe
C:\winnt\system32\nettpr.exe
C:\winnt\system32\wmvlkr.exe
C:\winnt\system32\dbmipl.exe
C:\winnt\system32\dgsgcp.exe
C:\winnt\system32\verbdm.exe
C:\winnt\system32\msancs.exe
C:\winnt\system32\kbdsdm.exe
C:\winnt\system32\q25dic.exe
C:\winnt\system32\kbdcsb.exe
C:\winnt\system32\ntmrme.exe
C:\winnt\system32\cryrtp.exe
C:\winnt\system32\offgmr.exe
C:\winnt\system32\vbsvrh.exe
C:\winnt\system32\comsmd.exe
C:\winnt\system32\fonrsv.exe
C:\winnt\system32\compoo.exe
C:\winnt\system32\wmatog.exe
C:\winnt\system32\iprxdn.exe
C:\winnt\system32\kbdobe.exe
C:\winnt\system32\corcmu.exe
C:\Program Files\ClockSync\Sync.exe
C:\winnt\system32\nddtxo.exe
C:\winnt\system32\plulmd.exe
C:\winnt\system32\vgaxsv.exe
C:\winnt\system32\dmamah.exe
C:\winnt\system32\msseti.exe
C:\winnt\system32\dmutpm.exe
C:\winnt\system32\javdne.exe
C:\winnt\system32\expnam.exe
C:\winnt\system32\wpnpth.exe
C:\winnt\system32\licust.exe
C:\winnt\system32\foraic.exe
C:\winnt\system32\faxbrd.exe
C:\winnt\system32\stinfe.exe
C:\winnt\system32\asfdcb.exe
C:\winnt\system32\schcla.exe
C:\winnt\system32\mdtlmq.exe
C:\winnt\system32\ntdnbc.exe
C:\winnt\system32\odbnlo.exe
C:\winnt\system32\mssrnu.exe
C:\winnt\system32\kbdwav.exe
C:\winnt\system32\qossst.exe
C:\winnt\system32\cnbcly.exe
C:\winnt\system32\protab.exe
C:\winnt\system32\msdtxp.exe
C:\winnt\system32\msdrui.exe
C:\winnt\system32\appvrh.exe
C:\winnt\system32\slbpor.exe
C:\winnt\system32\comisg.exe
C:\winnt\system32\icwcfc.exe
C:\winnt\system32\stripm.exe
C:\winnt\system32\lzet5a.exe
C:\winnt\system32\dspspb.exe
C:\winnt\system32\wzcspd.exe
C:\winnt\system32\regedi.exe
C:\winnt\system32\ddrsre.exe
C:\winnt\system32\intabb.exe
C:\winnt\system32\odbvfe.exe
C:\winnt\system32\lsadii.exe
C:\winnt\system32\mmfmms.exe
C:\winnt\system32\msvdlr.exe
C:\winnt\system32\usetve.exe
C:\winnt\system32\jobbws.exe
C:\winnt\system32\netegc.exe
C:\winnt\system32\nwaspi.exe
C:\winnt\system32\acsnpe.exe
C:\winnt\system32\finjnt.exe
C:\winnt\system32\logtem.exe
C:\winnt\system32\mspnts.exe
C:\winnt\system32\dbmalc.exe
C:\winnt\system32\appsut.exe
C:\winnt\system32\msviis.exe
C:\winnt\system32\wingco.exe
C:\winnt\system32\strsec.exe
C:\winnt\system32\wmpd5m.exe
C:\winnt\system32\iasmsv.exe
C:\winnt\system32\nwapdx.exe
C:\winnt\system32\sdbxvf.exe
C:\winnt\system32\oisvpv.exe
C:\winnt\system32\vbaejt.exe
C:\winnt\system32\scrd10.exe
C:\winnt\system32\olemds.exe
C:\winnt\system32\jobwat.exe
C:\winnt\system32\roussr.exe
C:\winnt\system32\ksuont.exe
C:\winnt\system32\spinae.exe
C:\winnt\system32\sclisg.exe
C:\winnt\system32\objots.exe
C:\winnt\system32\fnfirg.exe
C:\winnt\system32\ntdame.exe
C:\winnt\system32\dcinet.exe
C:\winnt\system32\hhsxsh.exe
C:\winnt\system32\regiim.exe
C:\winnt\system32\inersv.exe
C:\winnt\system32\odbsnc.exe
C:\winnt\system32\boodap.exe
C:\winnt\system32\spocvc.exe
C:\winnt\system32\sqlkft.exe
C:\winnt\system32\ntdoav.exe
C:\winnt\system32\odbrbr.exe
C:\winnt\system32\tcpisd.exe
C:\winnt\system32\msdtbm.exe
C:\winnt\system32\ntdspi.exe
C:\winnt\system32\periks.exe
C:\winnt\system32\pngrgc.exe
C:\winnt\system32\shdmre.exe
C:\winnt\system32\netgap.exe
C:\winnt\system32\odbeol.exe
C:\winnt\system32\stiyvh.exe
C:\winnt\system32\nettpr.exe
C:\winnt\system32\wmvlkr.exe
C:\winnt\system32\dbmipl.exe
C:\winnt\system32\dgsgcp.exe
C:\winnt\system32\verbdm.exe
C:\winnt\system32\msancs.exe
C:\winnt\system32\kbdsdm.exe
C:\winnt\system32\q25dic.exe
C:\winnt\system32\kbdcsb.exe
C:\winnt\system32\ntmrme.exe
C:\winnt\system32\cryrtp.exe
C:\winnt\system32\offgmr.exe
C:\winnt\system32\vbsvrh.exe
C:\winnt\system32\comsmd.exe
C:\winnt\system32\fonrsv.exe
C:\winnt\system32\compoo.exe
C:\winnt\system32\wmatog.exe
C:\winnt\system32\iprxdn.exe
C:\winnt\system32\kbdobe.exe
C:\winnt\system32\corcmu.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\Microsoft Office\Office\OSA9.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\cidaemon.exe
C:\unzipped\startuplist[1]\StartupList.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup]
DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
Free WebSite Tools.lnk = C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe
HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Synchronization Manager = mobsync.exe /logon
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Adaptec DirectCD = C:\HPCD-W~1\DirectCD\directcd.exe
HP CD-Writer = C:\HP CD-Writer\Mmenu\hpcdtray.exe
WinampAgent = "C:\Program Files\Winamp\Winampa.exe"
RealTray = C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
SysUpd = C:\WINNT\sysupd.exe
CapFax = C:\Program Files\Classic PhoneTools\CapFax.EXE
SpeedTouch USB Diagnostics = "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
BigPond Toolbar = "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
PicasaNet = "C:\Program Files\Hello\Hello.exe" -b
Picasa Media Detector = C:\Program Files\Picasa2\PicasaMediaDetector.exe
iTunesHelper = C:\Program Files\iTunes\iTunesHelper.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ClockSync = C:\Program Files\ClockSync\Sync.exe /q
nddtxo = c:\winnt\system32\nddtxo.exe
plulmd = c:\winnt\system32\plulmd.exe
vgaxsv = C:\winnt\system32\vgaxsv.exe
dmamah = C:\winnt\system32\dmamah.exe
msseti = C:\winnt\system32\msseti.exe
dmutpm = c:\winnt\system32\dmutpm.exe
javdne = c:\winnt\system32\javdne.exe
expnam = c:\winnt\system32\expnam.exe
wpnpth = c:\winnt\system32\wpnpth.exe
licust = c:\winnt\system32\licust.exe
foraic = c:\winnt\system32\foraic.exe
faxbrd = c:\winnt\system32\faxbrd.exe
stinfe = c:\winnt\system32\stinfe.exe
asfdcb = c:\winnt\system32\asfdcb.exe
schcla = c:\winnt\system32\schcla.exe
mdtlmq = c:\winnt\system32\mdtlmq.exe
ntdnbc = c:\winnt\system32\ntdnbc.exe
odbnlo = c:\winnt\system32\odbnlo.exe
mssrnu = c:\winnt\system32\mssrnu.exe
kbdwav = c:\winnt\system32\kbdwav.exe
qossst = c:\winnt\system32\qossst.exe
cnbcly = c:\winnt\system32\cnbcly.exe
protab = c:\winnt\system32\protab.exe
msdtxp = c:\winnt\system32\msdtxp.exe
msdrui = c:\winnt\system32\msdrui.exe
appvrh = c:\winnt\system32\appvrh.exe
slbpor = c:\winnt\system32\slbpor.exe
comisg = c:\winnt\system32\comisg.exe
icwcfc = C:\winnt\system32\icwcfc.exe
stripm = C:\winnt\system32\stripm.exe
lzet5a = c:\winnt\system32\lzet5a.exe
dspspb = c:\winnt\system32\dspspb.exe
wzcspd = c:\winnt\system32\wzcspd.exe
regedi = c:\winnt\system32\regedi.exe
ddrsre = c:\winnt\system32\ddrsre.exe
intabb = c:\winnt\system32\intabb.exe
odbvfe = c:\winnt\system32\odbvfe.exe
lsadii = c:\winnt\system32\lsadii.exe
mmfmms = c:\winnt\system32\mmfmms.exe
msvdlr = c:\winnt\system32\msvdlr.exe
usetve = c:\winnt\system32\usetve.exe
jobbws = c:\winnt\system32\jobbws.exe
netegc = c:\winnt\system32\netegc.exe
nwaspi = c:\winnt\system32\nwaspi.exe
acsnpe = c:\winnt\system32\acsnpe.exe
finjnt = c:\winnt\system32\finjnt.exe
logtem = c:\winnt\system32\logtem.exe
mspnts = c:\winnt\system32\mspnts.exe
dbmalc = c:\winnt\system32\dbmalc.exe
appsut = c:\winnt\system32\appsut.exe
msviis = c:\winnt\system32\msviis.exe
wingco = c:\winnt\system32\wingco.exe
strsec = C:\winnt\system32\strsec.exe
wmpd5m = C:\winnt\system32\wmpd5m.exe
iasmsv = C:\winnt\system32\iasmsv.exe
nwapdx = C:\winnt\system32\nwapdx.exe
sdbxvf = C:\winnt\system32\sdbxvf.exe
oisvpv = C:\winnt\system32\oisvpv.exe
vbaejt = C:\winnt\system32\vbaejt.exe
scrd10 = c:\winnt\system32\scrd10.exe
olemds = C:\winnt\system32\olemds.exe
jobwat = C:\winnt\system32\jobwat.exe
roussr = C:\winnt\system32\roussr.exe
ksuont = c:\winnt\system32\ksuont.exe
spinae = C:\winnt\system32\spinae.exe
sclisg = C:\winnt\system32\sclisg.exe
objots = c:\winnt\system32\objots.exe
fnfirg = C:\winnt\system32\fnfirg.exe
ntdame = C:\winnt\system32\ntdame.exe
dcinet = C:\winnt\system32\dcinet.exe
hhsxsh = C:\winnt\system32\hhsxsh.exe
regiim = c:\winnt\system32\regiim.exe
inersv = c:\winnt\system32\inersv.exe
odbsnc = c:\winnt\system32\odbsnc.exe
boodap = c:\winnt\system32\boodap.exe
spocvc = c:\winnt\system32\spocvc.exe
sqlkft = c:\winnt\system32\sqlkft.exe
ntdoav = c:\winnt\system32\ntdoav.exe
odbrbr = c:\winnt\system32\odbrbr.exe
tcpisd = c:\winnt\system32\tcpisd.exe
msdtbm = c:\winnt\system32\msdtbm.exe
ntdspi = c:\winnt\system32\ntdspi.exe
periks = c:\winnt\system32\periks.exe
pngrgc = c:\winnt\system32\pngrgc.exe
shdmre = c:\winnt\system32\shdmre.exe
netgap = c:\winnt\system32\netgap.exe
odbeol = c:\winnt\system32\odbeol.exe
stiyvh = c:\winnt\system32\stiyvh.exe
nettpr = c:\winnt\system32\nettpr.exe
wmvlkr = c:\winnt\system32\wmvlkr.exe
dbmipl = c:\winnt\system32\dbmipl.exe
dgsgcp = c:\winnt\system32\dgsgcp.exe
verbdm = c:\winnt\system32\verbdm.exe
msancs = c:\winnt\system32\msancs.exe
kbdsdm = c:\winnt\system32\kbdsdm.exe
q25dic = c:\winnt\system32\q25dic.exe
kbdcsb = c:\winnt\system32\kbdcsb.exe
ntmrme = c:\winnt\system32\ntmrme.exe
cryrtp = c:\winnt\system32\cryrtp.exe
offgmr = c:\winnt\system32\offgmr.exe
vbsvrh = c:\winnt\system32\vbsvrh.exe
comsmd = c:\winnt\system32\comsmd.exe
fonrsv = c:\winnt\system32\fonrsv.exe
compoo = c:\winnt\system32\compoo.exe
wmatog = c:\winnt\system32\wmatog.exe
iprxdn = c:\winnt\system32\iprxdn.exe
kbdobe = c:\winnt\system32\kbdobe.exe
corcmu = c:\winnt\system32\corcmu.exe

--------------------------------------------------

Shell & screensaver key from C:\WINNT\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINNT\system32\Kaleid95.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Common\ycomp5_0_2_6.dll - {02478D28-C3F9-4efb-9B51-7695ECA05670}
(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\E2G\IeBHOs.dll - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6}
(no name) - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINNT\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab

[Install Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\pinstall.dll
CODEBASE = http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37576.8905902778

[YahooYMailTo Class]
InProcServer32 = C:\WINNT\Downloaded Program Files\ymmapi.dll
CODEBASE = http://download.yahoo.com/dl/mail/ymmapi.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINNT\system32\Macromed\Flash\Flash8.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

Network.ConnectionTray: C:\WINNT\system32\NETSHELL.dll
WebCheck: C:\WINNT\System32\webcheck.dll
SysTray: stobject.dll

--------------------------------------------------
End of report, 18,077 bytes
Report generated in 47.628 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


----------



## JSntgRvr (Jul 1, 2003)

Try this site for downloading Hijackthis:

http://www.thespykiller.co.uk/files/HJTsetup.exe

Download the trial version of Ewido Security Suite:

http://www.ewido.net/en/download/

· Install Ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido.
· It will prompt you to update click the OK button and it will go to the main screen.
· On the left side of the main screen click update.
· Click on Start and let it update.
· DO NOT run a scan yet.

Restart your computer into Safe Mode.

Perform the following steps in Safe Mode:

Run Ewido:

Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop.

Reboot.

Perform an ActiveSCan:

http://www.pandasoftware.com/activescan/

Save the report to the desktop.

Post a HijackThis log and the results of the Ewido and ActiveScan reports.


----------



## chimaykaren (Nov 6, 2005)

All I can say is you all are absolutely awesome in how much you know...


----------



## Surreal2 (May 21, 2005)

Hi chimaykaren - lol...it's not WHAT I know, it's WHO I know (whose advice I sought and brought you, so I can't take credit for it).

I'll leave you with JSntgRvr - hope it all works for you.

Good luck...


----------



## JSntgRvr (Jul 1, 2003)

Status?


----------



## chimaykaren (Nov 6, 2005)

Thanks for that, Surreal.

I need to break up the results as the scan took 9 hours, and found 6718 infected objects...Mon dieu.

The Active Scan found nothing, and HJ, even in Safe Mode, still will not launch, and instead, produced the lovely "Invalid Picture" pop-up box. But at least now, it is not blooming. And now I can shut down properly.

+ Created on: 9:20:52 PM, 11/11/2005
+ Report-Checksum: 2929E9B

+ Scan result:

HKLM\SOFTWARE\180solutions -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\180solutions\msbb -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EB5B540-1E74-4D91-A7F0-5B758D333702} -> Spyware.NCase : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EB5B540-1E74-4D91-A7F0-5B758D333702}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D53B8113-6219-11D4-95B6-0040950375E7} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID\\ -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control.1\CLSID\\ -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D53B8111-6219-11D4-95B6-0040950375E7} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D53B8111-6219-11D4-95B6-0040950375E7}\TypeLib\\ -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\NCaseInstaller.nCaseInstaller -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\NCaseInstaller.nCaseInstaller\CLSID -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\NCaseInstaller.nCaseInstaller\CLSID\\ -> Spyware.NCase : Cleaned with backup
HKLM\SOFTWARE\Classes\NCaseInstaller.nCaseInstaller\CurVer -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\NCaseInstaller.nCaseInstaller.1 -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\NCaseInstaller.nCaseInstaller.1\CLSID\\ -> Spyware.NCase : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{18DD1792-64FB-42DB-ACBE-435C598045F4} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\WUSE.1 -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\WUSN.1 -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\nCASE -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/HDPlugin1019.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/HDPlugin1019.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/HDPlugin1015.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/HDPlugin1015.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/HDPlugin1019.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/HDPlugin1019.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClockSync -> Spyware.Clocksync : Cleaned with backup
HKU\S-1-5-21-1715567821-1993962763-1060284298-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-21-1715567821-1993962763-1060284298-500\Software\WhenU -> Spyware.SaveNow : Cleaned with backup
HKU\S-1-5-21-1715567821-1993962763-1060284298-500\Software\WhenU\ClockSync -> Spyware.SaveNow : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Administrator.KAREN\Application Data\Mozilla\Firefox\Profiles\rm34vxgm.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Administrator.KAREN\Application Data\Mozilla\Firefox\Profiles\rm34vxgm.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Administrator.KAREN\Application Data\Mozilla\Firefox\Profiles\rm34vxgm.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Administrator.KAREN\Application Data\Mozilla\Firefox\Profiles\rm34vxgm.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Administrator.KAREN\Application Data\Mozilla\Firefox\Profiles\rm34vxgm.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Administrator.KAREN\Application Data\Mozilla\Firefox\Profiles\rm34vxgm.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Administrator.KAREN\Application Data\Mozilla\Firefox\Profiles\rm34vxgm.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Administrator.KAREN\Application Data\Mozilla\Firefox\Profiles\rm34vxgm.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Administrator.KAREN\Application Data\Mozilla\Firefox\Profiles\rm34vxgm.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Administrator.KAREN\Application Data\Mozilla\Firefox\Profiles\rm34vxgm.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.180solutions : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.180solutions : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Estat : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Local Settings\Temp\Del4.tmp -> Spyware.180Solutions : Cleaned with backup


----------



## JSntgRvr (Jul 1, 2003)

Can you tell me in especific which files cant you run, especially their extensions , such as, .zip, .exe, .wma, .....etc. It could be due to a file association.


----------



## chimaykaren (Nov 6, 2005)

Thanks for that, Surreal.

I need to break up the results as the scan took 9 hours, and found 6718 infected objects...Mon dieu.

The Active Scan found nothing, and HJ, even in Safe Mode, still will not launch, and instead, produced the lovely "Invalid Picture" pop-up box. But at least now, it is not blooming. And now I can shut down properly.

+ Created on: 9:20:52 PM, 11/11/2005
+ Report-Checksum: 2929E9B

+ Scan result:

HKLM\SOFTWARE\180solutions -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\180solutions\msbb -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EB5B540-1E74-4D91-A7F0-5B758D333702} -> Spyware.NCase : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EB5B540-1E74-4D91-A7F0-5B758D333702}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D53B8113-6219-11D4-95B6-0040950375E7} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID\\ -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control.1\CLSID\\ -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D53B8111-6219-11D4-95B6-0040950375E7} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D53B8111-6219-11D4-95B6-0040950375E7}\TypeLib\\ -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\NCaseInstaller.nCaseInstaller -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\NCaseInstaller.nCaseInstaller\CLSID -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\NCaseInstaller.nCaseInstaller\CLSID\\ -> Spyware.NCase : Cleaned with backup
HKLM\SOFTWARE\Classes\NCaseInstaller.nCaseInstaller\CurVer -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\NCaseInstaller.nCaseInstaller.1 -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\NCaseInstaller.nCaseInstaller.1\CLSID\\ -> Spyware.NCase : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{18DD1792-64FB-42DB-ACBE-435C598045F4} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\WUSE.1 -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\WUSN.1 -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\nCASE -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/HDPlugin1019.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/CONFLICT.1/HDPlugin1019.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/HDPlugin1015.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/HDPlugin1015.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/HDPlugin1019.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/Downloaded Program Files/HDPlugin1019.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ClockSync -> Spyware.Clocksync : Cleaned with backup
HKU\S-1-5-21-1715567821-1993962763-1060284298-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-21-1715567821-1993962763-1060284298-500\Software\WhenU -> Spyware.SaveNow : Cleaned with backup
HKU\S-1-5-21-1715567821-1993962763-1060284298-500\Software\WhenU\ClockSync -> Spyware.SaveNow : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Administrator.KAREN\Application Data\Mozilla\Firefox\Profiles\rm34vxgm.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Administrator.KAREN\Application Data\Mozilla\Firefox\Profiles\rm34vxgm.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Administrator.KAREN\Application Data\Mozilla\Firefox\Profiles\rm34vxgm.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Administrator.KAREN\Application Data\Mozilla\Firefox\Profiles\rm34vxgm.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Administrator.KAREN\Application Data\Mozilla\Firefox\Profiles\rm34vxgm.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Administrator.KAREN\Application Data\Mozilla\Firefox\Profiles\rm34vxgm.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Administrator.KAREN\Application Data\Mozilla\Firefox\Profiles\rm34vxgm.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Administrator.KAREN\Application Data\Mozilla\Firefox\Profiles\rm34vxgm.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Administrator.KAREN\Application Data\Mozilla\Firefox\Profiles\rm34vxgm.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Administrator.KAREN\Application Data\Mozilla\Firefox\Profiles\rm34vxgm.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.180solutions : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.180solutions : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Estat : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Spylog : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Realtracker : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected]y-1seq-2-2.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Local Settings\Temp\Cookies\[email protected][2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Local Settings\Temp\Del4.tmp -> Spyware.180Solutions : Cleaned with backup


----------



## chimaykaren (Nov 6, 2005)

Again, apologies for the massive result here...

C:\Documents and Settings\Administrator.KAREN\Local Settings\Temp\Del4.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Local Settings\Temp\ICD3.tmp\PdpPlugin5094.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Local Settings\Temp\ICD4.tmp\PdpPlugin5094.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Local Settings\Temp\ICD5.tmp\PdpPlugin5094.dll -> Adware.Gator : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Local Settings\Temp\_update.dat -> TrojanSpy.Agent.h : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Local Settings\Temporary Internet Files\Content.IE5\5BWC6C36\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Program Files\ClockSync\Sync.exe -> Adware.SaveNow : Cleaned with backup
C:\Program Files\ClockSync\Uninst.exe -> Adware.SaveNow : Cleaned with backup
C:\Program Files\E2G\IeBHOs.dll -> Spyware.E2Give : Cleaned with backup
C:\Program Files\nCase\FLEOK\msbb.exe -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\nCase\ncmyb.dll -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\Windows Media Player\wmplayer.exe -> TrojanDownloader.Small.ks : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][2].txt -> Spyware.Cookie.Ad-flow : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][1].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][2].txt -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][2].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][2].txt -> Spyware.Cookie.Excite : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][3].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][2].txt -> Spyware.Cookie.Comclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][2].txt -> Spyware.Cookie.Gator : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][1].txt -> Spyware.Cookie.Hotlog : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][1].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][1].txt -> Spyware.Cookie.Cj : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][1].txt -> Spyware.Cookie.X10 : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc889\eric [email protected][2].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\RECYCLER\S-1-5-21-1715567821-1993962763-1060284298-500\Dc892\Temp\freepeers-336.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINNT\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll -> Adware.Gator : Cleaned with backup
C:\WINNT\Downloaded Program Files\HDPlugin1015.dll -> Spyware.Browsertoolbar : Cleaned with backup
C:\WINNT\Downloaded Program Files\HDPlugin1019.dll -> Adware.Gator : Cleaned with backup
C:\WINNT\Downloaded Program Files\UGO20.exe -> TrojanDownloader.Small.fe : Cleaned with backup


----------



## chimaykaren (Nov 6, 2005)

C:\WINNT\system32\aaaced.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aaacrr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aaaf41.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aaagmg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aaanse.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aaaxrd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aaaxti.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acccur.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\accdan.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\accs3r.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\accurt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aclaf2.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aclssa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aclstr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acscps.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acsgaf.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acshtm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acsipr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acsips.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acsl_m.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acsmtx.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acsmws.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acsncl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acsnpe.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acsnsr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acspan.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acsslw.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acstde.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acsted.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acsv8d.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acsvbv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acsvsv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acswb5.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acswph.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acsxml.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\act2na.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actadr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actads.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actalb.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actans.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actbdd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actbkc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actbms.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actcoi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actdc4.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actdca.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actddi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actdib.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actdsd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acte50.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actedl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actexl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actfbm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actfn5.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actfrv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acthcu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acthdm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acthtc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actimi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actipt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actiub.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actiwj.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actlen.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actlrn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actmdl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actmnc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actnfa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actnin.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actofm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actpdo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actppe.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actque.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actraw.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actrif.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actrms.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actsas.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actser.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actsmx.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actspo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actsrs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actstr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acttmo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acttpm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acttre.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acttst.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actvem.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actvmg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actvrh.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actwgr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actwph.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actxas.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actxri.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actxsc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actypt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\admbga.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ads2ns.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adsabg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adsari.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adscly.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adscss.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adsear.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adsei2.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adsela.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adselp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adsevt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adsftm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adshbc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adshix.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adsinb.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adsjin.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adsmpa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adsn87.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adsndn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adsocu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adspbr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adsprr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adssaa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adssen.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adsslo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adssru.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adsstr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adssup.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adstex.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adsuet.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adswsw.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adsyip.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adsyri.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\advaic.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\advdnd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\advimr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\advtde.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\advwso.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\amspmg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\apca41.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\apccir.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\apcdad.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\apcges.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\apciew.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\apcl4c.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\apcmic.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\apcnst.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\apcrvi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\apcxad.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\app2sr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\app5lv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appalb.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appapa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appcar.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appcho.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appcns.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appdtc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appdxm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appilm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appjdc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appkdb.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\applmd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\applwa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appmin.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appmxr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appnvb.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\apprrm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\apprui.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\apprvi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appsbp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appscp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appsdl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appspl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appsut.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appuge.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appuir.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appvma.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appvms.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appvrh.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appvti.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appycp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appypt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\asfbc3.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\asfcap.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\asfdcb.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\asfdir.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\asfeoq.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\asfesl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\asfjsa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\asfsle.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\asftpm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\atmasc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\atmdmt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\atmgaf.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\atmuas.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\attasi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\attpht.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\attreb.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\attstr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aut2re.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aut2to.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aut4ih.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autamv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autapd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autass.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autbbi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autbin.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autbrp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autcbg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autcss.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autcvn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autdkc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autdml.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\authel.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\auti50.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autiis.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autitr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autkst.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autlrr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autlsa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autmap.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autnbs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autnsa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autnsc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autobe.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autoet.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autool.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autpet.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autrdx.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autrep.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autrle.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autrob.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autrpm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autsbg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autses.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autsff.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autskp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autstd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\auttve.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autuae.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autusi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autuus.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autvcp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autvsv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autwin.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autxml.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autywe.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aviatd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aviawc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\avibcy.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\avicom.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\avicon.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aviess.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\avievd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aviirc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\avilca.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\avimmx.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\avipls.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\avippd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\avirip.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\avirtu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\avisms.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\avitir.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\avitlr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aviusa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\avixnp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aviypt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\avmgta.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\avmn5g.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\avmows.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\avmpre.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\avtejv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\avtvgv.exe -> TrojanSpy.VB.eh : Cleaned with backup


----------



## chimaykaren (Nov 6, 2005)

I think I'll stop here, unless you are seeing something that makes you think you need the rest of the scan results...it's just too much to ask anybody else to read through all of this, and I feel like I'm hogging up the site space...


C:\WINNT\system32\basbc3.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\basbno.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\basepx.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\basmcr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\basmla.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\basndl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\basnki.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\basnmd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\basrow.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\basrxt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\bassbs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\bassys.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\bast50.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\basuti.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\batevc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\batevl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\batnsr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\batoar.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\batrpm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\batseq.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\batxlo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\batxoc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\boobha.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\boocli.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\boodap.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\boohtl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\boohtm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\booidp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\booins.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\boolmo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\boomdl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\boomnc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\boomrt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\boonpi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\boonsv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\boosmo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\boospp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\boosre.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\bootiv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\boowso.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\borlie.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\brob1x.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\brocfg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\brodan.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\brodmt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\brogsv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\brohbc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\brol3d.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\bronot.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\bropdl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\bropru.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\brorma.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\brospl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\broter.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\brov41.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\brovsv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\broyca.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cab2ag.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabaml.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabasr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabavi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabbgh.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabcsg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabgns.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabgsv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabidc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabins.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabios.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabirf.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabmap.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabmnv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabndl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabnle.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabnsi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabnsr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabnyp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabora.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabpic.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabpns.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabrgs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabsbc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabset.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabsff.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabsnw.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabssc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabtbh.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabtui.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabu16.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabv8d.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabvbl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabvln.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cap4ic.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\capauc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\capawp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\capbda.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\capdre.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\capfbm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\capipr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\capkse.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\caplst.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\capnrs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\capnsi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\caprtd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\capsrc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\capsrl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\captns.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\captwa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\capuda.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cataue.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\catdte.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\catemr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cathld.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\catmpa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\catmui.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\catrnx.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\catrrh.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\catt41.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ccfbcc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ccfees.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ccfifi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ccfoqu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ccftmp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ccppto.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cctdem.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cctetu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cctjds.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cctmca.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdobsc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdoetr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdogni.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdostn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdou16.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdowda.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdpbnc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdpclt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdpcoe.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdpdip.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdpdkc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdpesp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdphrc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdphxs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdplx2.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdpmcs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdpmgr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdpnca.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdpnlo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdpogs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdprme.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdprmq.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdpsfu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdpssu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdpuus.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdpvmp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdpxbs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdrati.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdrenn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdrfsa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdrg50.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdrnbs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cer2gc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ceraco.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ceraee.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cerasi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cerbrm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cercom.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cercse.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cerden.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cereco.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cerees.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cereme.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cerevt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cerfau.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cerhvy.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ceriec.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cerivi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ceriwd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cerlay.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cermad.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cermda.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cermlv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cermqp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cermre.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cermss.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cernet.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cernsp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cerows.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cerphe.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cerpms.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cerrcs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cerrte.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cerrtr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cersgs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cerssc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\certas.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\certsb.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\certsh.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\certui.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\certve.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\certxl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cerv1_.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cerxti.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cewbpr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cewbxr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cewcrr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cewfe2.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cewgrp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cewipb.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cewlwi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cewvpm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cfg321.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cfgaes.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cfgavi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cfgda3.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cfgdas.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cfge2d.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cfgenc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cfgkii.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cfglna.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cfgmje.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cfgndm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cfgpbp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cfgrsa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cfgsve.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cfgtsb.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cfgtst.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cfgupr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cfguti.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\chaahr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\chaewp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\chasun.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\chkact.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\chkaps.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\chkdot.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\chkfox.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\chkgbc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\chkiie.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\chkoe2.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\chkowd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\chktiv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\chkusu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ciabgu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ciacsg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cialbr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cialrd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ciaros.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ciasig.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ciavpm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cidame.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cidapd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cidasd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cidboe.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cidbpu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ciddea.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cidfil.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cidgcp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cidiva.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cidjnt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cidkta.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cidnet.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cidnwd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cidpdl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cidpma.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cidpri.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cidrap.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cidrke.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cidtds.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cidtsr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cipdgb.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clbara.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clbaro.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clbcde.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clbdmc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clbdmt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clbhan.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clbitr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clbmds.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clbrpm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clbscm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clbvpt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clbxmg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cleboe.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clenet.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cleolh.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cli5ws.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clials.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clib2a.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clibca.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clibih.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clicap.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clichs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clicnd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clicye.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clie5e.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cliecl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clifbf.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cliiaw.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clikrb.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clilcm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\climrd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clipan.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clipdx.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clipmo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clipro.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cliptq.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clirif.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clirvi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clisaf.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clises.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clisjd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clissq.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clitdc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clitin.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clitpa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cliumn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clivas.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clsdms.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clsems.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clssmc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clssrg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cluaah.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cludnp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cluere.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cluidm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cluitm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clunns.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clurde.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cluxtr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmcnbc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmcock.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmctra.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmdace.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmdbmo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmdbro.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmdc42.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmdent.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmdlog.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmdprc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmdsss.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmdtex.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmmrrl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmmvno.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmnmed.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmnxvt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmpbow.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmpdcv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmpejp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmpge2.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmplpe.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmpn5g.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmpndn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmprco.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmpsad.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmpspe.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmptga.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmpw1x.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmuadt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmuban.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmuc4a.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmuirc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmunnd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmupro.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmutix.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmuust.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmuwfa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cnbcly.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cnbexc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cnbgst.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cnbisp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cnbnle.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cnbpms.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cnbrsa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cnbsas.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cnbsow.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cnbtdc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cnbtsd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cndlc4.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cneico.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cneske.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cnmdgw.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cnmdse.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cnmesh.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cnmeuv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cnmmat.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cnmssa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cnmstc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cnmtfn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cnvams.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cnvbin.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cnvncg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cnvo41.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cnvpcm.exe -> TrojanSpy.VB.eh : Cleaned with backup


----------



## JSntgRvr (Jul 1, 2003)

chimaykaren, if the log is too large, attach it to a reply. Click on Post a Reply and Scroll down to Manage Attachements. Browse to the file, then upload. Once uploaded, close the Windows and send the reply.

Need to know which files you are not able to open. The one that produce the Invalid Picture error. Need to know the File Extension such as, .zip, .exe, .jpg, .wma, ....etc.

Open Windows Explorer. Select Tools from the menu, then Folder options. Select the View tab. Remove the checkmark for Hide extension for known files and click Ok. Noe you will be able to see file extensions.


----------



## JSntgRvr (Jul 1, 2003)

Since the system was so clogged, download Cleanup from Here:

http://www.stevengould.org/downloads/cleanup/CleanUp40.exe

* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
* Click OK
* Run Cleanup:
* Click on the "Cleanup" button and let it run.
* Once its done, close the program.

Need to know the information above. Also, do you have the installation CD?


----------



## chimaykaren (Nov 6, 2005)

Here's the whole thing:


----------



## chimaykaren (Nov 6, 2005)

It apparently won't attach as a Notepad, and it is an invalid file type in Word...I don't know how else to try to attach it.

I can't run exe files like Hijack This, and an Error Doctor file I downloaded. I don't have any current zip files other than the HijackThis I downloaded the first time, which didn't run. In the past, before this problem, zip files were always sort of hit or miss..

I cannot uninstall my old Norton Anti-virus program.

Jpegs are fine.

Word is really whacked out. I am getting an error when I first open it, I think having to do with Palmpilot stuff. Actually, this problem started exactly when I downloaded all new Palmpilot programs..there used to be an old one on this computer, and the Word error goes back to the first one.
Don't know if that's relevant or not.


----------



## chimaykaren (Nov 6, 2005)

JSntgRvr, you've got some real nice tricks up your sleeve...CleanUp transformed this computer into a Lear Jet, I don't even recognize it...

And it now let me uninstall my old Norton, so I could install a new anti-virus program. And Hijack This ran no problem at all. And so far, no sign of the pesky Invalid Picture Pop-Up...So, it appears, at the moment, that there aren't any files I can't run. Go figure.

I can't begin to say thanks....!#@

Logfile of HijackThis v1.99.1
Scan saved at 5:46:42 PM, on 11/12/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\HPCD-W~1\DirectCD\directcd.exe
C:\HP CD-Writer\Mmenu\hpcdtray.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\Hello\Hello.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.kamakuranet.ne.jp:3128;http=proxy.kamakuranet.ne.jp:3128
O2 - BHO: Yahoo! Companion BHO - {02478D28-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_0_2_6.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_0_2_6.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\HPCD-W~1\DirectCD\directcd.exe
O4 - HKLM\..\Run: [HP CD-Writer] C:\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SysUpd] C:\WINNT\sysupd.exe
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Free WebSite Tools.lnk = C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS3\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe


----------



## JSntgRvr (Jul 1, 2003)

You still have some Malware entries. Close all browsers. Run Hijackthis. Place a checkmark on the following lines and click on Fix Checked:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.kamakuranet.ne.jp:3128;http=proxy.kamakuranet.ne.jp:3128
O4 - HKLM\..\Run: [SysUpd] C:\WINNT\sysupd.exe

Boot in Safe Mode. Delete the following file:

C:\WINNT\*sysupd.exe* <- This file only.

Run Ewido. Since most Malware has been eliminated, the log should be shorter. Make sure you save the report to the desktop.

Restart the computer.

Perfrom an Active Scan:

http://www.pandasoftware.com/activescan/

Save the report to the desktop.

Post the Ewido log, Activescan and a fresh HJT log.


----------



## chimaykaren (Nov 6, 2005)

Here's the Ewido scan, it is definitely shorter this time!:

ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:37:32 AM, 11/13/2005
+ Report-Checksum: 7EB88B6E

+ Scan result:

C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Administrator.KAREN\Cookies\[email protected][2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup

::Report End


----------



## chimaykaren (Nov 6, 2005)

Here's the Active Scan. I actually didn't do this correctly the first time...

And also, to answer your question before I forget again, I unfortunately do not have the original CD for this computer...

Active Scan: 

Incident Status Location 

Adware:adware/gator No disinfected C:\WINNT\GatorHDPlugin.log 
Adware:adware/clocksync No disinfected C:\Documents and Settings\Administrator.KAREN\Start Menu\Programs\ClockSync 
Dialer:dialer generic No disinfected C:\PROGRAM FILES\dialers 
Adware:adware/e2give No disinfected C:\PROGRAM FILES\E2G 
Adware:adware/ncase No disinfected C:\PROGRAM FILES\nCase 
Spyware:spyware/virtumonde No disinfected Windows Registry 
Dialerialer.GO No disinfected C:\dialer.exe 
Dialerialer.Gen No disinfected C:\Program Files\dialers\japan\japan.exe 
Dialerialer.Gen No disinfected C:\RECYCLER\S-1-5-21-1390067357-152049171-1202660629-1000\Dc5.exe 
Dialerialer.Gen No disinfected C:\RECYCLER\S-1-5-21-1390067357-152049171-1202660629-1000\Dc6.exe 
Adware:Adware/Gator No disinfected C:\WINNT\Downloaded Program Files\CONFLICT.1\HDPlugin1019.inf 
Adware:Adware/Gator No disinfected C:\WINNT\Downloaded Program Files\HDPlugin1019.inf 
Adware:Adware/Look2Me No disinfected C:\WINNT\Downloaded Program Files\pinstall.dll


----------



## chimaykaren (Nov 6, 2005)

Logfile of HijackThis v1.99.1
Scan saved at 1:02:07 PM, on 11/13/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\HPCD-W~1\DirectCD\directcd.exe
C:\HP CD-Writer\Mmenu\hpcdtray.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\Hello\Hello.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D28-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_0_2_6.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_0_2_6.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\HPCD-W~1\DirectCD\directcd.exe
O4 - HKLM\..\Run: [HP CD-Writer] C:\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Free WebSite Tools.lnk = C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS3\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe


----------



## JSntgRvr (Jul 1, 2003)

Download Killbox from any of the sites below:

http://www.thespykiller.co.uk/files/killbox.exe

http://www.downloads.subratam.org/KillBox.zip

Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletionsay YES and when the next box opens prompting you to reboot now...click no...and proceed with the next file. Once you get to the last one click YES and it will reboot.

C:\WINNT\GatorHDPlugin.log 
C:\dialer.exe 
C:\Program Files\dialers\japan\japan.exe 
C:\WINNT\Downloaded Program Files\CONFLICT.1\HDPlugin1019.inf 
C:\WINNT\Downloaded Program Files\HDPlugin1019.inf 
C:\WINNT\Downloaded Program Files\pinstall.dll
C:\RECYCLER\S-1-5-21-1390067357-152049171-1202660629-1000\Dc5.exe 
C:\RECYCLER\S-1-5-21-1390067357-152049171-1202660629-1000\Dc6.exe

Boot in Safe Mode. Open Windows Explorer. Navigate and delete the following folders:

C:\Documents and Settings\Administrator.KAREN\Start Menu\Programs\*ClockSync* 
C:\PROGRAM FILES\*dialers* 
C:\PROGRAM FILES\*E2G* 
C:\PROGRAM FILES\*nCase*

Download Cleanup from Here:

http://www.stevengould.org/downloads/cleanup/CleanUp40.exe

* A window will open and choose SAVE, then DESKTOP as the destination.
* On your Desktop, click on Cleanup40.exe icon.
* Then, click RUN and place a checkmark beside "I Agree"
* Then click NEXT followed by START and OK.
* A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
* Click OK
* Run Cleanup:
* Click on the "Cleanup" button and let it run.
* Once its done, close the program.

Download L2mfix from one of these two locations:

http://www.atribune.org/downloads/l2mfix.exe
http://www.downloads.subratam.org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log.

Copy the contents of that log and paste it into this thread as well as a HJT log.


----------



## chimaykaren (Nov 6, 2005)

Humm..for whatever reason, I can't get the Kill Box to work. When I click on the red X, after I have pasted the file to delete in the space, it doesn't do anything, doesn't ask to confirm the file for deletion...(the "UnregisterDLL" isn't highlighted for me to checkmark as an option either..) Maybe I'll try to download it again...


----------



## chimaykaren (Nov 6, 2005)

And here's this:

L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000

RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!

Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"YComp 5.0.2.6"="Yahoo! Companion"

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network and Dial-up Connections"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{1A9BA3A0-143A-11CF-8350-444553540000}"="Shell Favorite Folder"
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"="My Computer"
"{86747AC0-42A0-1069-A2E6-08002B30309D}"="Briefcase Folder"
"{0AFACED1-E828-11D1-9187-B532F1E9575D}"="Folder Shortcut"
"{12518493-00B2-11d2-9FA5-9E3420524153}"="Mounted Volume"
"{21B22460-3AEA-1069-A2DC-08002B30309D}"="File Property Page Extension"
"{B091E540-83E3-11CF-A713-0020AFD79762}"="File Types Page"
"{FBF23B41-E3F0-101B-8488-00AA003E56F8}"="MIME File Types Hook"
"{C2FBB630-2971-11d1-A18C-00C04FD75D13}"="Microsoft CopyTo Service"
"{C2FBB631-2971-11d1-A18C-00C04FD75D13}"="Microsoft MoveTo Service"
"{13709620-C279-11CE-A49E-444553540000}"="Shell Automation Service"
"{62112AA1-EBE4-11cf-A5FB-0020AFE7292D}"="Shell Automation Folder View"
"{4622AD11-FF23-11d0-8D34-00A0C90F2719}"="Start Menu"
"{7BA4C740-9E81-11CF-99D3-00AA004AE837}"="Microsoft SendTo Service"
"{D969A300-E7FF-11d0-A93B-00A0C90F2719}"="Microsoft New Object Service"
"{09799AFB-AD67-11d1-ABCD-00C04FC30936}"="Open With Context Menu Handler"
"{3FC0B520-68A9-11D0-8D77-00C04FD70822}"="Display Control Panel HTML Extensions"
"{75048700-EF1F-11D0-9888-006097DEACF9}"="ActiveDesktop"
"{6D5313C0-8C62-11D1-B2CD-006097DF8C11}"="Folder Options Property Page Extension"
"{57651662-CE3E-11D0-8D77-00C04FC99D61}"="CmdFileIcon"
"{4657278A-411B-11d2-839A-00C04FD918D0}"="Shell Drag and Drop helper"
"{A470F8CF-A1E8-4f65-8335-227475AA5C46}"="Add encryption item to context menus in explorer"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{568804CA-CBD7-11d0-9816-00C04FD91972}"="Menu Shell Folder"
"{5b4dae26-b807-11d0-9815-00c04fd91972}"="Menu Band"
"{8278F931-2A3E-11d2-838F-00C04FD918D0}"="Tracking Shell Menu"
"{E13EF4E4-D2F2-11d0-9816-00C04FD91972}"="Menu Site"
"{ECD4FC4F-521C-11D0-B792-00A0C90312E1}"="Menu Desk Bar"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{D82BE2B0-5764-11D0-A96E-00C04FD705A2}"="IShellFolderBand"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{0E5CBF21-D15F-11d0-8301-00AA005B4383}"="&Links"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7487cd30-f71a-11d0-9ea7-00805f714772}"="Thumbnail Image"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{8BEBB290-52D0-11D0-B7F4-00C04FD706EC}"="Thumbnails"
"{EAB841A0-9550-11CF-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{1AEB1360-5AFC-11D0-B806-00C04FD706EC}"="Office Graphics Filters Thumbnail Extractor"
"{9DBD2C50-62AD-11D0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{500202A0-731E-11D0-B829-00C04FD706EC}"="LNK file thumbnail interface delegator"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8C-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{fe1290f0-cfbd-11cf-a330-00aa00c16e65}"="Directory Namespace"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{450D8FBA-AD25-11D0-98A8-0800361B1103}"="MyDocs Folder"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec Directcd Shell Extension"
"{5464D816-CF16-4784-B9F3-75C0DB52B499}"="Yahoo! Mail"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"="Eudora's Shell Extension"
"{1EBC3533-B289-409F-9924-B84B3F0717D2}"="AceFTP Context Menu Shell Extension"
"{48F45200-91E6-11CE-8A4F-0080C81A28D4}"="TMD Shell Extension"
"{771A9DA0-731A-11CE-993C-00AA004ADB6C}"="VBPropSheet"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:

No matches found.
Locate .tmp files:

No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is C473-FD3F

Directory of C:\WINNT\System32

11/12/2005 12:15p dllcache
0 File(s) 0 bytes
1 Dir(s) 7,875,200,512 bytes free


----------



## chimaykaren (Nov 6, 2005)

Logfile of HijackThis v1.99.1
Scan saved at 3:57:01 PM, on 11/15/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\SYSTEM32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\cisvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\HPCD-W~1\DirectCD\directcd.exe
C:\HP CD-Writer\Mmenu\hpcdtray.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\Hello\Hello.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\palmOne\Hotsync.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\cidaemon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaults/sb/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaults/su/*http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D28-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_0_2_6.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_0_2_6.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Adaptec DirectCD] C:\HPCD-W~1\DirectCD\directcd.exe
O4 - HKLM\..\Run: [HP CD-Writer] C:\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [PicasaNet] "C:\Program Files\Hello\Hello.exe" -b
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Free WebSite Tools.lnk = C:\Program Files\CoffeeCup Software\CoffeeCup Free FTP\ThirtyDayTimer.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\palmOne\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - C:\Program Files\Hello\PicasaCapture.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) - http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS1\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS2\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CS3\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = vic.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = vic.bigpond.net.au
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe


----------



## JSntgRvr (Jul 1, 2003)

Looks clean. Were you able to resolve the issue with Kill box? See if the files and folders requested to be deleted are still there or not.


----------



## chimaykaren (Nov 6, 2005)

Sorry about the hiatus there...got a bit caught up in doing a Mostly Clean Machine happy dance.
But, those 8 pesky files do remain, and I can't get the kill box to work as you describe...is there a different way to download/run it?


----------



## JSntgRvr (Jul 1, 2003)

Do it mannually. Boot in Safe Mode. Open Windows Explorer. Navigate to these locations and delete the file involved if exits:

C:\WINNT\GatorHDPlugin.log 
C:\dialer.exe 
C:\Program Files\dialers\japan\japan.exe 
C:\WINNT\Downloaded Program Files\CONFLICT.1\HDPlugin1019.inf 
C:\WINNT\Downloaded Program Files\HDPlugin1019.inf 
C:\WINNT\Downloaded Program Files\pinstall.dll

These two are part of the Recycle bin. Emptying the Recycle bin will take care of these two:

C:\RECYCLER\S-1-5-21-1390067357-152049171-1202660629-1000\Dc5.exe 
C:\RECYCLER\S-1-5-21-1390067357-152049171-1202660629-1000\Dc6.exe

To confirm, perform another ActiveScan and post the report.


----------



## chimaykaren (Nov 6, 2005)

Hi again JSntgRvr,
Just to let you know. I ran an Active Scan today, and it showed absolutely no infection of any kind. Oh, I am so geeked and happy. Your help has restored my life, and has given me great incentive to start to learn some of this troubleshooting in more detail. Anyway, THANKS so much again.


----------



## JSntgRvr (Jul 1, 2003)

:up: You are Welcome!


----------



## Flrman1 (Jul 26, 2002)

This needs to go:

*O4 - HKCU\..\Run: [ClockSync] C:\Program Files\ClockSync\Sync.exe /q*

http://castlecops.com/s606-ClockSync.html


----------

