Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow Computer, Bogs Down


  • Please log in to reply
13 replies to this topic

#1 labs

labs

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 15 November 2005 - 11:15 AM

Logfile of HijackThis v1.99.1
Scan saved at 10:12:01 AM, on 11/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\umonit.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\pilot\games\HOTSYNC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\adobe\acrobat 5.0\Reader\AcroRd32.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lake-link.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.demming-noel.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SureCleanProfessional] "C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HotSync Manager 2.0.lnk = C:\pilot\games\HOTSYNC.EXE
O4 - Global Startup: Real-time Monitor.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lowrance.com/Software/Upgrades/..._170/isetup.cab
O16 - DPF: {BDCA15A4-674E-4E67-B220-B0FEDADB7F71} - file://e|\ff99_web\codebase\imagebmp.cab
O16 - DPF: {DE8AF586-A5C6-400C-B8E0-B9F3A32246E2} - file://e|\ff99_web\codebase\imagejpg.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 19 November 2005 - 01:34 PM

Hi labs and Welcome to the Bleeping Computer!

I dont see anything that looks malicious in the HJT log.


What types of routine cleanings and maintinence do you do for the PC?

#3 labs

labs
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 21 November 2005 - 10:20 AM

Hi labs and Welcome to the Bleeping Computer!

I dont see anything that looks malicious in the HJT log.


What types of routine cleanings and maintinence do you do for the PC?


I run a pop-up blocker and spybot. Standard firewall and virus protection on the PC. From time to time I delete all temp files. Keep up to date on MS updates and that about it.

Can you suggest other things that may help? Thank you!

Labs

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 22 November 2005 - 05:17 AM

Do you have any idea what these 2 entries are about?

O16 - DPF: {BDCA15A4-674E-4E67-B220-B0FEDADB7F71} - file://e|\ff99_web\codebase\imagebmp.cab

O16 - DPF: {DE8AF586-A5C6-400C-B8E0-B9F3A32246E2} - file://e|\ff99_web\codebase\imagejpg.cab


Lets look a bit deeper,Download WinPFind:
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab

Make Sure "Normal Startup-load all device drivers and services" has a green tick by it

Click Apply>>Close>>Follow the Prompts to Restart!

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates

Post back with a fresh HijackThis log and the reports from WinPFind and Panda

#5 labs

labs
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 22 November 2005 - 12:07 PM

[quote name='Cretemonster' date='Nov 22 2005, 06:17 AM' post='195128']
Do you have any idea what these 2 entries are about?

O16 - DPF: {BDCA15A4-674E-4E67-B220-B0FEDADB7F71} - file://e|\ff99_web\codebase\imagebmp.cab

O16 - DPF: {DE8AF586-A5C6-400C-B8E0-B9F3A32246E2} - file://e|\ff99_web\codebase\imagejpg.cab

No idea on the above entries...

Here is my new HJT log and WindFind info. THe Panda scan would only error out after about 15 seconds. Active X was installed and I tried to restart, both without success. Thank you for your help.


Logfile of HijackThis v1.99.1
Scan saved at 10:59:57 AM, on 11/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\system32\umonit.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Apoint\Apntex.exe
C:\pilot\games\HOTSYNC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Auto-Owners Insurance Company\AOApp\Common\Bin\AOFormP.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lake-link.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak =

http://www.demming-noel.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer =

http=127.0.0.1:6711
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot -

Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile -

{D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin

2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office

2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe

SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SureCleanProfessional] "C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - Global Startup: HotSync Manager 2.0.lnk = C:\pilot\games\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office\OSA9.EXE
O4 - Global Startup: Real-time Monitor.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program

files\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6}

- mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... -

{6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player)

- http://www.lowrance.com/Software/Upgrades/..._170/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BDCA15A4-674E-4E67-B220-B0FEDADB7F71} - file://e|\ff99_web\codebase\imagebmp.cab
O16 - DPF: {DE8AF586-A5C6-400C-B8E0-B9F3A32246E2} - file://e|\ff99_web\codebase\imagejpg.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program

Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...
PEC2 11/24/2004 9:37:32 AM 2945017 C:\crash.txt
UPX! 8/7/2004 3:14:00 PM 187904 C:\HijackThis.exe
UPX! 12/10/2003 6:35:26 PM 98304 C:\install_soundfil.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
FSG! 7/19/2002 6:38:42 PM 3031400 C:\WINDOWS\Q316575.exe
UPX! 11/29/2004 8:00:32 AM 189992 C:\WINDOWS\systb.exe

Checking %System% folder...
PEC2 8/18/2001 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 11/4/2005 4:27:24 PM 534280 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 11/10/2005 11:00:08 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 11/10/2005 11:00:08 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 1:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 1:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 4/23/1999 9:22:00 PM 3072 C:\WINDOWS\SYSTEM32\Rsrc32.dll
winsync 8/18/2001 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
UPX! 9/5/2001 9:55:40 PM 54784 C:\WINDOWS\SYSTEM32\XpBlock.dll

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 11:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
UPX! 7/21/2003 10:46:58 AM 839408 C:\WINDOWS\SYSTEM32\drivers\vsapint.sys
aspack 7/21/2003 10:46:58 AM 839408 C:\WINDOWS\SYSTEM32\drivers\vsapint.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
11/22/2005 10:00:10 AM S 2048 C:\WINDOWS\bootstat.dat
11/14/2005 2:30:30 PM H 54156 C:\WINDOWS\QTFont.qfn
11/3/2005 10:31:20 AM HS 1682 C:\WINDOWS\system32\KGyGaAvL.sys
10/5/2005 8:33:38 PM S 12849 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896424.cat
10/4/2005 7:17:40 PM S 21737 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
9/28/2005 10:53:30 AM S 17402 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB900725.cat
11/22/2005 9:59:54 AM H 8192 C:\WINDOWS\system32\config\default.LOG
11/22/2005 10:00:42 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG
11/22/2005 10:00:12 AM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
11/22/2005 10:02:08 AM H 69632 C:\WINDOWS\system32\config\software.LOG
11/22/2005 10:00:24 AM H 880640 C:\WINDOWS\system32\config\system.LOG
11/14/2005 4:32:04 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
10/31/2005 4:29:38 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\ff14ec3d-493a-4e0f-a1df-4dc9de7a8dc2
10/31/2005 4:29:38 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
11/22/2005 9:58:52 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
11/12/1999 4:11:00 AM 183808 C:\WINDOWS\SYSTEM32\BDEADMIN.CPL
Microsoft Corporation 8/4/2004 1:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/18/2001 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/18/2001 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
RealNetworks, Inc. 12/23/2002 7:58:44 PM 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl
Apple Computer, Inc. 10/19/2001 11:11:36 AM 287232 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/18/2001 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Sony Corporation 12/4/1999 5:11:30 AM 151552 C:\WINDOWS\SYSTEM32\UILib.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
7/25/2002 8:03:16 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
10/18/2005 1:24:02 PM 586 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager 2.0.lnk
11/18/2005 2:54:38 PM 1725 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
10/20/2005 7:15:54 AM 2423 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Real-time Monitor.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
7/25/2002 12:52:30 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
11/3/2005 3:44:12 PM 4096 C:\Documents and Settings\All Users\Application Data\ScheduledItems

Checking files in %USERPROFILE%\Startup folder...
7/25/2002 8:03:16 PM HS 84 C:\Documents and Settings\Daddy\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
7/25/2002 12:52:30 PM HS 62 C:\Documents and Settings\Daddy\Application Data\desktop.ini
2/25/2003 8:52:14 PM 12358 C:\Documents and Settings\Daddy\Application Data\PFP100JCM.{PB
2/25/2003 8:52:14 PM 61678 C:\Documents and Settings\Daddy\Application Data\PFP100JPR.{PB
12/2/2004 8:31:56 AM H 44545 C:\Documents and Settings\Daddy\Application Data\ptads.bin
8/11/2004 3:12:04 PM 284 C:\Documents and Settings\Daddy\Application Data\ViewerApp.dat

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\StuffIt Context Menu
{2E336DC0-54F8-11D1-ABD5-447270537467} = C:\Program Files\Aladdin Systems\StuffIt Standard\StuffItMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}
= C:\Program Files\Trend Micro\PC-cillin 2000\Tmdshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\StuffIt Context Menu
{2E336DC0-54F8-11D1-ABD5-447270537467} = C:\Program Files\Aladdin Systems\StuffIt Standard\StuffItMenu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu
{C0E10002-0028-0003-C0E1-C0E1C0E1C0E1} = C:\Program Files\Corel\WordPerfect Office 2002\PROGRAMS\PFSE100.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}
= C:\Program Files\Trend Micro\PC-cillin 2000\Tmdshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5233FCD-D258-4903-89B8-FB1568E7413D}
Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile = mscoree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6F431AC3-364A-478b-BBDB-89C7CE1B18F6}
ButtonText = Attach Web page to ACT! contact :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{014DA6C9-189F-421A-88CD-07CFE51CFF10} = :
{ACBB4FB8-ECBD-48D3-A8D2-C1382079A548} = :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Apoint C:\Program Files\Apoint\Apoint.exe
Pop3trap.exe "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
WebTrapNT.exe "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
Mouse Suite 98 Daemon ICO.EXE
AtiPTA atiptaxx.exe
QuickFinder Scheduler "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
RealTray C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
HPDJ Taskbar Utility C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
KernelFaultCheck %systemroot%\system32\dumprep 0 -k
UMonit C:\WINDOWS\system32\umonit.exe
UserFaultCheck %systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PopUpStopperFreeEdition "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
SureCleanProfessional "C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe"
SpybotSD TeaTimer C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 2
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key mбejzHf2
Hint pup
FileName0 C:\WINDOWS\System32\RSACi.rat

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
Allow_Unknowns 0
PleaseMom 1
Enabled 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html
v 0
s 0
n 0
l 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default
NumSys 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 11/22/2005 10:17:35 AM

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 23 November 2005 - 05:38 AM

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#7 labs

labs
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 23 November 2005 - 12:31 PM

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, November 23, 2005 11:27:44
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 23/11/2005
Kaspersky Anti-Virus database records: 151427
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
Z:\

Scan Statistics:
Total number of scanned objects: 87523
Number of viruses found: 38
Number of infected objects: 1437
Number of suspicious objects: 11
Duration of the scan process: 6665 sec

Infected Object Name - Virus Name
C:\apropos_client_loader.exe Infected: Trojan-Downloader.Win32.Apropo.v
C:\Documents and Settings\Daddy\Local Settings\Application Data\Microsoft\Outlook\archive.pst/Archive Folders/Sent Items/20 Apr 2004 20:09 to DanAl@wowlogistics.com:RE: [PhiKappaPi].html Infected: Trojan.JS.Relink.b
C:\Documents and Settings\Daddy\Local Settings\Application Data\Microsoft\Outlook\archive.pst Infected: Trojan.JS.Relink.b
C:\Documents and Settings\Daddy\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Deleted Items/14 Sep 2005 00:23 from overseasproduct:Hi,dnoel,welcome to my ho.html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Daddy\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Junk/16 Sep 2005 00:24 from nyr11:Mar. 29 2002 2.html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Daddy\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Junk/15 Sep 2005 22:33 from eBay:IMPORTANT ACCOUNT NOTICE.html Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Daddy\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Junk/22 Sep 2005 23:54 from jmjrr2:Let's be friends.html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Daddy\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Junk/23 Sep 2005 22:48 from tmorang:Hi,so cool a flash,enjoy it.html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Daddy\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Junk/28 Sep 2005 17:06 from eBay:eBay: urgent security notice [Wed, 2.html Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Daddy\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Junk/19 Oct 2005 00:48 from Biggroundhawg:Please try again.html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Daddy\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Junk/20 Oct 2005 00:34 from PeterD324:Fw:some questions.html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Daddy\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Junk/20 Oct 2005 00:45 from Sid6dot7:Have a nice Allhallowmas.html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Daddy\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Junk/21 Oct 2005 22:26 from bjohnson:Have a funny Allhallowmas.html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Daddy\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Junk/25 Oct 2005 20:35 from DOlson:Meeting notice.html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Daddy\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Junk/27 Oct 2005 12:37 from eBay Inc:eBay Inc Online - Client's Detai.html Infected: Trojan-Spy.HTML.Bayfraud.hn
C:\Documents and Settings\Daddy\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Junk/28 Oct 2005 20:19 from april:Have a new Allhallowmas.html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Daddy\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Junk/02 Nov 2005 20:13 from Dnoel:/sms_text.zip Infected: Email-Worm.Win32.Bagle.eb
C:\Documents and Settings\Daddy\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Junk/07 Nov 2005 23:37 from jerrycoltd:Re:eager to see you.html Suspicious: Exploit.HTML.Iframe.FileDownload
C:\Documents and Settings\Daddy\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Junk/22 Nov 2005 14:04 from office@ecuvm.cis.ecu.edu:Mail delivery fa/mail.zip/File-packed_dataInfo.exe Infected: Email-Worm.Win32.Sober.y
C:\Documents and Settings\Daddy\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst/Personal Folders/Junk/22 Nov 2005 14:04 from office@ecuvm.cis.ecu.edu:Mail delivery fa/mail.zip Infected: Email-Worm.Win32.Sober.y
C:\Documents and Settings\Daddy\Local Settings\Application Data\Microsoft\Outlook\Personal Folders(1).pst Infected: Email-Worm.Win32.Sober.y
C:\Documents and Settings\Daddy\Local Settings\Temp\optimize.exe Infected: Trojan-Downloader.Win32.Dyfuca.j
C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec
C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe/data0006 Infected: Trojan.Win32.SecondThought.h
C:\Documents and Settings\Default User\My Documents\Data\all_files4.exe Infected: Trojan.Win32.SecondThought.h
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe/data0006 Infected: Trojan.Win32.SecondThought.h
C:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe Infected: Trojan.Win32.SecondThought.h
C:\Documents and Settings\Default User\My Documents\Data\Data\incredifind.exe/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval
C:\Documents and Settings\Default User\My Documents\Data\Data\incredifind.exe/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval
C:\Documents and Settings\Default User\My Documents\Data\Data\incredifind.exe/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval
C:\Documents and Settings\Default User\My Documents\Data\Data\incredifind.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval
C:\Documents and Settings\Default User\My Documents\Data\Data\incredifind.exe/data0008 Infected: Trojan-Downloader.Win32.Keenval.e
C:\Documents and Settings\Default User\My Documents\Data\Data\incredifind.exe/data0009 Infected: Trojan-Downloader.Win32.Keenval.e
C:\Documents and Settings\Default User\My Documents\Data\Data\incredifind.exe Infected: Trojan-Downloader.Win32.Keenval.e
C:\Documents and Settings\Default User\My Documents\Data\Data\MemWatcher2.exe/data0004 Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Default User\My Documents\Data\Data\MemWatcher2.exe/data0006 Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Default User\My Documents\Data\Data\MemWatcher2.exe Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Default User\My Documents\Data\Data\netspry.exe/data0002 Infected: Trojan.StartPage.aaq
C:\Documents and Settings\Default User\My Documents\Data\Data\netspry.exe Infected: Trojan.StartPage.aaq
C:\Documents and Settings\Default User\My Documents\Data\incredifind.exe/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval
C:\Documents and Settings\Default User\My Documents\Data\incredifind.exe/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval
C:\Documents and Settings\Default User\My Documents\Data\incredifind.exe/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval
C:\Documents and Settings\Default User\My Documents\Data\incredifind.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval
C:\Documents and Settings\Default User\My Documents\Data\incredifind.exe/data0008 Infected: Trojan-Downloader.Win32.Keenval.e
C:\Documents and Settings\Default User\My Documents\Data\incredifind.exe/data0009 Infected: Trojan-Downloader.Win32.Keenval.e
C:\Documents and Settings\Default User\My Documents\Data\incredifind.exe Infected: Trojan-Downloader.Win32.Keenval.e
C:\Documents and Settings\Default User\My Documents\Data\MemWatcher2.exe/data0004 Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Default User\My Documents\Data\MemWatcher2.exe/data0006 Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Default User\My Documents\Data\MemWatcher2.exe Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Default User\My Documents\Data\netspry.exe/data0002 Infected: Trojan.StartPage.aaq
C:\Documents and Settings\Default User\My Documents\Data\netspry.exe Infected: Trojan.StartPage.aaq
C:\Documents and Settings\Delanie\My Documents\Data\all_files4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec
C:\Documents and Settings\Delanie\My Documents\Data\all_files4.exe/data0006 Infected: Trojan.Win32.SecondThought.h
C:\Documents and Settings\Delanie\My Documents\Data\all_files4.exe Infected: Trojan.Win32.SecondThought.h
C:\Documents and Settings\Delanie\My Documents\Data\Data\all_files4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec
C:\Documents and Settings\Delanie\My Documents\Data\Data\all_files4.exe/data0006 Infected: Trojan.Win32.SecondThought.h
C:\Documents and Settings\Delanie\My Documents\Data\Data\all_files4.exe Infected: Trojan.Win32.SecondThought.h
C:\Documents and Settings\Delanie\My Documents\Data\Data\incredifind.exe/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval
C:\Documents and Settings\Delanie\My Documents\Data\Data\incredifind.exe/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval
C:\Documents and Settings\Delanie\My Documents\Data\Data\incredifind.exe/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval
C:\Documents and Settings\Delanie\My Documents\Data\Data\incredifind.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval
C:\Documents and Settings\Delanie\My Documents\Data\Data\incredifind.exe/data0008 Infected: Trojan-Downloader.Win32.Keenval.e
C:\Documents and Settings\Delanie\My Documents\Data\Data\incredifind.exe/data0009 Infected: Trojan-Downloader.Win32.Keenval.e
C:\Documents and Settings\Delanie\My Documents\Data\Data\incredifind.exe Infected: Trojan-Downloader.Win32.Keenval.e
C:\Documents and Settings\Delanie\My Documents\Data\Data\MemWatcher2.exe/data0004 Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Delanie\My Documents\Data\Data\MemWatcher2.exe/data0006 Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Delanie\My Documents\Data\Data\MemWatcher2.exe Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Delanie\My Documents\Data\Data\netspry.exe/data0002 Infected: Trojan.StartPage.aaq
C:\Documents and Settings\Delanie\My Documents\Data\Data\netspry.exe Infected: Trojan.StartPage.aaq
C:\Documents and Settings\Delanie\My Documents\Data\incredifind.exe/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval
C:\Documents and Settings\Delanie\My Documents\Data\incredifind.exe/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval
C:\Documents and Settings\Delanie\My Documents\Data\incredifind.exe/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval
C:\Documents and Settings\Delanie\My Documents\Data\incredifind.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval
C:\Documents and Settings\Delanie\My Documents\Data\incredifind.exe/data0008 Infected: Trojan-Downloader.Win32.Keenval.e
C:\Documents and Settings\Delanie\My Documents\Data\incredifind.exe/data0009 Infected: Trojan-Downloader.Win32.Keenval.e
C:\Documents and Settings\Delanie\My Documents\Data\incredifind.exe Infected: Trojan-Downloader.Win32.Keenval.e
C:\Documents and Settings\Delanie\My Documents\Data\MemWatcher2.exe/data0004 Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Delanie\My Documents\Data\MemWatcher2.exe/data0006 Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Delanie\My Documents\Data\MemWatcher2.exe Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Delanie\My Documents\Data\netspry.exe/data0002 Infected: Trojan.StartPage.aaq
C:\Documents and Settings\Delanie\My Documents\Data\netspry.exe Infected: Trojan.StartPage.aaq
C:\Documents and Settings\Shayla\My Documents\Data\all_files4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec
C:\Documents and Settings\Shayla\My Documents\Data\all_files4.exe/data0006 Infected: Trojan.Win32.SecondThought.h
C:\Documents and Settings\Shayla\My Documents\Data\all_files4.exe Infected: Trojan.Win32.SecondThought.h
C:\Documents and Settings\Shayla\My Documents\Data\Data\all_files4.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.ec
C:\Documents and Settings\Shayla\My Documents\Data\Data\all_files4.exe/data0006 Infected: Trojan.Win32.SecondThought.h
C:\Documents and Settings\Shayla\My Documents\Data\Data\all_files4.exe Infected: Trojan.Win32.SecondThought.h
C:\Documents and Settings\Shayla\My Documents\Data\Data\incredifind.exe/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval
C:\Documents and Settings\Shayla\My Documents\Data\Data\incredifind.exe/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval
C:\Documents and Settings\Shayla\My Documents\Data\Data\incredifind.exe/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval
C:\Documents and Settings\Shayla\My Documents\Data\Data\incredifind.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval
C:\Documents and Settings\Shayla\My Documents\Data\Data\incredifind.exe/data0008 Infected: Trojan-Downloader.Win32.Keenval.e
C:\Documents and Settings\Shayla\My Documents\Data\Data\incredifind.exe/data0009 Infected: Trojan-Downloader.Win32.Keenval.e
C:\Documents and Settings\Shayla\My Documents\Data\Data\incredifind.exe Infected: Trojan-Downloader.Win32.Keenval.e
C:\Documents and Settings\Shayla\My Documents\Data\Data\MemWatcher2.exe/data0004 Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Shayla\My Documents\Data\Data\MemWatcher2.exe/data0006 Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Shayla\My Documents\Data\Data\MemWatcher2.exe Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Shayla\My Documents\Data\Data\netspry.exe/data0002 Infected: Trojan.StartPage.aaq
C:\Documents and Settings\Shayla\My Documents\Data\Data\netspry.exe Infected: Trojan.StartPage.aaq
C:\Documents and Settings\Shayla\My Documents\Data\incredifind.exe/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval
C:\Documents and Settings\Shayla\My Documents\Data\incredifind.exe/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval
C:\Documents and Settings\Shayla\My Documents\Data\incredifind.exe/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval
C:\Documents and Settings\Shayla\My Documents\Data\incredifind.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval
C:\Documents and Settings\Shayla\My Documents\Data\incredifind.exe/data0008 Infected: Trojan-Downloader.Win32.Keenval.e
C:\Documents and Settings\Shayla\My Documents\Data\incredifind.exe/data0009 Infected: Trojan-Downloader.Win32.Keenval.e
C:\Documents and Settings\Shayla\My Documents\Data\incredifind.exe Infected: Trojan-Downloader.Win32.Keenval.e
C:\Documents and Settings\Shayla\My Documents\Data\MemWatcher2.exe/data0004 Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Shayla\My Documents\Data\MemWatcher2.exe/data0006 Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Shayla\My Documents\Data\MemWatcher2.exe Infected: Backdoor.Win32.VB.nb
C:\Documents and Settings\Shayla\My Documents\Data\netspry.exe/data0002 Infected: Trojan.StartPage.aaq
C:\Documents and Settings\Shayla\My Documents\Data\netspry.exe Infected: Trojan.StartPage.aaq
C:\Program Files\Trend Micro\PC-cillin 2000\4A3.tmp Infected: Trojan-Downloader.Win32.Braidupdate.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\10.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\100.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\101.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\102.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\103.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\104.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\105.tmp Infected: Trojan-Downloader.Win32.Braidupdate.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\106.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\107.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\108.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\109.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\10A.tmp Infected: Trojan-Downloader.Win32.Braidupdate.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\10C.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\10D.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\10E.tmp Infected: Trojan-Downloader.Win32.Braidupdate.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\10F.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\11.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\110.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\111.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\112.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\113.tmp Infected: Trojan-Downloader.Win32.Braidupdate.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\114.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\115.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\116.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\117.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\118.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\119.tmp/WISE0007.BIN Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\119.tmp/WISE0008.BIN Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\119.tmp Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\11A.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\11B.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\11C.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\11D.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\11E.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\11F.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\12.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\120.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\121.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\122.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\123.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\124.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\125.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\126.tmp Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\127.tmp/WISE0007.BIN Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\127.tmp/WISE0008.BIN Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\127.tmp Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\128.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\129.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\12A.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\12B.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\12C.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\12D.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\12F.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\13.tmp Infected: Trojan-Downloader.Win32.Braidupdate.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\130.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\131.tmp/Counter.class Infected: Trojan.Java.ClassLoader.i
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\131.tmp/VerifierBug.class Infected: Trojan.Java.ClassLoader.k
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\131.tmp/Beyond.class Infected: Trojan-Dropper.Java.Beyond.b
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\131.tmp Infected: Trojan-Dropper.Java.Beyond.b
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\132.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\133.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\134.tmp Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\135.tmp Infected: Trojan-Downloader.Win32.Intexp.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\137.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\138.tmp Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\139.tmp Infected: Trojan-Downloader.Win32.Braidupdate.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\13A.tmp/WISE0007.BIN Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\13A.tmp/WISE0008.BIN Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\13A.tmp Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\13B.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\13C.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\13D.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\13E.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\13F.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\14.tmp Infected: Trojan-Downloader.Win32.Braidupdate.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\140.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\141.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\142.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\143.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\144.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\145.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\146.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\147.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\148.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\149.tmp Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\14A.tmp Infected: Trojan-Downloader.Win32.Intexp.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\14C.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\14D.tmp Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\14E.tmp Infected: Trojan-Downloader.Win32.Braidupdate.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\14F.tmp/WISE0007.BIN Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\14F.tmp/WISE0008.BIN Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\14F.tmp Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\15.tmp Infected: Trojan-Downloader.Win32.Braidupdate.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\150.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\151.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\152.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\153.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\154.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\155.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\156.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\157.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\158.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\159.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\15A.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\15B.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\15C.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\15D.tmp Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\15E.tmp Infected: Trojan-Downloader.Win32.Intexp.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\15F.tmp Infected: Trojan-Downloader.Win32.Braidupdate.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\16.tmp/WISE0007.BIN Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\16.tmp/WISE0008.BIN Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\16.tmp Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\160.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\161.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\162.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\163.tmp Infected: Exploit.HTML.CodeBaseExec
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\164.tmp Infected: Trojan-Downloader.Win32.Braidupdate.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\165.tmp/WISE0007.BIN Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\165.tmp/WISE0008.BIN Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\165.tmp Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\166.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\167.tmp Infected: Trojan-Downloader.Win32.Agent.ae
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\168.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\16A.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\16B.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\16C.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\16D.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\16E.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\16F.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\17.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\170.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\171.tmp Infected: Trojan-Downloader.Win32.Intexp.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\173.tmp Infected: Trojan-Downloader.Win32.Braidupdate.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\174.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\175.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\176.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\177.tmp/WISE0007.BIN Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\177.tmp/WISE0008.BIN Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\177.tmp Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\178.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\179.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\17A.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\17B.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\17C.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\17D.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\17E.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\17F.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\18.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\180.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\181.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\182.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\183.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\185.tmp/WISE0007.BIN Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\185.tmp/WISE0008.BIN Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\185.tmp Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\186.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\187.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\188.tmp Infected: Trojan-Downloader.Win32.Intexp.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\189.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\18A.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\18B.tmp Infected: Trojan-Downloader.Win32.Braidupdate.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\18C.tmp/WISE0007.BIN Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\18C.tmp/WISE0008.BIN Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\18C.tmp Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\18D.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\18E.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\18F.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\19.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\190.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\191.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\192.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\193.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\194.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\195.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\196.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\197.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\198.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\199.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\19A.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\19B.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\19C.tmp Infected: Trojan-Downloader.Win32.Intexp.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\19D.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\19E.tmp Infected: Trojan-Downloader.Win32.Braidupdate.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\19F.tmp/WISE0007.BIN Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\19F.tmp/WISE0008.BIN Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\19F.tmp Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1A.tmp/WISE0007.BIN Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1A.tmp/WISE0008.BIN Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1A.tmp Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1A0.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1A1.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1A2.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1A3.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1A4.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1A5.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1A6.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1A7.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1A8.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1A9.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1AA.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1AB.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1AC.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1AD.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1AE.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1AF.tmp Infected: Trojan-Downloader.Win32.Intexp.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1B0.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1B1.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1B2.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1B3.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1B4.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1B5.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1B6.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1B8.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1B9.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1BA.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1BB.tmp Infected: Trojan-Downloader.Win32.Braidupdate.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1BC.tmp/WISE0007.BIN Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1BC.tmp/WISE0008.BIN Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1BC.tmp Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1BD.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1BE.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1BF.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1C.tmp Infected: Trojan-Downloader.Win32.Braidupdate.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1C0.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1C1.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1C2.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1C3.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1C4.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1C5.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1C6.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1C7.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1C8.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1C9.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1CA.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1CB.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1CC.tmp Infected: Trojan-Downloader.Win32.Braidupdate.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1CD.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1CE.tmp Infected: Trojan-Downloader.Win32.Intexp.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1CF.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1D1.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1D2.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1D3.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1D4.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1D5.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1D6.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1D7.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1D8.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1D9.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1DA.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1DB.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1DC.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1DD.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1DE.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1DF.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1E.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1E0.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1E1.tmp Infected: Trojan-Downloader.Win32.Intexp.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1E2.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1E3.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1E4.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1E6.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1E7.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1E8.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1E9.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1EA.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1EB.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1EC.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1ED.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1EE.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1EF.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1F.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1F0.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1F1.tmp Infected: Trojan-Downloader.Win32.Intexp.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1F3.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1F4.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1F5.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1F6.tmp Infected: Trojan-Downloader.Win32.Braidupdate.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1F7.tmp/WISE0007.BIN Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1F7.tmp/WISE0008.BIN Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1F7.tmp Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1F8.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1F9.tmp Infected: Trojan-Downloader.Win32.Braidupdate.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1FA.tmp/WISE0007.BIN Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1FA.tmp/WISE0008.BIN Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1FA.tmp Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1FB.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1FC.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1FD.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1FE.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\1FF.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\2.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\20.tmp/WISE0007.BIN Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\20.tmp/WISE0008.BIN Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\20.tmp Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\200.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\201.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\202.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\203.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\204.tmp Infected: Trojan-Downloader.Win32.Intexp.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\206.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\207.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\208.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\209.tmp Infected: Trojan-Downloader.Win32.Braidupdate.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\20A.tmp Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\20B.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\20C.tmp/WISE0007.BIN Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\20C.tmp/WISE0008.BIN Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\20C.tmp Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\20D.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\20E.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\20F.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\21.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\210.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\211.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\212.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\213.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\214.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\215.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\216.tmp Infected: Backdoor.Win32.VB.nb
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\217.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\218.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\219.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\21A.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\21B.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\21C.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\21D.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\21E.tmp Infected: Trojan-Downloader.Win32.Turown.a
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\21F.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\22.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\221.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\222.tmp Infected: Trojan-Downloader.Win32.Braidupdate.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\223.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\224.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\225.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\226.tmp/WISE0007.BIN Infected: Trojan-Downloader.Win32.VB.ca
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\226.tmp/WISE0008.BIN Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\226.tmp Infected: Trojan.Win32.Revop.c
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\227.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\228.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\229.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\22A.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\22B.tmp Infected: Email-Worm.Win32.Bagle.al
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\22C.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\22D.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\22E.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\22F.tmp Infected: Email-Worm.Win32.Zafi.d
C:\Program Files\Trend Micro\PC-cillin 2000\QUARANTINE\23.tmp I

#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 24 November 2005 - 04:07 AM

OK,we need to figure out how to clean out your old messages(Archives) in Outlook.

I have Outlook Express and I just open OE and Click Tools-> Options-> Maintenance

Place a checkmark by "Empty messages from the Deleted Items folder on exit"

Then click the tab labeled "Clean Up Now"

Make sure Windows is Showing Hidden Files and Folders
http://www.bleepingcomputer.com/tutorials/...al62.html#winxp

Next,Im unsure exactly what these folders represent since I dont have these folders anywhere on my XP Home edition.

C:\Documents and Settings\Shayla\My Documents\Data

C:\Documents and Settings\Delanie\My Documents\Data

C:\Documents and Settings\Default User\My Documents\Data

Each contains these in them somewhere

incredifind.exe
MemWatcher2.exe
netspry.exe


All those need to go.

Delete these files as well

C:\Documents and Settings\Daddy\Local Settings\Temp\optimize.exe

C:\apropos_client_loader.exe


Let me know what ya find and were able to delete?

#9 labs

labs
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 29 November 2005 - 09:12 AM

Cretemonster,

Thank you again for your help. I think I have everything cleaned up as per your latest information.
Maybe there is something else that is not visible in the information I've been posting here but it seems to take an extremely long time, at the original log in, for IE and Outlooks to start up. It may be the filters and spyware/pop-up stoppers I'm using that is slowing things down.

Thanks again for your knowledge.

Labs

#10 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 30 November 2005 - 04:47 AM

Can you post a fresh WinPFind log from Safe Mode again,I may have missed something earlier.

#11 labs

labs
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  

Posted 02 December 2005 - 12:22 PM

Thanks Crete... here it is...

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...
PEC2 11/24/2004 9:37:32 AM 2945017 C:\crash.txt
UPX! 8/7/2004 3:14:00 PM 187904 C:\HijackThis.exe
UPX! 12/10/2003 6:35:26 PM 98304 C:\install_soundfil.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
FSG! 7/19/2002 6:38:42 PM 3031400 C:\WINDOWS\Q316575.exe
UPX! 11/29/2004 8:00:32 AM 189992 C:\WINDOWS\systb.exe

Checking %System% folder...
PEC2 8/18/2001 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PTech 11/4/2005 4:27:24 PM 534280 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 11/10/2005 11:00:08 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 11/10/2005 11:00:08 PM 2368864 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 1:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 1:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 4/23/1999 9:22:00 PM 3072 C:\WINDOWS\SYSTEM32\Rsrc32.dll
winsync 8/18/2001 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
UPX! 9/5/2001 9:55:40 PM 54784 C:\WINDOWS\SYSTEM32\XpBlock.dll

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 11:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
UPX! 7/21/2003 10:46:58 AM 839408 C:\WINDOWS\SYSTEM32\drivers\vsapint.sys
aspack 7/21/2003 10:46:58 AM 839408 C:\WINDOWS\SYSTEM32\drivers\vsapint.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
12/2/2005 10:47:26 AM S 2048 C:\WINDOWS\bootstat.dat
11/14/2005 2:30:30 PM H 54156 C:\WINDOWS\QTFont.qfn
11/30/2005 1:00:58 PM HS 1682 C:\WINDOWS\system32\KGyGaAvL.sys
10/5/2005 8:33:38 PM S 12849 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896424.cat
10/4/2005 7:17:40 PM S 21737 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896688.cat
12/2/2005 10:47:10 AM H 8192 C:\WINDOWS\system32\config\default.LOG
12/2/2005 10:47:52 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG
12/2/2005 10:47:28 AM H 12288 C:\WINDOWS\system32\config\SECURITY.LOG
12/2/2005 10:47:54 AM H 65536 C:\WINDOWS\system32\config\software.LOG
12/2/2005 10:47:40 AM H 872448 C:\WINDOWS\system32\config\system.LOG
11/14/2005 4:32:04 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
10/31/2005 4:29:38 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\ff14ec3d-493a-4e0f-a1df-4dc9de7a8dc2
10/31/2005 4:29:38 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
12/2/2005 10:46:04 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
11/12/1999 4:11:00 AM 183808 C:\WINDOWS\SYSTEM32\BDEADMIN.CPL
Microsoft Corporation 8/4/2004 1:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/18/2001 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/18/2001 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
RealNetworks, Inc. 12/23/2002 7:58:44 PM 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl
Apple Computer, Inc. 10/19/2001 11:11:36 AM 287232 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/18/2001 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Sony Corporation 12/4/1999 5:11:30 AM 151552 C:\WINDOWS\SYSTEM32\UILib.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
7/25/2002 8:03:16 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
10/18/2005 1:24:02 PM 586 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager 2.0.lnk
11/18/2005 2:54:38 PM 1725 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
10/20/2005 7:15:54 AM 2423 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Real-time Monitor.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
7/25/2002 12:52:30 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
11/30/2005 4:27:52 PM 4096 C:\Documents and Settings\All Users\Application Data\ScheduledItems

Checking files in %USERPROFILE%\Startup folder...
7/25/2002 8:03:16 PM HS 84 C:\Documents and Settings\Daddy\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
7/25/2002 12:52:30 PM HS 62 C:\Documents and Settings\Daddy\Application Data\desktop.ini
2/25/2003 8:52:14 PM 12358 C:\Documents and Settings\Daddy\Application Data\PFP100JCM.{PB
2/25/2003 8:52:14 PM 61678 C:\Documents and Settings\Daddy\Application Data\PFP100JPR.{PB
12/2/2004 8:31:56 AM H 44545 C:\Documents and Settings\Daddy\Application Data\ptads.bin
8/11/2004 3:12:04 PM 284 C:\Documents and Settings\Daddy\Application Data\ViewerApp.dat

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\StuffIt Context Menu
{2E336DC0-54F8-11D1-ABD5-447270537467} = C:\Program Files\Aladdin Systems\StuffIt Standard\StuffItMenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}
= C:\Program Files\Trend Micro\PC-cillin 2000\Tmdshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\StuffIt Context Menu
{2E336DC0-54F8-11D1-ABD5-447270537467} = C:\Program Files\Aladdin Systems\StuffIt Standard\StuffItMenu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu
{C0E10002-0028-0003-C0E1-C0E1C0E1C0E1} = C:\Program Files\Corel\WordPerfect Office 2002\PROGRAMS\PFSE100.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\{48F45200-91E6-11CE-8A4F-0080C81A28D4}
= C:\Program Files\Trend Micro\PC-cillin 2000\Tmdshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D5233FCD-D258-4903-89B8-FB1568E7413D}
Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile = mscoree.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{6F431AC3-364A-478b-BBDB-89C7CE1B18F6}
ButtonText = Attach Web page to ACT! contact :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{014DA6C9-189F-421A-88CD-07CFE51CFF10} = :
{ACBB4FB8-ECBD-48D3-A8D2-C1382079A548} = :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Apoint C:\Program Files\Apoint\Apoint.exe
Pop3trap.exe "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
WebTrapNT.exe "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
Mouse Suite 98 Daemon ICO.EXE
AtiPTA atiptaxx.exe
QuickFinder Scheduler "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
RealTray C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
HPDJ Taskbar Utility C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
KernelFaultCheck %systemroot%\system32\dumprep 0 -k
UMonit C:\WINDOWS\system32\umonit.exe
UserFaultCheck %systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
PopUpStopperFreeEdition "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
SureCleanProfessional "C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe"
SpybotSD TeaTimer C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
Key mбejzHf2
Hint pup
FileName0 C:\WINDOWS\System32\RSACi.rat

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default
Allow_Unknowns 0
PleaseMom 1
Enabled 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\.Default\http://www.rsac.org/ratingsv01.html
v 0
s 0
n 0
l 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings\PICSRules\.Default
NumSys 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 12/2/2005 11:00:03 AM

#12 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 04 December 2005 - 06:26 AM

Well,I sure did miss a few items!

Be sure Windows is Still showing Hidden Files

Locate and Delete

C:\crash.txt

C:\WINDOWS\Q316575.exe

C:\WINDOWS\systb.exe

C:\WINDOWS\SYSTEM32\XpBlock.dll

Let me know if you cant locate any of these.


Run one more Online Scan here
http://www.windowsecurity.com/trojanscan/


Post back with any results from the Online Scan and a fresh HijackThis log.

#13 labs

labs
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:23 PM

Posted 06 December 2005 - 12:31 PM

Thank you again for your help.

Logfile of HijackThis v1.99.1
Scan saved at 11:28:23 AM, on 12/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe
C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\umonit.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\pilot\games\HOTSYNC.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.lake-link.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.demming-noel.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6711
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\Pop3trap.exe"
O4 - HKLM\..\Run: [WebTrapNT.exe] "C:\Program Files\Trend Micro\PC-cillin 2000\WebTrapNT.exe"
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [SureCleanProfessional] "C:\PROGRA~1\PANICW~1\SURECL~1\SRClean.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: HotSync Manager 2.0.lnk = C:\pilot\games\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Real-time Monitor.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lowrance.com/Software/Upgrades/..._170/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
O16 - DPF: {BDCA15A4-674E-4E67-B220-B0FEDADB7F71} - file://e|\ff99_web\codebase\imagebmp.cab
O16 - DPF: {DE8AF586-A5C6-400C-B8E0-B9F3A32246E2} - file://e|\ff99_web\codebase\imagejpg.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2000\Tmntsrv.exe

#14 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 07 December 2005 - 06:50 PM

Ill take that to mean,the online scan found nothing?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users