1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: comp switching off every few minutes

Discussion in 'Virus & Other Malware Removal' started by Amica, Apr 7, 2008.

Thread Status:
Not open for further replies.
Advertisement
  1. Amica

    Amica Thread Starter

    Joined:
    Apr 18, 2007
    Messages:
    29
    Hi Support

    for the last few days comp acting strange Avast found few viruses I wasent able to delet and I run Kaspersky online scan and few more was there , incl kaspersky scan , hijack . Despearet for help since comp is on and off all the time.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21.57.59, on 07/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Safe mode with network support

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmaildomini.aruba.it/cgi-bin/webmail.cgi
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
    O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Itunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [POEngine] "C:\Program Files\PokerOffice\POEngine.exe" C:\Program Files\PokerOffice
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-220523388-839522115-682003330-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Negozio Courmayeur')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Poker.com - {4f34c291-5837-4f45-ade1-da5502c69fef} - C:\Documents and Settings\Pawel Dudnik\Start Menu\Programs\Poker.com\Poker.com.lnk (HKCU)
    O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Pawel Dudnik\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://62.149.165.3:4643/vz/rdp/msrdp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 9434 bytes
     
  2. Amica

    Amica Thread Starter

    Joined:
    Apr 18, 2007
    Messages:
    29
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Sunday, April 06, 2008 11:04:46 AM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 5/04/2008
    Kaspersky Anti-Virus database records: 615055
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: standard
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\

    Scan Statistics:
    Total number of scanned objects: 147140
    Number of viruses found: 23
    Number of infected objects: 391
    Number of suspicious objects: 0
    Duration of the scan process: 03:58:22

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Pawel Dudnik\Application Data\Microsoft\MSNLiveFav\LiveFavorites.xml Object is locked skipped
    C:\Documents and Settings\Pawel Dudnik\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Pawel Dudnik\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
    C:\Documents and Settings\Pawel Dudnik\Local Settings\Application Data\Ahead\Nero Home\bl.db-journal Object is locked skipped
    C:\Documents and Settings\Pawel Dudnik\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
    C:\Documents and Settings\Pawel Dudnik\Local Settings\Application Data\Ahead\Nero Home\is2.db-journal Object is locked skipped
    C:\Documents and Settings\Pawel Dudnik\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\Pawel Dudnik\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Pawel Dudnik\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Pawel Dudnik\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Pawel Dudnik\Local Settings\History\History.IE5\MSHist012008040520080406\index.dat Object is locked skipped
    C:\Documents and Settings\Pawel Dudnik\Local Settings\Temp\ mon054.log Object is locked skipped
    C:\Documents and Settings\Pawel Dudnik\Local Settings\Temp\~DF29C8.tmp Object is locked skipped
    C:\Documents and Settings\Pawel Dudnik\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Pawel Dudnik\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Pawel Dudnik\ntuser.dat Object is locked skipped
    C:\Documents and Settings\Pawel Dudnik\NTUSER.DAT.LOG Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
    C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
    C:\Program Files\PokerOffice\log\servicelog.txt Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP98\change.log Object is locked skipped
    C:\System Volume Information\_restore{8BF0DF50-3D20-4AB6-A63E-78FA5B3823F9}\RP79\A0040401.exe Infected: Trojan-Dropper.Win32.Joiner.ah skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{817193A6-4D33-40BD-8ED7-A6EE736AF424}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_5a4.dat Object is locked skipped
    C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
     
  3. Amica

    Amica Thread Starter

    Joined:
    Apr 18, 2007
    Messages:
    29
    D:\RECYCLER\S-1-5-21-1482476501-854245398-725345543-1003\Di1.ORG]\Crack\_install.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044688.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044689.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044690.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044691.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044692.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044693.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044694.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044695.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044696.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044697.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044698.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044699.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044700.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044701.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044702.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044703.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044704.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044705.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044706.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044707.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044708.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044709.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044710.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044711.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044713.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044714.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044715.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044716.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044717.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044718.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044719.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044722.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044724.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044725.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044726.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044727.exe Infected: Trojan-Downloader.Win32.Small.hka skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044728.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044729.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044730.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044731.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044732.exe Infected: Trojan.Win32.Qhost.aei skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044733.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044734.sys Infected: Trojan.Win32.Patched.ao skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044735.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044737.sys Infected: Trojan-Downloader.Win32.Agent.hbs skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044738.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044739.sys Infected: Trojan-Downloader.Win32.Diehard.dr skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044740.sys Infected: Email-Worm.Win32.Agent.l skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044741.sys Infected: Trojan.Win32.Patched.ao skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044743.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044745.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044747.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044749.exe Infected: Backdoor.Win32.Nepoe.s skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044750.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044751.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044754.dll Infected: Trojan.Win32.BHO.pr skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044755.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044756.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044757.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044758.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044759.exe Infected: Trojan.Win32.Qhost.aei skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044760.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044761.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044762.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044765.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044766.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044767.exe Infected: Backdoor.Win32.VanBot.ax skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044770.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044773.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044774.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044775.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044776.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044777.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044779.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044780.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044781.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044782.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044784.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044786.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044788.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044790.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044791.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044792.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044793.dll Infected: Packed.Win32.Klone.k skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044795.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044796.exe Infected: Trojan-Downloader.Win32.Small.hka skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044798.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044800.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044801.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044802.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044804.exe Infected: Email-Worm.Win32.Zhelatin.kq skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044805.exe Infected: Backdoor.Win32.VanBot.dt skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044806.sys Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044807.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044809.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044810.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044812.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044813.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044815.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044816.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044817.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044818.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044819.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044820.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044821.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044822.exe Infected: Trojan.Win32.Qhost.aei skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044823.exe Infected: Trojan-Downloader.Win32.Small.hka skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044824.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044825.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044826.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044828.exe Infected: Trojan-Downloader.Win32.Agent.fsc skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044829.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044830.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044831.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044832.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP96\A0044833.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0046596.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0046600.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0046609.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0046642.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0046661.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0046686.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0046710.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0046716.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0046722.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0046730.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0046734.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0046737.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0046761.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0046856.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0046858.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0046860.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0046889.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0046945.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0046965.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0046998.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0046999.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0047000.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0047001.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0047003.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0047004.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0047005.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0047006.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0047007.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0047008.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0047009.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP97\A0047012.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\System Volume Information\_restore{25C3BB31-A7B0-48CB-9FFD-D0BCC8E2CCAB}\RP98\change.log Object is locked skipped
     
  4. Amica

    Amica Thread Starter

    Joined:
    Apr 18, 2007
    Messages:
    29
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP143\A0007743.exe/stream/data0002 Infected: Trojan.Win32.Agent.ba skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP143\A0007743.exe/stream/data0003/data0002 Infected: Trojan.Win32.Krepper.ag skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP143\A0007743.exe/stream/data0003/data0004/data0004 Infected: Trojan-Downloader.Win32.IstBar.er skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP143\A0007743.exe/stream/data0003/data0004 Infected: Trojan-Downloader.Win32.IstBar.er skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP143\A0007743.exe/stream/data0003 Infected: Trojan-Downloader.Win32.IstBar.er skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP143\A0007743.exe/stream Infected: Trojan-Downloader.Win32.IstBar.er skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP143\A0007743.exe NSIS: infected - 6 skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP144\A0008538.sys Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP144\A0008539.sys Infected: Trojan.Win32.Patched.ao skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP144\A0008540.sys Infected: Trojan.Win32.Patched.ao skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP144\A0008545.sys Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP144\A0008546.sys Infected: Trojan.Win32.Patched.ao skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0009548.exe Infected: Backdoor.Win32.Nepoe.s skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0009549.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0009550.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0009551.sys Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0009552.sys Infected: Trojan.Win32.Patched.ao skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0009553.sys Infected: Trojan.Win32.Patched.ao skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0009555.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0010547.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0010548.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0010549.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0010550.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0011547.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0011548.exe Infected: Backdoor.Win32.Nepoe.s skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0011549.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0011550.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0011551.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0011552.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0011553.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0012546.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0012548.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0012549.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0012550.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0012551.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0012552.exe Infected: Backdoor.Win32.Nepoe.s skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0012553.exe Infected: Backdoor.Win32.Nepoe.s skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0012554.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0012557.sys Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0012558.sys Infected: Trojan.Win32.Patched.ao skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0012559.sys Infected: Trojan.Win32.Patched.ao skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0012561.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP145\A0012562.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0013546.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0013548.exe Infected: Backdoor.Win32.Nepoe.s skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0013549.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0013550.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0013551.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0013552.exe Infected: Backdoor.Win32.Nepoe.s skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0013553.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0013556.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0013557.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0013558.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0013559.sys Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0013560.sys Infected: Trojan.Win32.Patched.ao skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0013561.sys Infected: Trojan.Win32.Patched.ao skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0013563.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0013564.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0014546.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0014548.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0014549.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0014550.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0014551.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0014552.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0014553.exe Infected: Backdoor.Win32.Nepoe.s skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0014554.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0014555.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0014556.exe Infected: Backdoor.Win32.Nepoe.s skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0014559.sys Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0014560.sys Infected: Trojan.Win32.Patched.ao skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0014561.sys Infected: Trojan.Win32.Patched.ao skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0014563.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0014564.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0014568.sys Infected: Email-Worm.Win32.Agent.l skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015547.exe Infected: Backdoor.Win32.Nepoe.s skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015548.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015549.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015550.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015551.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015552.exe Infected: Backdoor.Win32.Nepoe.s skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015553.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015554.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015555.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015556.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015559.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015561.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015562.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015574.sys Infected: Email-Worm.Win32.Agent.l skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015600.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015601.exe Infected: Backdoor.Win32.Nepoe.s skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015602.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015603.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015604.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015605.exe Infected: Backdoor.Win32.Nepoe.s skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015606.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015607.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015608.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015611.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015612.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015613.sys Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015614.sys Infected: Trojan.Win32.Patched.ao skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015615.sys Infected: Trojan.Win32.Patched.ao skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015616.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015618.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP146\A0015622.sys Infected: Email-Worm.Win32.Agent.l skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0015625.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016600.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016601.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016602.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016603.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016604.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016605.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016606.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016607.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016610.sys Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016611.sys Infected: Trojan.Win32.Patched.ao skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016612.sys Infected: Trojan.Win32.Patched.ao skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016613.exe Infected: Backdoor.Win32.Nepoe.s skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016614.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016615.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016616.exe Infected: Backdoor.Win32.Nepoe.s skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016617.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016629.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016630.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016631.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016632.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016633.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016634.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016635.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016636.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016637.sys Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016638.sys Infected: Trojan.Win32.Patched.ao skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016639.sys Infected: Trojan.Win32.Patched.ao skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016640.exe Infected: Backdoor.Win32.Nepoe.s skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016641.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016642.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016643.exe Infected: Backdoor.Win32.Nepoe.s skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016644.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0016648.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0017629.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0017630.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0017631.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0017632.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0017633.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0017634.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0017635.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0017636.exe Infected: Virus.Win32.Trats.d skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0017637.sys Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0017638.sys Infected: Trojan.Win32.Patched.ao skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0017639.sys Infected: Trojan.Win32.Patched.ao skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0017641.exe Infected: Backdoor.Win32.Nepoe.s skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0017642.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0017643.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0017644.exe Infected: Backdoor.Win32.Nepoe.s skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0017645.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0017651.exe Infected: Backdoor.Win32.Nepoe.s skipped
    D:\System Volume Information\_restore{38EF54EE-BD7B-42D9-8155-71D735FEDB0B}\RP147\A0017652.sys Infected: Email-Worm.Win32.Agent.l skipped
     
  5. Amica

    Amica Thread Starter

    Joined:
    Apr 18, 2007
    Messages:
    29
    D:\WINDOWS\system32\cbxxuro.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\WINDOWS\system32\cdylwhnn .exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\WINDOWS\system32\cdylwhnn.exe Infected: Virus.Win32.Trats.d skipped
    D:\WINDOWS\system32\ceva.exe Infected: Trojan-Downloader.Win32.Small.hka skipped
    D:\WINDOWS\system32\cglh.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\WINDOWS\system32\Com\_install.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\WINDOWS\system32\csrs .exe Infected: Virus.Win32.Trats.d skipped
    D:\WINDOWS\system32\csrs.exe Infected: Virus.Win32.Trats.d skipped
    D:\WINDOWS\system32\dasd.exe Infected: Trojan.Win32.Qhost.aei skipped
    D:\WINDOWS\system32\ddcyvst.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\WINDOWS\system32\dllcache\tcpip.sys Infected: Trojan.Win32.Patched.ao skipped
    D:\WINDOWS\system32\dllcache\_install.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\WINDOWS\system32\drivers\Lor71.sys Infected: Trojan-Downloader.Win32.Agent.hbs skipped
    D:\WINDOWS\system32\drivers\Oqt13.sys Infected: Trojan-Downloader.Win32.Agent.ggt skipped
    D:\WINDOWS\system32\drivers\secdrv.sys Infected: Trojan-Downloader.Win32.Diehard.dr skipped
    D:\WINDOWS\system32\drivers\smtpdrv.sys Infected: Email-Worm.Win32.Agent.l skipped
    D:\WINDOWS\system32\drivers\tcpip.sys Infected: Trojan.Win32.Patched.ao skipped
    D:\WINDOWS\system32\ecyuhjb.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\WINDOWS\system32\efcbyvv.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\WINDOWS\system32\efcyxyw.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\WINDOWS\system32\explorer .exe Infected: Backdoor.Win32.Nepoe.s skipped
    D:\WINDOWS\system32\explorer.exe Infected: Virus.Win32.Trats.d skipped
    D:\WINDOWS\system32\fccaabc.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\WINDOWS\system32\fccyaxx.dll Infected: Trojan.Win32.BHO.pr skipped
    D:\WINDOWS\system32\firewall .exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\WINDOWS\system32\firewall.exe Infected: Virus.Win32.Trats.d skipped
    D:\WINDOWS\system32\fkcteaof .exe Infected: Virus.Win32.Trats.d skipped
    D:\WINDOWS\system32\fkcteaof.exe Infected: Virus.Win32.Trats.d skipped
    D:\WINDOWS\system32\fzbvqynw.exe Infected: Trojan.Win32.Qhost.aei skipped
    D:\WINDOWS\system32\gebbaww.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\WINDOWS\system32\gxzr.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\WINDOWS\system32\hggdcay.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\WINDOWS\system32\iexplore .exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\WINDOWS\system32\iexplore.exe Infected: Virus.Win32.Trats.d skipped
    D:\WINDOWS\system32\ihhbtcg.exe Infected: Backdoor.Win32.VanBot.ax skipped
    D:\WINDOWS\system32\Isass.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\WINDOWS\system32\khfghhf.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\WINDOWS\system32\klkgcxh.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\WINDOWS\system32\letbkt.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\WINDOWS\system32\lfylyt.exe Infected: Virus.Win32.Trats.d skipped
    D:\WINDOWS\system32\lgemyji.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\WINDOWS\system32\ljjkkhe.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\WINDOWS\system32\lkao.exe Infected: Virus.Win32.Trats.d skipped
    D:\WINDOWS\system32\lssas .exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\WINDOWS\system32\lssas.exe Infected: Virus.Win32.Trats.d skipped
    D:\WINDOWS\system32\mwld.exe Infected: Virus.Win32.Trats.d skipped
    D:\WINDOWS\system32\npp\_install.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\WINDOWS\system32\oobe\_install.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\WINDOWS\system32\opnolml.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\WINDOWS\system32\opnopol.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\WINDOWS\system32\oprcfd.exe Infected: Backdoor.Win32.Agent.bxz skipped
    D:\WINDOWS\system32\pmkjgfe.dll Infected: Packed.Win32.Klone.k skipped
    D:\WINDOWS\system32\pmnnm.exe Infected: Virus.Win32.Trats.d skipped
    D:\WINDOWS\system32\pvwngf.exe Infected: Trojan-Downloader.Win32.Small.hka skipped
    D:\WINDOWS\system32\qgma.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\WINDOWS\system32\qomlkjh.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\WINDOWS\system32\qsnm.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\WINDOWS\system32\Restore\_install.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\WINDOWS\system32\rhwvibsd.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\WINDOWS\system32\sdhfsd.exe Infected: Email-Worm.Win32.Zhelatin.kq skipped
    D:\WINDOWS\system32\spooIsv.exe Infected: Backdoor.Win32.VanBot.dt skipped
    D:\WINDOWS\system32\spooldr.sys Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\WINDOWS\system32\ssqonnn.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\WINDOWS\system32\teej.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\WINDOWS\system32\ttuoaj.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\WINDOWS\system32\tuvwxww.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\WINDOWS\system32\ulqtxa.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\WINDOWS\system32\usmt\_install.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\WINDOWS\system32\vtusqom.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\WINDOWS\system32\wbem\_install.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\WINDOWS\system32\whtjol.exe Infected: Trojan-Proxy.Win32.Agent.mf skipped
    D:\WINDOWS\system32\wmvwwx .exe Infected: Virus.Win32.Trats.d skipped
    D:\WINDOWS\system32\wmvwwx.exe Infected: Virus.Win32.Trats.d skipped
    D:\WINDOWS\system32\wvuuuvt.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\WINDOWS\system32\xckhaj.exe Infected: Trojan.Win32.Qhost.aei skipped
    D:\WINDOWS\system32\xgppimhl.exe Infected: Trojan-Downloader.Win32.Small.hka skipped
    D:\WINDOWS\system32\xxyvttu.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\WINDOWS\system32\xxyyxvs.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\WINDOWS\system32\yayyvvu.dll Infected: Trojan-Downloader.Win32.Small.hje skipped
    D:\WINDOWS\system32\yiqka.exe Infected: Trojan-Downloader.Win32.Agent.fsc skipped
    D:\WINDOWS\system32\zekekuf.exe Infected: Virus.Win32.Trats.d skipped
    D:\WINDOWS\system32\zprck .exe Infected: Virus.Win32.Trats.d skipped
    D:\WINDOWS\system32\zprck.exe Infected: Virus.Win32.Trats.d skipped
    D:\WINDOWS\system32\_install.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped
    D:\WINDOWS\_install.exe Infected: Email-Worm.Win32.Zhelatin.ki skipped

    Scan process completed.
     
  6. Amica

    Amica Thread Starter

    Joined:
    Apr 18, 2007
    Messages:
    29
    also dss files included.
     

    Attached Files:

  7. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Click here to download Dr.Web CureIt and save it to your desktop.
    • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
    • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
    • Once the short scan has finished, mark the drives that you want to scan.
    • Select all drives. A red dot shows which drives have been chosen.
    • Click the green arrow at the right, and the scan will start.
    • Click 'Yes to all' if it asks if you want to cure/move the file.
    • When the scan has finished, look if you can click next icon next to the files found: [​IMG]
    • If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
      [​IMG]
      This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
    • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
    • Save the report to your desktop. The report will be called DrWeb.csv
    • Close Dr.Web Cureit.
    • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
    • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new Hijack This log.
     
  8. Amica

    Amica Thread Starter

    Joined:
    Apr 18, 2007
    Messages:
    29
    Hi Cybertech,

    First of all thx so much 4your help. In few words °à#&%$£ what happened to my computer !!! Im always extra careful and BUM 443files infected!! I got that computer like few months back and was in bad condition. I reinstaled windows on drive C and was going not so bad till last week. I didnt even know that folder WINDOWS existed on drive D ??? is it pos. that all that viruses was hiding there? any way including new hijack log and screen of Dr.web

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11.14.25, on 10/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\bcmwltry.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Itunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\PokerOffice\bin\javaw.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Alwil Software\Avast4\setup\avast.setup
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmaildomini.aruba.it/cgi-bin/webmail.cgi
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
    O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Itunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [POEngine] "C:\Program Files\PokerOffice\POEngine.exe" C:\Program Files\PokerOffice
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Poker.com - {4f34c291-5837-4f45-ade1-da5502c69fef} - C:\Documents and Settings\Pawel Dudnik\Start Menu\Programs\Poker.com\Poker.com.lnk (HKCU)
    O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Pawel Dudnik\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://62.149.165.3:4643/vz/rdp/msrdp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 10307 bytes

    and DrWeb log but its very short?

    scroll[1].js C:\Documents and Settings\Pawel Dudnik\Local Settings\Temporary Internet Files\Content.IE5\0M9XMYDA Modification of VBS.Req Moved.
    073c0e537419276dc2039f31729ca568_1[1].js C:\Documents and Settings\Pawel Dudnik\Local Settings\Temporary Internet Files\Content.IE5\P0XDDJVK Probably SCRIPT.Virus
     

    Attached Files:

  9. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    The D drive could have been a cd or thumb drive, etc if you do not have a physical D drive.


    Use Secunia software inspector & update checker to update your java and any other out of date applications.

    Also go to add/remove programs and remove all old versions of Java.





    Run HJT again and put a check in the following:

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O9 - Extra button: Poker.com - {4f34c291-5837-4f45-ade1-da5502c69fef} - C:\Documents and Settings\Pawel Dudnik\Start Menu\Programs\Poker.com\Poker.com.lnk (HKCU)
    O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Pawel Dudnik\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (HKCU)

    Close all applications and browser windows before you click "fix checked".


    How is it running now? Any problems?
     
  10. Amica

    Amica Thread Starter

    Joined:
    Apr 18, 2007
    Messages:
    29
    its running ok right now , no turn off's and other wired stuff but gone run your adv first
     
  11. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    OK, post a new hijackthis log when you can.
     
  12. Amica

    Amica Thread Starter

    Joined:
    Apr 18, 2007
    Messages:
    29
    here is latest scan log:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21.54.54, on 10/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\bcmwltry.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Itunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\PokerOffice\bin\javaw.exe
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\hphmon05.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmaildomini.aruba.it/cgi-bin/webmail.cgi
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
    O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "D:\Itunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [POEngine] "C:\Program Files\PokerOffice\POEngine.exe" C:\Program Files\PokerOffice
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
    O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://62.149.165.3:4643/vz/rdp/msrdp.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin3.valueactive.com/Register/Branding/olr3313/OCX/v1018/flashax.cab
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 9750 bytes

    can I permanently remove folder "WINDOWS" and "documents and settings" from my D: drive since prob that are remainings from previouse instalation?
     
  13. Amica

    Amica Thread Starter

    Joined:
    Apr 18, 2007
    Messages:
    29
    little bump befor gone go to bed ;)
     
  14. cybertech

    cybertech Retired Moderator

    Joined:
    Apr 16, 2002
    Messages:
    72,115
    Your Java is out of date. Use Secunia software inspector & update checker and remove all old versions from add/remove programs.

    Everything else looks good.

    Did you figure out what the D: drive is? Is there anything there that you need?
     
  15. Amica

    Amica Thread Starter

    Joined:
    Apr 18, 2007
    Messages:
    29
    I did, its a second partition and I really dont need most of the stuff there , java just updated by secunia!!
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/701348

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice