Member Avatar for frustratedpc

First of all, anyone who is reading this, I give my gratitude to, especially during the holiday season.

I've been having problems with Trojans on my computer. Last Friday, a window opened which I recognized as an attempt by spyware to get me to download fake "anti-spyware." So, I ran a scan with Malwarebytes' Anti-Malware.

It revealed there were ten Trojans. I tried to remove them, but they were stubborn and it didn't work.

The next time I booted my computer, I got to the Windows desktop (I use Windows XP Media Center Edititon), but it restarted automatically.

Ever since then, whenever I boot, a blue page opens up saying that a problem has been detected on your computer and the computer has been shut down to protect my files, or something to that effect. There is also much technical information filling up the rest of the page. The computer then proceeds to restart.

When I use the Last Known Good Configuration, the desktop shows up, but then proceeds to restart.

I cannot access Safe Mode. When I try, I'm brought to a black screen, that says something like "We are sorry for the inconvenience, but Windows did not start normally."

I am kind of at a loss. Since I cant access the administrator account where I saved the logs, I can't post them.

Surprisingly enough, I recently tried to access the Guest account, using Last Known Good Configuration, and it didn't shut down. However, when I ran Malwarebytes' Anti-Malware, it revealed there were 30 infected files, most of them Trojans! When I tried to remove them, the program experienced an error and shut down.

If anyone has any ideas, or can help, again, I greatly appreciate it.
Also, I am wondering if it would be safe to disable the automatic restart on my computer, since it is becoming a hassle.

Thank You

  • 5 Contributors
  • 16 Replies
  • 346 Views
  • 2 Weeks Discussion Span
  • Latest Post Latest Post by jholland1964

Recommended Answers

All 16 Replies

Member Avatar for frustratedpc

P.S. Sorry for the long post!

Member Avatar for jholland1964

You should have waited for an answer in this thread rather than making another thread. I posted the answer THERE

Here's How for XP, you didn't state which OS you are running:

1.Navigate to the Control Panel in Windows XP by left-clicking on Start, followed by Settings and then choosing Control Panel.
2.In the Control Panel window, open System.

Note: In Microsoft Windows XP, depending on how your operating system is setup, you may not see the System icon. To correct this, click on the link on the left-hand side of the Control Panel window that says Switch to Classic View.

3.In the System Properties window, click on the Advanced tab.
4.Locate the Startup and Recovery area and click on the Settings button.
5.In the Startup and Recovery window, locate and uncheck the check box next to Automatically

If this helps then please come back to this thread and continue with your problem. Don't post back in that one.

Member Avatar for necrolin

You should have waited for an answer in this thread rather than making another thread. I posted the answer THERE

If this helps then please come back to this thread and continue with your problem. Don't post back in that one.

How can he navigate to the control panel if he can't boot his computer?:-/

I think that the obvious answer would be that your antimalware program deleted or corrupted a file that windows needs to boot/run. Some possible answers:

1) If you're running on a laptop then you may have a "rescue utility" that will restore your Windows to a healthy state with or without deleting your files. I know the HP utility can be run without overwriting your personal files.

2) Between the error message and error number (0x......) you may be able to get enough information to recover what is wrong from your original Windows CD. Google the error number. There's also an article you can read here that offers some tips on troubleshooting blue screens of death.

3) Unless you have some really valuable data on the computer it may save you time and stress to simply reinstall. Even if you spend the time rescuing your PC you'll probably just end up with a virus infected PC at the end of the day anyway. Why not just start fresh?

Member Avatar for jholland1964

He all ready said he can log on using a Guest Account. He can attempt this using that.

Member Avatar for necrolin

He all ready said he can log on using a Guest Account. He can attempt this using that.

Sorry, missed that part. :$

Member Avatar for jholland1964

Sorry, missed that part. :$

That's ok.
One other thing you said though I have to disagree with;

I think that the obvious answer would be that your antimalware program deleted or corrupted a file that windows needs to boot/run.

It is very unlikely that MBA-M deleted or corrupted a file. It is more likely this was done by the infections. He said his initial scan revealed 10 Trojans which were not removed, or he felt they were not removed, then when he was able to do the next scan there were 30 infected files so there certainly is a good chance of a rootkit on the computer which may have installed a "backdoor" to the computer and thus brought in more infections. Any or all of these could very likely damage system files.

You are correct in your assessment that a reinstall may be something to consider. However we always try to give posters every option possible to try to remove infections and then instructions to repair if possible before recommending a total reformat and reinstall. Though of course sometimes this is just not possible. But we do try.

Member Avatar for frustratedpc

Thanks for all the advice, jholland and everyone. And I apologize, in the future I will simply reply to the thread that I made, not start a new one.

Anyway, I will try to disable automatic system restore, if I can get to it. It seems the Guest account access was a one-time deal, as I can't get to it now.

Other than that, I will see what I can do to solve the error through Google and the Windows CD.

I know it may be too soon to consider this, but how exactly do you reinstall or reformat a PC?

Thanks again for your help. I will post after I've tried these steps.

Member Avatar for jholland1964

how exactly do you reinstall or reformat a PC?

You still didn't state what operating system you have.
Here are a few sites which give instructions, hopefully you have all the disks which came with the PC or hopefully it came with CD's. Some do not today and this can make it a bit more difficult because you must try to use the Recovery Partition.
In addition to the operating system, you will have to install all the drivers for the computer, all the software you currently have installed along with any updates you have done since you got the computer. I have to warn you, you WILL lose anything you have actually stored on the computer when you wipe the drive, pictures, documents, music, etc.

Reformat and Reload.

Reformatting

Member Avatar for frustratedpc

I have had some luck with the computer. I was able to access my administrator account and run ATF - Cleaner, MBA-M, and DSS.

I was, however, unable to enable the viewing of hidden files. When I opened My Computer, and clicked on Tools, the only items in the menu were Map Network Drive, Disconneect Network Drive, and Synchronize.

I also, for some reason, could not run the MS Windows Malicious Software Removal Tool. When I tried, a window popped up, titled "Extraction Failed", and saying "The operation completed successfully."

As far as ESET Online Scanner, I was able to run it. However, it removed the threats that it found, and stopped responding when I asked for a ScanLog. Now, it is difficult for me to open applications, since I am asked to choose which program to use to open them, and Firefox is either working slow or not at all. I was able to circumvent the prompt and open applications by downloading this:

exefix_xp.com

My computer still runs slow all around, so I wonder if the computer is free of malware or not. If anyone can look at my scan logs from MBA-M and DSS and give me some advice, I would really appreciate it!

Deckard's System Scanner v20071014.68
Run by Baha Safadi on 2009-07-08 22:20:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Baha Safadi.exe) -----------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:00 PM, on 7/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\avast!Antivirus.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\BAHASA~1\LOCALS~1\Temp\155.exe
C:\WINDOWS\System32\reader_s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Documents and Settings\Baha Safadi\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\BAHASA~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://safesearch.cyberdefender.com/smallsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: (no name) - ~EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - ~00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
F3 - REG:win.ini: load=C:\WINDOWS\system32\mszpgtx.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\msvlseqp.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\smss.exe
O2 - BHO: C:\WINDOWS\system32\gsf83iujid.dll - {d76ab2a1-00f3-42bd-f434-00bbc39c8953} - C:\WINDOWS\system32\gsf83iujid.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Verizon_McciTrayApp] "C:\Program Files\Verizon\McciTrayApp.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [SBRegRebootCleaner] C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [sysldtray] C:\windows\ld12.exe
O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe
O4 - HKLM\..\Run: [pp] C:\windows\pp10.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [FlashMute] C:\Program Files\FlashMute\FlashMute.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [] C:\DOCUME~1\BAHASA~1\LOCALS~1\Temp\jd22ac.exe
O4 - HKCU\..\Run: [hsf7husjnfg98gi498aejhiugjkdg4] C:\DOCUME~1\BAHASA~1\LOCALS~1\Temp\rs2iin2km.exe
O4 - HKCU\..\Run: [Cognac] C:\DOCUME~1\BAHASA~1\LOCALS~1\Temp\b.exe
O4 - HKCU\..\Run: [12CFG515-K641-55SF-N66P] C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe
O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\Baha Safadi\reader_s.exe
O4 - HKCU\..\Run: [Baha Safadi] C:\Documents and Settings\Baha Safadi\Baha Safadi.exe /i
O4 - HKCU\..\Run: [Windows System Recover!] C:\DOCUME~1\BAHASA~1\LOCALS~1\Temp\setup.exe
O4 - HKLM\..\Policies\Explorer\Run: [exec] C:\WINDOWS\system32\msarmj.exe
O4 - Startup: ihaupd32.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &aol toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCommon/download/DSL/tgctlcm.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player/install/installer.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: __c003ef33 - C:\WINDOWS\system32\__c003EF33.dat
O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - (no file)
O22 - SharedTaskScheduler: rtasgvfu76ew8ndkfno94 - {D76AB2A1-00F3-42BD-F434-00BBC39C8953} - C:\WINDOWS\system32\gsf83iujid.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast!antivirus - Unknown owner - C:\WINDOWS\System32\avast!Antivirus.exe
O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - C:\WINDOWS\
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lich - Unknown owner - C:\WINDOWS\system32\lich.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: sopidkc Service (sopidkc) - Unknown owner - C:\WINDOWS\system32\sopidkc.exe (file missing)
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Unknown owner - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe (file missing)
O23 - Service: Automatic Updates (wuauserv) - Unknown owner - C:\WINDOWS\

--
End of file - 10061 bytes

-- Files created between 2009-06-08 and 2009-07-08 -----------------------------

2009-07-08 22:12:13 0 --a------ C:\ckxd.exe
2009-07-08 14:54:11 36864 --a------ C:\WINDOWS\system32\avast!Antivirus.exe
2009-07-08 13:55:17 76288 --a------ C:\mkvknro.exe
2009-07-08 13:55:05 2470 --a------ C:\furvsh.exe
2009-07-08 13:55:03 52225 --a------ C:\WINDOWS\system32\reader_s.exe <Not Verified; ?????????? ??????????; ???????????? ??????? Microsoft® Windows®>
2009-07-08 13:55:03 52225 --a------ C:\Documents and Settings\Baha Safadi\reader_s.exe <Not Verified; ?????????? ??????????; ???????????? ??????? Microsoft® Windows®>
2009-07-08 13:54:54 205364 --a------ C:\illhtee.exe
2009-07-08 13:54:24 76288 --a------ C:\Documents and Settings\Baha Safadi\nah_mtec.exe
2009-07-08 13:05:55 52225 --a------ C:\Documents and Settings\Guest\reader_s.exe <Not Verified; ?????????? ??????????; ???????????? ??????? Microsoft® Windows®>
2009-07-08 13:03:48 7 --a------ C:\WINDOWS\system32\comsa32.sys
2009-07-08 10:16:36 39424 --a------ C:\WINDOWS\system32\drivers\smss.exe <Not Verified; NAXAV Software; @DVVAR@ p0dmen@>
2009-07-08 10:16:24 24576 --a------ C:\scfsiab.exe
2009-07-08 10:16:24 7680 --a------ C:\ohhvpdqo.exe
2009-07-08 09:52:46 61440 --a------ C:\WINDOWS\system32\drivers\gnkb.sys
2009-07-08 08:34:32 0 d-------- C:\3a5ce95a3ab5d10beb324b
2009-07-08 08:23:00 40448 ---h----- C:\Documents and Settings\Baha Safadi\Baha Safadi.exe <Not Verified; Wbbylaj Sajhubudcjz; Mtulutezoz efuzj>
2009-07-08 08:21:42 46 --a------ C:\p2hhr.bat
2009-07-08 08:17:21 1952 --a------ C:\WINDOWS\system32\drivers\aec.sys
2009-07-07 13:17:11 122880 --a------ C:\WINDOWS\msc.exe


-- Find3M Report ---------------------------------------------------------------

2009-07-08 13:55:17 2 --a------ C:\-999874908
2009-07-08 13:55:01 96768 --a------ C:\stfqqym.exe
2009-07-08 13:54:48 15000 --a------ C:\WINDOWS\system32\gsf83iujid.dll
2009-07-08 11:49:19 1959 --a------ C:\xcrashdump.dat
2009-07-08 11:15:25 0 d-------- C:\Program Files\drv
2009-07-08 10:48:35 0 d-------- C:\Program Files\MSN Messenger
2009-07-08 09:52:46 2660 --a------ C:\Program Files\usltfgtn.txt
2009-07-08 08:50:20 28160 -----n--- C:\WINDOWS\system32\__c003EF33.dat
2009-07-08 08:19:38 8 --a------ C:\Documents and Settings\Baha Safadi\Application Data\wiaserva.log
2009-07-08 08:19:10 0 d-------- C:\Documents and Settings\Baha Safadi\Application Data\Skype
2009-07-06 17:15:49 0 -----n--- C:\WINDOWS\system32\lich.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d76ab2a1-00f3-42bd-f434-00bbc39c8953}]
07/08/2009 01:54 PM 15000 --a------ C:\WINDOWS\system32\gsf83iujid.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [04/10/2002 05:44 PM]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/07/2005 12:46 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [01/09/2007 09:28 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 10:36 AM]
"Verizon_McciTrayApp"="C:\Program Files\Verizon\McciTrayApp.exe" [09/28/2007 02:30 PM]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [03/11/2007 10:34 PM]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [09/24/2001 10:39 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [12/16/2007 06:29 PM]
"SBRegRebootCleaner"="C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe" []
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [08/24/2008 08:42 AM]
"ATIPTA"="atiptaxx.exe" [12/20/2001 10:04 PM C:\WINDOWS\system32\atiptaxx.exe]
"sysldtray"="C:\windows\ld12.exe" []
"reader_s"="C:\WINDOWS\System32\reader_s.exe" [07/08/2009 10:10 PM]
"pp"="C:\windows\pp10.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [11/30/2006 10:49 PM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [01/19/2007 01:54 PM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/03/2004 10:56 PM]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"MyWebSearch Email Plugin"="C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe" []
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [11/19/2004 01:54 PM]
"FlashMute"="C:\Program Files\FlashMute\FlashMute.exe" [03/11/2006 03:49 PM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [12/18/2006 06:32 PM]
"@"="C:\DOCUME~1\BAHASA~1\LOCALS~1\Temp\jd22ac.exe" []
"hsf7husjnfg98gi498aejhiugjkdg4"="C:\DOCUME~1\BAHASA~1\LOCALS~1\Temp\rs2iin2km.exe" []
"Cognac"="C:\DOCUME~1\BAHASA~1\LOCALS~1\Temp\b.exe" []
"12CFG515-K641-55SF-N66P"="C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe" [07/08/2009 10:10 PM]
"reader_s"="C:\Documents and Settings\Baha Safadi\reader_s.exe" [07/08/2009 10:10 PM]
"Baha Safadi"="C:\Documents and Settings\Baha Safadi\Baha Safadi.exe" [07/08/2009 08:19 AM]
"Windows System Recover!"="C:\DOCUME~1\BAHASA~1\LOCALS~1\Temp\setup.exe" [07/08/2009 04:04 PM]

C:\Documents and Settings\Baha Safadi\Start Menu\Programs\Startup\
ihaupd32.exe [8/3/2004 10:56:56 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [3/11/2007 10:26:24 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"=1 (0x1)
"DisableRegistryTools"=1 (0x1)
"NoDispBackgroundPage"=0 (0x0)
"NoDispScrSavPage"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"exec"=C:\WINDOWS\system32\msarmj.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderOptions"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{D76AB2A1-00F3-42BD-F434-00BBC39C8953}"= C:\WINDOWS\system32\gsf83iujid.dll [07/08/2009 01:54 PM 15000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\smss.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\__c003ef33]
C:\WINDOWS\system32\__c003EF33.dat 07/08/2009 08:50 AM 28160 C:\WINDOWS\system32\__c003EF33.dat

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\dailybucks_install.exe]
Debugger=C:\DOCUME~1\BAHASA~1\LOCALS~1\Temp\db.EXE

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll schannel.dll digest.dll msnsspc.dll

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt hpqcxs08 hpqddsvc
drv drv

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
msncache


-- End of Deckard's System Scanner: finished at 2009-07-08 22:21:59 ------------

Malwarebytes' Anti-Malware 1.25
Database version: 1078
Windows 5.1.2600 Service Pack 2

9:50:37 AM 7/8/2009
mbam-log-07-08-2009 (09-50-37).txt

Scan type: Full Scan (A:\|C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 109324
Time elapsed: 49 minute(s), 16 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 1
Registry Keys Infected: 5
Registry Values Infected: 8
Registry Data Items Infected: 4
Folders Infected: 0
Files Infected: 25

Memory Processes Infected:
C:\WINDOWS\Fonts\services.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.
C:\WINDOWS\system32\drivers\smss.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\__c003EF33.dat (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c003ef33 (Trojan.Vundo) -> Delete on reboot.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Zlob.H) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00fdd7433.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f133bc4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f2354e.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\a00f2c5c7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows system recover! (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lowriskfiletypes (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Heuristics.Reserved.Word.Exploit) -> Data: c:\windows\system32\drivers\smss.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Heuristics.Reserved.Word.Exploit) -> Data: system32\drivers\smss.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\gsf83iujid.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\kkfwg.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Baha Safadi\Local Settings\Temporary Internet Files\Content.IE5\A2HOG3FE\flvjj[1].htm (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Baha Safadi\Local Settings\Temp\_A00FDD7433.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Baha Safadi\Local Settings\Temp\_A00F133BC4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Baha Safadi\Local Settings\Temp\_A00F2354E.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Baha Safadi\Local Settings\Temp\_A00F2C5C7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\comsa32.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Baha Safadi\Local Settings\Temp\spoolsv.exe (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\__c003EF33.dat (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\__c007FE0C.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00909A0.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00DFD56.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\__c00E4496.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lich.dat (Stolen.Data) -> Delete on reboot.
C:\WINDOWS\sysguard.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Baha Safadi\Local Settings\Temp\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Guest\Local Settings\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Baha Safadi\Local Settings\Temp\taskmgr.exe (Trojan.Downloader) -> Delete on reboot.
C:\Documents and Settings\Guest\Local Settings\Temp\winlogon.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Baha Safadi\Local Settings\Temp\winlogon.exe (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Fonts\services.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\smss.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


Thank You!

Member Avatar for jholland1964

You are running MBA-M that is WAY out of date. Nobody told you to run the DSS scanner.

Member Avatar for auggietop

Hi All, I am new to this forum, as of today, 2009-07-13.
I have a trojan problem on my laptop.

Hey thanks for posting that DSS scan. Maybe you weren't supposed to, but that scan is why I am here.

I installed an antivirus program.
Yes, I don't normally run an antivirus.
Any way it came down to this scan that was posted and Google found in this post.

2009-07-08 08:23:00 40448 ---h----- C:\Documents and Settings\Baha Safadi\Baha Safadi.exe <Not Verified; Wbbylaj Sajhubudcjz; Mtulutezoz efuzj>

I have the same exe file, with a myname.exe name ( yours is Baha Safadi.exe ), but all that Wbb... stuff is the same, and it was created on the same date as when myname.exe was created. 2009-07-08.
I found this trojan using IoBit.com Security 360 scanner (free) and is in beta2.0.

The name Wbb... was in the properties of the exe file, and searching for the wbb.. name found this scan.
My pc was trying to run a .tmp file, BN**.tmp, like BN33.tmp. and it was not running but geting an error message and I was seeing the error message. Thus the install of the antivirus program, and then SpyBot SearchandDestroy. SpyBot did not find the myname.exe file and the antivirus, Avast, didn't either, but Avast was flaging the continued install of a trojan that was always having the name changed. e.g. BN33.tmp, BN162.tmp, BNF2.tmp and this has been going on for two days, about every 2 to 4 minutes. The time varies.

I haven't attempted a removal of the trojan file. as I wanted see if I found other info on this trojan. This post and one other were found by Google.

Auggietop

Member Avatar for auggietop

Hi ALL,

Following up on my post made about "myname.exe" and the results of the use of IoBit.com Security 360 Scanner, which I made earlier today, about an hour ago.

It worked. Removed myname.exe and some other stuff in the Windows Reg file. Maybe the the other stuff, rootkits and more, were causing my laptop problem, but its fixed now.

Avast antivirus is working and has not detected the BN**.tmp file creation.

I also installed the IoBit "Advanced System Care" (free) and ran it to look at my laptop's security and other things it could find.
It worked too. The ASC wanted to remove some files, which I reviewed first and did not allow those files to be removed. But otherwise I let it do its thing and it seems to have worked.

My laptop starts up faster and shuts down much faster. Shutdown was at about 2 minutes and now is about 30 seconds.
Auggietop

Member Avatar for frustratedpc

Sorry for the outdated MBA- M. I just used the one I'd downloaded a while ago. I would've downloaded the new one, but my adminstrator account has been rejecting opening.

I actually posted the DSS scan because of what I read in "Read me before posting a request for assistance" that asked to submit a DSS log with the post for assistance. I wasn't able to before.

Anyway, I'll try to download and run MBA- M on the admin account if and when I get the chance. I wanted to comment on a recent problem I've been having. Windows XP security (or something) keeps popping up and telling me that it's detected a Trojan Keylogger Win32 agent. I need to get rid of this as soon as possible. Also, a message pops up from the taskbar saying that someone is trying to transfer private data via the internet, to a remote host.

Other than that, it's pretty clear I still have other malware on the PC. There are occasional pop-ups, and my browsers have been running slower than usual, or not at all. Any advice is still greatly appreciated.

Member Avatar for crunchie

That DSS scan looks like it was run last year? Without updating, MBA-M is next to useless in removing the latest infections.

Member Avatar for frustratedpc

Hi again, anyone who's been patient enough to wait for me to post again!

I was finally able to run MBA-M, and I have the log for it. If someone could take a look and tell me what steps I should take to further clean and protect my PC, I would appreciate it.

Malwarebytes' Anti-Malware 1.39
Database version: 2498
Windows 5.1.2600 Service Pack 2

7/25/2009 8:42:12 AM
mbam-log-2009-07-25 (08-42-11).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 153196
Time elapsed: 29 minute(s), 46 second(s)

Memory Processes Infected: 23
Memory Modules Infected: 4
Registry Keys Infected: 62
Registry Values Infected: 45
Registry Data Items Infected: 12
Folders Infected: 2
Files Infected: 1173

Memory Processes Infected:
C:\WINDOWS\system32\drivers\smss.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\WINDOWS\system32\reader_s.exe (Trojan.Cutwail) -> Unloaded process successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\winlogon.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\Documents and Settings\Guest\reader_s.exe (Trojan.Cutwail) -> Unloaded process successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\b.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\zuljbfhv.exe (Rogue.AntiVirusBest) -> Unloaded process successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\login.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\e.exe (Trojan.FakeAlert) -> Unloaded process successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\taskmgr.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\zuljbfhv.exe (Rogue.AntiVirusBest) -> Unloaded process successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\notepad.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\csrss.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\zuljbfhv.exe (Rogue.AntiVirusBest) -> Unloaded process successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\debug.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\lsass.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\system.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS\system32\avast!Antivirus.exe (Trojan.Downloader) -> Unloaded process successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\smss.exe (Trojan.Dropper) -> Unloaded process successfully.
C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\824.exe (TrojanProxy.Slenugga) -> Unloaded process successfully.
C:\WINDOWS\Fonts\services.exe (Trojan.Agent) -> Unloaded process successfully.
C:\WINDOWS\system32\bndmss.exe (Backdoor.Bot) -> Unloaded process successfully.
C:\WINDOWS\ld12.exe (Worm.KoobFace) -> Unloaded process successfully.

Memory Modules Infected:
C:\WINDOWS\system32\gsf83iujid.dll (Trojan.Ertfor) -> Delete on reboot.
C:\WINDOWS\system32\MSWINSCK.OCX (Worm.Nyxem) -> Delete on reboot.
c:\WINDOWS\system32\Iasv32.dll (Trojan.Agent) -> Delete on reboot.
c:\program files\drv\drv.dll (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Ertfor) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{248dd890-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{248dd892-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{248dd893-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{248dd896-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{248dd897-bb45-11cf-9abc-0080c7e7b78d} (Worm.Nyxem) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sopidkc (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sopidkc (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sopidkc (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sopidkc (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sopidkc (Backdoor.Bot) -> Delete on reboot.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8567edfa-408c-43e9-b929-4c25c04f5003} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CLASSES_ROOT\Typelib\{f3d0c92a-2063-2a0d-9256-05e3846d38b0} (Trojan.FakeAlert) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Delete on reboot.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Delete on reboot.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dailybucks_install.exe (Rogue.SystemSecurity) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\install.exe (Trojan.Dropper) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Trojan.Dropper) -> Delete on reboot.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\port135sik (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\securentm (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\msncache (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msncache (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msncache (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msncache (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\msncache (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c003ef33 (Trojan.Vundo) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Systemntmi (Rootkit.Spamtool) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\gvtl (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\AGprotect (Malware.Trace) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BNDMSS (Trojan.Backdoor) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bndmss (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\bndmss (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\bndmss (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\avast!AntiVirus (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\XP Deluxe Protector (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ias (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ias (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ias (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pcmstub (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drv (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\drv (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\drv (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\drv (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drv (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\drvdrv (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_DRVDRV (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_DRV (Trojan.Agent) -> Delete on reboot.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{d76ab2a1-00f3-42bd-f434-00bbc39c8953} (Trojan.Ertfor) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Cutwail) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\reader_s (Trojan.Cutwail) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\12cfg515-k641-55sf-n66p (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\exec (Spyware.Passwords) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00a6faf6-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping\{9034a523-d068-4be8-a284-9df278be776e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf7husjnfg98gi498aejhiugjkdg4 (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pp (Malware.Trace) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lyoyo (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pdayizo (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysldtray (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\taskman (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\userinit (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Cognac (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\scui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\don't load\wscui.cpl (Hijack.SecurityCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ColdWare (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows network data management system service (Backdoor.Bot) -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows network data management system service (Backdoor.Bot) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xpprotect (Rogue.DeluxeProtector) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nah_Shell (Trojan.Hanam) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows System Recover! (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\BuildW (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\FirstInstallFlag (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\guid (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\i (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mms (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\mso (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\udso (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\uid (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Ulrn (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\Update (Malware.Trace) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WBEM\UpdateNew (Malware.Trace) -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\defender32.exe (Trojan.Downloader) -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Delete on reboot.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Delete on reboot.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load (Trojan.Agent) -> Delete on reboot.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\drv (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\braviax (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Downloader) -> Data: c:\windows\system32\drivers\smss.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Downloader) -> Data: system32\drivers\smss.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\sdra64.exe -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\drivers\smss.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.bat\(default) (Hijacked.BatFile) -> Bad: (csfile) Good: (batfile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.com\(default) (Hijacked.ComFile) -> Bad: (csfile) Good: (comfile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.exe\(default) (Hijacked.exeFile) -> Bad: (csfile) Good: (exefile) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7998DC37-D3FE-487C-A60A-7701FCC70CC6}\InprocServer32\(default) (Hijack.Repdrvfs) -> Bad: (\\?\globalroot\systemroot\installer\5bc81.msi) Good: (repdrvfs.dll) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{46c166aa-3108-11d4-9348-00c04f8eeb71}\inprocserver32\(default) (Hijack.Hnetcfg) -> Bad: (\\?\globalroot\systemroot\installer\143ed79.msi) Good: (hnetcfg.dll) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556 (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\system32\lowsec (Stolen.data) -> Delete on reboot.

Files Infected:
C:\WINDOWS\system32\drivers\smss.exe (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\gsf83iujid.dll (Trojan.Ertfor) -> Delete on reboot.
C:\WINDOWS\system32\reader_s.exe (Trojan.Cutwail) -> Delete on reboot.
C:\Documents and Settings\Guest\Local Settings\Temp\winlogon.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\reader_s.exe (Trojan.Cutwail) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\b.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\zuljbfhv.exe (Rogue.AntiVirusBest) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\login.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\e.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\taskmgr.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\notepad.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\csrss.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\debug.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSWINSCK.OCX (Worm.Nyxem) -> Delete on reboot.
C:\Documents and Settings\Guest\Local Settings\Temp\lsass.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Guest\Local Settings\Temp\system.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avast!Antivirus.exe (Trojan.Downloader) -> Delete on reboot.
C:\Documents and Settings\Guest\Local Settings\Temp\smss.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sopidkc.exe (Backdoor.Bot) -> Delete on reboot.
C:\Documents and Settings\Guest\Local Settings\Temp\824.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
C:\RECYCLER\S-1-5-21-0243636035-3055115376-381863306-1556\pqlmq.exe (TrojanProxy.Slenugga) -> Delete on reboot.
C:\WINDOWS\system32\msgyqsa.exe (Spyware.Passwords) -> Delete on reboot.
C:\WINDOWS\system32\msxml71.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\system32\iehelper.dll (Trojan.FakeAlert) -> Delete on reboot.
c:\aqwiry.exe (Trojan.Downloader) -> Delete on reboot.
c:\errigh.exe (Rustock.Dropper) -> Delete on reboot.
c:\furvsh.exe (Trojan.Dropper) -> Delete on reboot.
c:\gxqd.exe (Trojan.Downloader) -> Delete on reboot.
c:\hydi.exe (Trojan.Agent) -> Delete on reboot.
c:\illhtee.exe (Rootkit.Dropper) -> Delete on reboot.
c:\mcogk.exe (Trojan.Dropper) -> Delete on reboot.
c:\ohhvpdqo.exe (Trojan.Downloader) -> Delete on reboot.
c:\scfsiab.exe (Trojan.Dropper) -> Delete on reboot.
c:\tcburi.exe (Trojan.Clopack) -> Delete on reboot.
c:\uputc.exe (Trojan.Downloader) -> Delete on reboot.
c:\xcqevisi.exe (Trojan.Dropper) -> Delete on reboot.
c:\documents and settings\Guest\Desktop\FlashMute_2.exe (Adware.BetterInternet) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\000.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\001.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\005.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\006.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\008.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\009.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\011.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\020.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\021.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\035.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\046.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\048.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\049.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\051.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\059.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\060.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\061.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\067.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\079.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\082.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\086.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\090.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\096.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1006829110.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\10095549.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1017407026.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1019677784.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1027926220.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\103.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\103079562.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\104954322.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1057824440.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1067312862.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\107.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\107555538.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1083089762.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\10917704.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1097016639.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1107687344.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\111.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1111676462.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1117464762.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1135840412.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1145142602.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1148078736.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\115.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1153845641.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1154478178.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1156648372.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1159376024.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\116.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1160644276.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1172988378.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\119.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1199318876.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\120.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1201037450.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1216924148.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1218904134.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\121917010.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1228243180.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1232239453.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1232672144.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1237495903.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1245197204.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1245481305.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\126.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1280347218.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1284002312.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\129.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1291440968.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1291535371.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1292393030.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1293632400.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1297883458.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1324092969.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1327655667.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\133.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\133010760.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1334765288.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1335390288.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1338921792.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1339841678.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\134045404.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1343195958.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1349371081.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1368776744.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1370422552.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1371121286.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1373093034.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1375513680.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1376291020.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1377098166.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\137737459.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\138.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\138108256.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1387141302.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\139.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\139609500.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\140.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1402440274.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\141.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1413690274.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1421106152.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1421444636.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\142774320.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1430771798.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1439499284.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1456858344.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1457327094.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\146.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1461320364.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1461897834.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1465695364.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\147.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1487181606.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1490961126.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\149805570.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\150.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1504518548.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1507453736.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1507643548.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1509667242.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\151.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1513129802.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1517116396.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1518522646.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1520918505.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1523105403.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1536047467.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1536054756.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\15431437.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1564808820.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1575479557.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1577915260.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1579107650.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1582232650.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1583413420.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1587788420.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\159.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\15931650.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\159452873.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1599354698.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\160.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1603443116.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1617686376.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1619729048.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1619889362.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\162.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\162857298.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1631959552.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1632293862.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1645442495.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1653603059.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\166.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1667868390.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\167.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1670654765.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1675318473.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1684490994.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1687146836.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1696015266.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1701727000.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1705662726.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1710037726.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1710978366.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1713809316.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1718758250.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1720179392.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1723623515.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1726818876.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1730316133.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1733456115.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\174.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\174216634.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1749229607.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1749464276.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1755171529.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\176.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\176491330.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\177272580.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1776436015.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1787282968.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1788319042.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1788787792.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1796226404.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\180.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\180797100.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1813309171.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1814971812.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1821611274.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1823820056.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1827599532.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\182963780.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1830484600.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1831818282.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1835024585.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1840538806.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\18453944.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\184922000.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\185.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\185328350.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\187.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\188.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1882882556.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1896022932.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1896621816.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1914717868.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1919249118.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\193.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1934975854.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\195.tmp (Worm.Koobface) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1957759802.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\196.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1960572302.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1961437168.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1964984136.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1985234390.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1998998908.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\19B.tmp (Worm.Koobface) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\19C.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1A7.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1A8.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1AA.tmp (Worm.Koobface) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1AB.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1AE.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1AF.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1CD.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1CE.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1D0.tmp (Worm.Koobface) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\1D2.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\201.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2023950828.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\205.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2066970776.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\207.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2081828956.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2089692344.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\209.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2100245394.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2101748515.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2104706776.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2110644276.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\211992344.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\212.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\21458098.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\218.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\219.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2199659334.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\222.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2229703834.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2235077590.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2236207888.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\224.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\224151534.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\225.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2259478662.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\228.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2280444299.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\228370284.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2288445750.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\229.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\229023594.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\231.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\232.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2323884135.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\233.exe (Trojan.Cutwail) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2335338914.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\234.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2341727000.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\235.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\236.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\236905632.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\237843132.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2383519748.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\239.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2398743732.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\240658684.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2430609136.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2454314636.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2458346859.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2463464420.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2464359136.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\248.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\249.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2499805306.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2501290866.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2523874702.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2542718375.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2544656348.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\256.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2561026732.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2572745482.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2578406722.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2589363073.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\259.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\259481274.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2597426931.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2599525004.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2613159604.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2615288552.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2615913552.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2619298571.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2623719222.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2639289598.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\264.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2650945816.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2667977066.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2677973288.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2682807288.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2694213538.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2698918124.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2715001926.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2726667960.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\273282230.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2737381608.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2738162858.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\274.exe (TrojanProxy.Slenugga) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2741843628.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\Guest\local settings\Temp\2746374878.exe (Trojan.Dropper) -> Quarantined an

Member Avatar for jholland1964

Did you reboot the computer? If not please do so.


Many of these were found in the temp files.
Download CCleaner and run with default options to clean out all the junk that obviously hasn't been cleaned out in ages.
Then Run a new HJT scan and post back with that log.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.