Help - trying to remove BraveSentry etc

[StckFigure]

I ran an automated program to remove BraveSentry, a nasty malware related to SpyAxe and others, and have gotten rid of the popups that came with it. But my computer is still definitely infected with something, as it runs too slowly and reboots randomly every so often such that it's unusable. I read somewhere that BraveSentry often installs lots of other malware, too; and besides, I may not in fact be entirely rid of BraveSentry because it's so insidious. Below is my HJT log... any help is greatly appreciated! Please advice as step-by-step as possible. thank you!
-Jeffrey

----

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 1:32:13 PM, on 5/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\scvhost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\aspi8625.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\retadpu27.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Documents and Settings\Owner\Desktop\Analyzer.exe

R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE Redirector - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\WINDOWS\system32\dnsersnd.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinFast Schedule] C:\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATIMACE] MACE.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu27.exe 61A847B5BBF72810358B2B27128065E9C084320161C4661227 A755E9C2933154389A
O4 - HKLM\..\RunServices: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKLM\..\RunOnce: [Windows Update] C:\WINDOWS\scvhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - HKCU\..\RunOnce: [service] C:\DOCUME~1\Owner\LOCALS~1\Temp\kvzourec.exe delete
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Microsoft Office\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhealer.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\winhealer.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1173467735984
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) - http://a19.g.akamai.net/7/19/7125/14...2/cpbrkpie.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor...o.cab56649.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O16 - DPF: {DA80E089-4648-43D5-93B4-7F37917084E6} (CacheManager.CacheManagerCtrl) - http://www.candystand.com/assets/act...cheManager.CAB
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxx.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Microsoft ASPI Manager (aspi113210) - Unknown owner - C:\WINDOWS\system32\aspi8625.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\VPN Client\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 11370 bytes

[jholland1964]

You most definitely have LOTs of nasty items running on the computer.
Clean up is going to take several steps. I ask you to do these steps exactly as given.

Please download SmitfraudFix (by S!Ri)

Double-click SmitfraudFix.exe.
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

[StckFigure]

I've actually run SmitFraudFix already on this computer, but it was option 2 - Clean - and in safe mode, yesterday. Here are the results of the most recent -- moments ago -- SmitFraudFix run, this time option 1 and not in safe mode:

Symantec Script Blocking popped up a couple warnings during this, which it of course wasn't doing in Safe Mode.

SmitFraudFix v2.177

Scan done at 14:44:10.75, Wed 05/09/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\perfc000.da t"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS



»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End




Here, then, is the same report but run in Safe Mode, where I could authorize the VB script to be run. I don't know if it makes a difference, but I figured I'd do both.

SmitFraudFix v2.177

Scan done at 14:53:47.03, Wed 05/09/2007
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\perfc000.da t"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4A073C96-FA34-43D6-943F-C412F3CFC1F8}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4A073C96-FA34-43D6-943F-C412F3CFC1F8}: DhcpNameServer=192.168.1.254 192.168.1.254
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4A073C96-FA34-43D6-943F-C412F3CFC1F8}: DhcpNameServer=192.168.1.254 192.168.1.254


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End



Thank you!!!

[jholland1964]

Are there other steps you have taken that you haven't told me about?

I want you to run an online Kaspersky Scan. It will not fix anything but will generate a log, which will tell us where some of these nasty items are located. You will need to post that back in your next post.
I also want you to do the following steps;
Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.


• ATF-Cleaner.exe by Atribune


You can put this on your Desktop for easier access.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.


* Install AVG Anti-Spyware by double clicking the installer.
* Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
* On the main screen under Your Computer's security.
o Click on Change state next to Resident shield. It should now change to inactive.
o Click on Change state next to Automatic updates. It should now change to inactive.
o Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
o Wait until you see the Update succesfull message.
* Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
* Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.

If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Reboot your computer in Safe Mode.

* If the computer is running, shut down Windows, and then turn off the power.
* Wait 30 seconds, and then turn the computer on.
* Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
* Ensure that the Safe Mode option is selected.
* Press Enter. The computer then begins to start in Safe mode.
* Login on your usual account

RUN ATF-Cleaner.exe.
-- Click on ATF-Cleaner to run it
-- Where it says Select Files To Delete, Check the Select All Option
-- Click Empty Selected > OK > EXIT

B – Please Launch AVG Anti-Spyware.
-- Click on the Scanner button and choose the Settings Tab.
---> Under How to act?, click on Recommended action and choose Quarantine to set default action for detected malware.
--->Under Reports make sure Automatically generate report after every scan is selected and UNCHECK the Only if threats were found box.
-- Leave everything else at their default settings and Select the Scan tab and CLICK Complete System Scan to scan your machine.
-- Upon completion of the scan, Click Apply all actions to place any detected baddies in Quarantine.
-- AFTER clicking Apply all actions, Click on Save Report and select Save the report to your Desktop

Reboot the computer in Normal Mode.
Run a new HJT scan and save the log.
Post back here with the avg log, the kaspersky log and the hjt log.

[StckFigure]

I'm having serious trouble getting to anything online at all, so I can't get to the Kaspersky scan. I'm going to keep trying; it seems to be a matter of luck whether I get far or not before my computer decides it's had enough this round. My question is whether I can move on to the other steps and skip the Kaspersky step if I'm unable (likewise the update for ewigo; I don't think I'll be able to do that). Hopefully this question will be rendered moot by the time you answer and I'll have posted logs, though. (I'm accessing this forum from a second computer, and I can transfer the downloaded ewigo and the other file from a thumbdrive).

[jholland1964]

Just skip Kaspersky for now...Just noticed...do you have BOTH Norton and McAfee installed on the computer? This is an absolute NO-NO....ONE anti-virus program on a computer NEVER more than one...If both of these are anti-virus programs you must uninstall one of them immediately.

Edit:
Just checked on both of these items you have running....You are running TWO Security centers! McAfee AND Norton...how is the computer even running is what I want to know! Uninstall one of them! Before you try to do anything else.

[StckFigure]

I'm trying desperately to uninstall one or the other - at this point I don't even care which - and because of the malware on my computer (I think), I'm not able to! Specifically, in safe mode, the uninstall programs say they need to be in normal mode... but in normal mode, my computer isn't stable long enough to get through the control panel, into add/remove programs, load the list, and get to the uninstall. Is there another way to do it? Can I go through with the AVG scan and hopefully fix whatever's crashing the computer, and then solve the dual antivirus problem?

[StckFigure]

Never mind... I got McAfee uninstalled (I think). Now I'm going to do the AVG full scan, but it will take a long time, I think. I did it overnight last night and then found out I needed to uninstall McAfee... and besides, it did the entire scan but then froze up in the process of fixing. So I'm going to do it again now, and hopefully uninstalling McAfee will solve that problem; I'll post the AVG and a new HJT log here as soon as possible.

Thanks again! You're a godsend.

[jholland1964]

Be sure to do the AVG scan in safe mode.

[StckFigure]

At last, after a seven (!) hour AVG scan in safe mode, I've rebooted back into normal and run the HJT check. Windows is repeatedly popping up the "The system has recovered from a serious error" message, which I keep ignoring because sending it off has sometimes crashed the system.

Here is the AVG report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:55:52 PM 5/10/2007

+ Scan result:



C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142613.exe -> Adware.Agent : Ignored.
F:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP430\A0095780.dll -> Adware.BargainBuddy : Ignored.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142596.dll -> Adware.BookedSpace : Ignored.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142597.dll -> Adware.BookedSpace : Ignored.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142598.dll -> Adware.BookedSpace : Ignored.
C:\WINDOWS\cfg32.exe -> Adware.BookedSpace : Ignored.
C:\WINDOWS\cfg32a.exe -> Adware.BookedSpace : Ignored.
C:\WINDOWS\stub_track3.exe -> Adware.BookedSpace : Ignored.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142583.dll -> Adware.BraveSentry : Ignored.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142584.dll -> Adware.BraveSentry : Ignored.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142585.dll -> Adware.BraveSentry : Ignored.
C:\Documents and Settings\Owner\Local Settings\Temp\cmdinst.exe -> Adware.CommAd : Ignored.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\8BGCGW9P\installer[1].exe -> Adware.CommAd : Ignored.
C:\WINDOWS\IA\asappsrv.dll -> Adware.CommAd : Ignored.
C:\WINDOWS\IA\command.exe -> Adware.CommAd : Ignored.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP467\A0102592.ocx -> Adware.Coupons : Ignored.
C:\Program Files\NewDotNet -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142589.exe -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142590.dll -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142592.exe -> Adware.NewDotNet : Ignored.
C:\WINDOWS\system32\NNSKYA638.exe -> Adware.NewDotNet : Ignored.
HKU\S-1-5-21-2583414307-713964654-4157657322-1006\Software\New.net -> Adware.NewDotNet : Ignored.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142587.exe -> Adware.Relevant : Ignored.
C:\WINDOWS\itpb_3.exe -> Adware.Relevant : Ignored.
C:\WINDOWS\system32\rlvknlg.exe -> Adware.RK : Ignored.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0153642.exe -> Adware.Softomate : Ignored.
C:\WINDOWS\b122.exe -> Adware.Softomate : Ignored.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142608.dll -> Adware.Ucmore : Ignored.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142609.dll -> Adware.Ucmore : Ignored.
C:\WINDOWS\system32\smpi1\lb66.exe/IUCMORE.DLL -> Adware.Ucmore : Ignored.
C:\WINDOWS\system32\smpi1\lb66.exe/UCMTSAIE.DLL -> Adware.Ucmore : Ignored.
C:\WINDOWS\system32\smpi1\lb66.exe/empty_00000001 -> Adware.Ucmore : Ignored.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0113576.exe -> Adware.WebBuying : Ignored.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142614.exe -> Adware.WebBuying : Ignored.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142615.dll -> Adware.WebBuying : Ignored.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0178662.dll -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0178663.exe -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0178664.dll -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0178665.exe -> Adware.WebHancer : Ignored.
C:\WINDOWS\b129.exe -> Adware.WebHancer : Ignored.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142616.exe -> Adware.ZenoSearch : Ignored.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142617.exe -> Adware.ZenoSearch : Ignored.
C:\WINDOWS\system32\nwintodv.exe -> Adware.ZenoSearch : Ignored.
C:\WINDOWS\system32\smpi1\lib67.exe -> Adware.ZQuest : Ignored.
C:\WINDOWS\system32\cbrqqm.dll -> Backdoor.Agent.adr : Cleaned with backup (quarantined).
C:\WINDOWS\system32\aspi8625.exe -> Backdoor.Agent.aju : Cleaned with backup (quarantined).
C:\WINDOWS\system32\aspi88905.exe -> Backdoor.Agent.aju : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0121582.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142632.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0143626.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0144626.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0145632.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0146632.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0149640.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0153640.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0157640.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0158640.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0159640.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0160644.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0161644.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0162644.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0163644.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0167644.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0169644.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0170644.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0171644.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0172656.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0172658.dll -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0172659.exe -> Backdoor.Agent.alp : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\234 PhotoShop Plugins\234 PhotoShop Plugins.rar/234 PhotoShop Plugins\Panopticum All in 1 One Pack\Panopticum Alpha Strip v1.1\Panopticum AlphaStrip V1.1 Full-Crack.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Desktop\2\New Folder (2)\PhotoshopCS2 PlugIns 05-18-2006 torrentlounge.com\Panopticum All in 1 One Pack\Panopticum Alpha Strip v1.1\Panopticum AlphaStrip V1.1 Full-Crack.exe -> Backdoor.Theef.111 : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0159643.exe -> Backdoor.VB.aym : Cleaned with backup (quarantined).
C:\UseNeXT\UseNext_Acc_Gen_By_D4ng3r.exe/server.exe -> Backdoor.VB.aym : Cleaned with backup (quarantined).
C:\WINDOWS\system32\max1d164v.exe -> Dialer.GBDialer.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0120587.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0120593.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\WINDOWS\retadpu1000106.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\WINDOWS\retadpu27.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\WINDOWS\system32\smpi1\lib06.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vexga5me3.exe -> Downloader.Agent.bls : Cleaned with backup (quarantined).
C:\WINDOWS\system32\leeman.exe -> Downloader.Agent.bnn : Cleaned with backup (quarantined).
HKU\S-1-5-21-2583414307-713964654-4157657322-1006\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{7507739F-BC2E-4DC3-B233-816783C25DC9} -> Downloader.Delf : Cleaned with backup (quarantined).
HKU\S-1-5-21-2583414307-713964654-4157657322-1006\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{7507739F-BC2E-4DC3-B233-816783C25DC9} -> Downloader.Delf : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Desktop\Desktop\backups\backup-20060120-005653-976.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142603.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\b104.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0120591.exe -> Downloader.Small.eip : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qvx5gamet2.exe -> Downloader.Small.eip : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0119583.exe -> Downloader.Tibs.ku : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0120583.exe -> Downloader.Tibs.ku : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0120588.exe -> Downloader.Tibs.ku : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0120590.exe -> Downloader.Tibs.ku : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142602.exe -> Downloader.Tibs.ku : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0145626.exe -> Downloader.Tibs.ku : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vexg4am1et2.exe -> Downloader.Tibs.ku : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vexg6ame4.exe -> Downloader.Tibs.ku : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vexga8me6.exe -> Downloader.Tibs.ku : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0120589.exe -> Downloader.Tibs.kv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142595.exe -> Downloader.Tibs.kv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142599.exe -> Downloader.Tibs.kv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142600.exe -> Downloader.Tibs.kv : Cleaned with backup (quarantined).
C:\Program Files\InetGet2\stub_109_4_0_4_0.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\WINDOWS\b103.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\WINDOWS\system32\CmarP1083.exe -> Downloader.VB.awj : Cleaned with backup (quarantined).
C:\temp\SB1083.exe -> Downloader.VB.awj : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Desktop\2\News Rover 11.exe -> Dropper.Delf.xo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\msiexec.exe -> Hijacker.Agent.jp : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dnsersnd.dll -> Hijacker.Small.cf : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dnsersnd.exe -> Hijacker.Small.cf : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\234 PhotoShop Plugins\234 PhotoShop Plugins.rar/234 PhotoShop Plugins\CRAWJPEG2000PBv10\-= Keygen Photoshop v7.0 =-\KeyGenPhotoShop7.exe -> Logger.Delf.ncs : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\234 PhotoShop Plugins\234 PhotoShop Plugins.rar/234 PhotoShop Plugins\KeyGen\APv70\KeyGenPhotoShop7.exe -> Logger.Delf.ncs : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Ignored.
F:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Ignored.
F:\WINDOWS\Downloaded Program Files\CONFLICT.1\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.c : Ignored.
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0121583.sys -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\WINDOWS\system32\spoolsvv.sys -> Proxy.Agent.ji : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP444\A0097694.exe -> Proxy.Agent.kj : Cleaned with backup (quarantined).
C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll~ -> Proxy.Xorpix.ba : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0120584.exe -> Proxy.Xorpix.ba : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vexga4me1.exe -> Proxy.Xorpix.ba : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0120585.exe -> Proxy.Xorpix.m : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0119580.sys -> Rootkit.Agent.ea : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0120594.sys -> Rootkit.Agent.ea : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0121580.sys -> Rootkit.Agent.ea : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142626.sys -> Rootkit.Agent.ea : Cleaned with backup (quarantined).
C:\WINDOWS\system32\windbg48.sys -> Rootkit.Agent.ea : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142606.sys -> Rootkit.Agent.eq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142607.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\system32\smpi1\lb5.exe -> Trojan.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\system32\okafuf.dll -> Trojan.Agent.pk : Cleaned with backup (quarantined).
C:\WINDOWS\KVTE66.exe -> Trojan.BHO.ab : Cleaned with backup (quarantined).
C:\WINDOWS\system32\zippy2.exe -> Trojan.BHO.ab : Cleaned with backup (quarantined).
C:\PopCap Games\PopCap Deluxe Games\Big Money Deluxe 1.22\crack\crack.exe -> Trojan.Feutel.av : Cleaned with backup (quarantined).
C:\PopCap Games\PopCap Deluxe Games\Mummy Maze Deluxe 1.1\crack\crack.exe -> Trojan.Feutel.av : Cleaned with backup (quarantined).
C:\PopCap Games\PopCap Deluxe Games\Noahs Ark Deluxe 1.1\crack\crack.exe -> Trojan.Feutel.av : Cleaned with backup (quarantined).
C:\PopCap Games\PopCap Deluxe Games\Seven Seas Deluxe 1.13\crack\crack.exe -> Trojan.Feutel.av : Cleaned with backup (quarantined).
C:\Program Files\Ofb11\Ofb11.dll -> Trojan.OwlF.a : Cleaned with backup (quarantined).
C:\Program Files\Ipwindows\UnInstall.exe -> Trojan.Rond : Cleaned with backup (quarantined).
C:\Program Files\Ipwindows\ipwins.dll -> Trojan.Rond : Cleaned with backup (quarantined).
C:\Program Files\Ipwindows\ipwins.exe -> Trojan.Rond : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0159645.dll -> Trojan.Rond : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0159646.exe -> Trojan.Rond : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0159647.exe -> Trojan.Rond : Cleaned with backup (quarantined).
C:\WINDOWS\IA\KE.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qvxga6met3.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qvxga7met4.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vexga3me2.exe -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\uninstall_nmon.vbs -> Trojan.Small : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP507\A0173658.exe -> Trojan.Steam.f : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0120586.exe -> Trojan.Tibs.w : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142594.sys -> Trojan.Tibs.w : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vexga4m1et4.exe -> Trojan.Tibs.w : Cleaned with backup (quarantined).
C:\WINDOWS\system32\windev-1a2a-2d72.sys -> Trojan.Tibs.w : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0142601.exe -> Worm.Nuwar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP472\A0105953.exe -> Worm.VB.dw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4653E8F8-6519-4964-B7BD-828D96FBCC0E}\RP506\A0120582.exe -> Worm.Zhelatin.by : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vexga1me4t1.exe -> Worm.Zhelatin.by : Cleaned with backup (quarantined).


::Report end