Solve : Virus that changes my administrator pass.....and changes my fo

Solve : Virus that changes my administrator pass.....and changes my folder to applicatio?

Answer»

Here's my Combo Fix Log..... the Kaspersky Online Scanner is not done yet....

ComboFix 09-07-21.02 - Administrator 07/22/2009 10:06.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.895.316 [GMT 8:00]
Running from: c:\documents and settings\Administrator.SECURITY-928BF1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator.SECURITY-928BF1\Desktop\CFScript.txt
AV: G DATA AntiVirus *On-access scanning disabled* (Outdated) {71310606-6F3B-49F2-9A81-8315AA75FBB3}
.

((((((((((((((((((((((((( Files Created from 2009-06-22 to 2009-07-22 )))))))))))))))))))))))))))))))
.

2099-03-07 06:37 . 2009-07-18 07:59   --------   d-sh--r-   C:\TONYOK GWAPO KUNO '08
2099-03-07 06:35 . 2009-07-18 07:26   --------   d-sh--r-   C:\philhealth
2099-03-07 06:12 . 2099-03-07 06:12   --------   d-----w-   c:\documents and settings\All Users\Application Data\Yahoo!
2099-03-07 06:12 . 2099-03-07 06:12   --------   d-----w-   c:\PROGRAM files\Common Files\Adobe AIR
2099-03-07 06:12 . 2099-03-07 06:12   --------   d-sh--r-   c:\program files\Yahoo!
2099-03-07 06:11 . 2099-03-07 06:11   --------   d-sh--r-   c:\program files\VideoLAN
2099-03-07 06:11 . 2009-07-04 04:31   --------   d-----w-   c:\program files\Common Files\Adobe
2099-03-07 06:11 . 2099-03-07 06:11   --------   d-----w-   c:\documents and settings\All Users\Application Data\CyberLink
2099-03-07 06:10 . 2001-03-08 10:30   24064   ----a-w-   c:\windows\system32\msxml3a.dll
2099-03-07 06:10 . 2099-03-07 06:10   --------   d-sh--r-   c:\program files\CyberLink
2099-03-07 06:10 . 2003-03-18 12:14   499712   ----a-w-   c:\windows\system32\msvcp71.dll
2099-03-07 06:10 . 2003-02-20 20:42   348160   ----a-w-   c:\windows\system32\msvcr71.dll
2099-03-07 06:09 . 2009-07-16 08:50   --------   d-sh--r-   c:\program files\ESET
2099-03-07 00:32 . 2020-09-05 02:33   --------   d-----w-   c:\documents and settings\All Users\Application Data\Microsoft Help

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2099-03-06 09:54 . 2099-03-06 09:54   --------   d-sh--r-   c:\program files\Nero
2099-03-06 09:54 . 2099-03-06 09:54   --------   d-----w-   c:\documents and settings\All Users\Application Data\Nero
2099-03-06 09:49 . 2099-03-06 09:47   --------   d-----w-   c:\program files\SiS VGA Utilities V3.81
2099-03-06 09:49 . 2099-03-06 09:49   --------   d-sh--r-   c:\program files\sisagp
2099-03-06 09:45 . 2099-03-06 09:45   --------   d-sh--r-   c:\program files\Realtek
2099-03-06 09:45 . 2099-03-06 09:45   315392   ----a-w-   c:\windows\HideWin.exe
2009-07-22 02:04 . 2009-03-09 05:45   --------   d-sh--r-   c:\program files\D2D
2009-07-22 00:49 . 2009-07-15 03:17   --------   d-sh--r-   c:\program files\Enigma Software Group
2009-07-22 00:49 . 2009-06-24 01:18   --------   d-sh--r-   c:\program files\RegCure
2009-07-21 10:06 . 2009-07-21 02:02   --------   d-----w-   c:\documents and settings\Administrator.SECURITY-928BF1\Application Data\Skype
2009-07-21 05:24 . 2009-04-14 08:29   --------   d-----w-   c:\documents and settings\All Users\Application Data\Google Updater
2009-07-21 02:04 . 2009-07-21 02:04   --------   d-----w-   c:\documents and settings\Administrator.SECURITY-928BF1\Application Data\skypePM
2009-07-21 01:38 . 2009-07-21 01:38   --------   d-----w-   c:\documents and settings\Administrator.SECURITY-928BF1\Application Data\Apple Computer
2009-07-20 09:24 . 2009-07-20 09:24   70280   ----a-w-   c:\documents and settings\Administrator.SECURITY-928BF1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-20 04:24 . 2009-07-20 04:24   --------   d-----w-   c:\documents and settings\Administrator.SECURITY-928BF1\Application Data\Morpheus Software
2009-07-18 06:01 . 2009-07-18 06:01   --------   d-sh--r-   c:\program files\Panda USB Vaccine
2009-07-18 02:05 . 2009-07-16 11:44   117760   ----a-w-   c:\documents and settings\Administrator.SECURITY-928BF1\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-16 11:41 . 2009-07-16 11:41   --------   d-----w-   c:\documents and settings\Administrator.SECURITY-928BF1\Application Data\SUPERAntiSpyware.com
2009-07-16 10:50 . 2009-03-14 02:59   --------   d---a-w-   c:\documents and settings\All Users\Application Data\TEMP
2009-07-16 10:45 . 2099-03-06 09:45   --------   d-sh--r-   c:\program files\InstallShield Installation Information
2009-07-16 10:45 . 2009-07-16 10:45   --------   d-sh--r-   c:\program files\LSoft Technologies
2009-07-16 10:19 . 2009-07-16 10:19   --------   d-sh--r-   c:\program files\Nucleus Kernel for FAT and NTFS Demo
2009-07-16 09:44 . 2009-07-16 09:44   --------   d-----w-   c:\documents and settings\Administrator.SECURITY-928BF1\Application Data\Search Settings
2009-07-16 09:42 . 2009-07-16 09:42   --------   d-----w-   c:\documents and settings\Administrator.SECURITY-928BF1\Application Data\Nero
2009-07-16 09:35 . 2009-07-16 08:51   68296   ----a-w-   c:\windows\system32\drivers\GRD.sys
2009-07-16 08:54 . 2009-07-16 08:47   --------   d-----w-   c:\documents and settings\All Users\Application Data\G DATA
2009-07-16 08:47 . 2009-07-16 08:47   50888   ----a-w-   c:\windows\system32\drivers\MiniIcpt.sys
2009-07-16 08:47 . 2009-07-16 08:47   50888   ----a-w-   c:\windows\system32\drivers\GDTdiIcpt.sys
2009-07-16 08:47 . 2009-07-16 08:47   32200   ----a-w-   c:\windows\system32\drivers\HookCentre.sys
2009-07-16 08:46 . 2009-07-16 08:45   --------   d-----w-   c:\program files\Common Files\G DATA
2009-07-16 08:45 . 2009-07-16 08:45   --------   d-sh--r-   c:\program files\G DATA
2009-07-16 06:23 . 2009-07-16 05:36   117760   ----a-w-   c:\documents and settings\a\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-16 05:34 . 2009-07-16 05:34   --------   d-----w-   c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-07-16 05:34 . 2009-07-16 05:34   --------   d-sh--r-   c:\program files\SUPERAntiSpyware
2009-07-16 05:34 . 2009-07-16 05:34   --------   d-----w-   c:\documents and settings\a\Application Data\SUPERAntiSpyware.com
2009-07-16 05:34 . 2009-07-16 05:34   --------   d-----w-   c:\program files\Common Files\Wise Installation Wizard
2009-07-16 05:29 . 2009-07-16 05:29   --------   d-sh--r-   c:\program files\CCleaner
2009-07-16 05:13 . 2009-06-24 05:08   24416   ----a-w-   c:\windows\system32\drivers\regguard.sys
2009-07-16 04:58 . 2009-06-24 02:02   --------   d-sh--r-   c:\program files\Spyware Doctor
2009-07-16 04:31 . 2009-07-16 04:31   --------   d-----w-   c:\documents and settings\a\Application Data\Malwarebytes
2009-07-16 04:31 . 2009-07-16 04:31   --------   d-sh--r-   c:\program files\Malwarebytes' Anti-Malware
2009-07-16 04:31 . 2009-07-16 04:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-16 03:28 . 2009-05-13 07:21   --------   d-sh--r-   c:\program files\DBF Viewer 2000
2009-07-16 03:28 . 2009-05-13 06:57   --------   d-sh--r-   c:\program files\DBFView Trial
2009-07-16 03:28 . 2009-06-17 05:01   --------   d-sh--r-   c:\program files\MailList King
2009-07-16 03:26 . 2009-05-19 07:00   --------   d-----w-   c:\program files\Common Files\Intuit
2009-07-15 09:28 . 2009-07-15 09:28   70280   ----a-w-   c:\documents and settings\a\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-15 05:45 . 2009-07-15 05:45   --------   d-----w-   c:\documents and settings\a\Application Data\Search Settings
2009-07-15 05:42 . 2009-03-14 02:58   --------   d-sh--r-   c:\program files\SpeedBitPlus
2009-07-15 05:42 . 2009-07-15 05:42   --------   d-----w-   c:\documents and settings\a\Application Data\Nero
2009-07-15 04:56 . 2009-07-15 04:59   102664   ----a-w-   c:\windows\system32\drivers\tmcomm.sys
2009-07-15 01:55 . 2099-03-06 09:35   24252   ----a-w-   c:\windows\system32\emptyregdb.dat
2009-07-14 05:22 . 2009-07-14 05:22   --------   d-sh--r-   c:\program files\Trend Micro
2009-07-14 04:59 . 2009-07-14 04:57   --------   dc-h--w-   c:\documents and settings\All Users\Application Data\{C4C0E335-EDDF-46A0-A57D-F3802AE44275}
2009-07-14 03:33 . 2009-07-14 03:33   --------   d-sh--r-   c:\program files\Uniblue
2009-07-13 05:36 . 2009-07-16 04:31   38160   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 05:36 . 2009-07-16 04:31   19096   ----a-w-   c:\windows\system32\drivers\mbam.sys
2009-07-11 02:27 . 2009-07-11 02:26   95744   ----a-w-   c:\documents and settings\All Users\Application Data\SpeedBit\DAP\Updates\Condition.dll
2009-07-10 02:29 . 2009-03-14 03:22   83456   ----a-w-   c:\documents and settings\All Users\Application Data\SpeedBit\DAP\SDCondition.dll
2009-07-08 01:34 . 2009-07-08 01:34   --------   d-----w-   c:\documents and settings\Guest\Application Data\Search Settings
2009-07-08 01:34 . 2009-07-08 01:34   --------   d-----w-   c:\documents and settings\Guest\Application Data\Dealio
2009-07-06 03:24 . 2009-07-06 03:24   --------   d-sh--r-   c:\program files\Alchemy Mindworks
2009-07-06 01:55 . 2009-07-06 01:55   --------   d-sh--r-   c:\program files\Morpheus Photo Animation Suite
2009-07-04 01:17 . 2009-07-01 09:29   26286   ----a-w-   c:\windows\scunin.dat
2009-07-04 01:17 . 2009-07-01 09:29   967   ----a-w-   c:\windows\ScUnin.pif
2009-07-04 01:17 . 2009-07-01 09:29   94208   ----a-w-   c:\windows\ScUnin.exe
2009-07-02 06:19 . 2009-04-14 08:29   --------   d-sh--r-   c:\program files\Google
2009-06-27 08:54 . 2009-03-17 03:23   14   ----a-w-   c:\windows\popcinfo.dat
2009-06-24 05:09 . 2009-06-24 05:09   34760   ----a-w-   c:\windows\system32\drivers\Partizan.sys
2009-06-24 05:08 . 2009-06-24 05:08   32480   ----a-w-   c:\windows\system32\Partizan.exe
2009-06-24 05:05 . 2009-06-24 05:05   2   --shatr-   c:\windows\winstart.bat
2009-06-24 04:04 . 2099-03-06 09:38   --------   d-sh--r-   c:\program files\microsoft frontpage
2009-06-24 00:34 . 2009-03-14 05:06   --------   d-sh--r-   c:\program files\SpeedBit Video Accelerator
2009-06-16 10:44 . 2009-06-16 10:44   --------   d-sh--r-   c:\program files\Qualcomm
2009-06-15 01:04 . 2009-06-15 01:04   --------   d-----w-   c:\documents and settings\Guest\Application Data\Nero
2009-06-15 01:04 . 2009-06-15 01:04   --------   d-----w-   c:\documents and settings\Guest\Application Data\PC Suite
2009-06-02 01:45 . 2009-06-02 01:45   --------   d-sh--r-   c:\program files\Cheetah Burner
2009-05-28 00:38 . 2009-05-28 00:37   --------   d-sh--r-   c:\program files\iTunes
2009-05-28 00:38 . 2009-05-28 00:37   --------   d-----w-   c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-28 00:38 . 2009-05-28 00:38   --------   d-sh--r-   c:\program files\iPod
2009-05-28 00:37 . 2009-05-28 00:36   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple Computer
2009-05-28 00:37 . 2009-05-28 00:37   --------   d-----w-   c:\program files\Common Files\Apple
2009-05-28 00:36 . 2009-05-28 00:36   --------   d-sh--r-   c:\program files\Bonjour
2009-05-28 00:36 . 2009-05-28 00:36   --------   d-sh--r-   c:\program files\QuickTime
2009-05-28 00:36 . 2009-05-28 00:36   --------   d-sh--r-   c:\program files\Apple Software Update
2009-05-28 00:36 . 2009-05-28 00:36   --------   d-----w-   c:\documents and settings\All Users\Application Data\Apple
2009-05-27 09:03 . 2009-05-27 09:03   --------   d-sh--r-   c:\program files\ImTOO
2009-05-27 06:31 . 2009-05-27 06:31   --------   d-----w-   c:\program files\Common Files\eSellerate
2009-05-27 06:27 . 2009-05-27 06:27   --------   d-sh--r-   c:\program files\Senuti iPod Rip
2009-05-26 05:24 . 2009-05-26 05:24   --------   d-sh--r-   c:\program files\Xilisoft
2009-02-20 01:43 . 2009-03-07 08:07   134648   ----a-w-   c:\program files\mozilla firefox\components\brwsrcmp.dll
2004-08-03 22:56 . 2004-08-03 22:56   6144   --sha-r-   c:\windows\system32\csrss.exe
.

((((((((((((((((((((((((((((( [email protected]_01.09.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-22 02:11 . 2009-07-22 02:11   16384 c:\windows\Temp\Perflib_Perfdata_3a8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60270dc7-9ea0-472f-9b77-66652c06246e}]
2008-06-03 16:26   1542168   ----a-w-   c:\program files\SpeedBitPlus\tbSpee.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{60270dc7-9ea0-472f-9b77-66652c06246e}"= "c:\program files\SpeedBitPlus\tbSpee.dll" [2008-06-03 1542168]

[HKEY_CLASSES_ROOT\clsid\{60270dc7-9ea0-472f-9b77-66652c06246e}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{60270DC7-9EA0-472F-9B77-66652C06246E}"= "c:\program files\SpeedBitPlus\tbSpee.dll" [2008-06-03 1542168]

[HKEY_CLASSES_ROOT\clsid\{60270dc7-9ea0-472f-9b77-66652c06246e}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-12-17 3810544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-02 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"G DATA AntiVirus Trayapplication"="c:\program files\G DATA\AntiVirus\AVKTray\AVKTray.exe" [2008-09-22 993352]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-08-03 1826816]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2007-06-25 53248]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-08-20 16384512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"Run"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 04:05   356352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 GRD;G DATA Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [7/16/2009 4:51 PM 68296]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 AVKProxy;G DATA AntiVirus Proxy;c:\program files\Common Files\G DATA\AVKProxy\AVKProxy.exe [9/22/2008 11:09 AM 650824]
R2 AVKService;G DATA Scheduler;c:\program files\G DATA\AntiVirus\AVK\AVKService.exe [9/22/2008 11:09 AM 386120]
R2 AVKWCtl;AntiVirus Monitor;c:\program files\G DATA\AntiVirus\AVK\AVKWCtl.exe [8/14/2008 8:55 AM 1185496]
R2 GDTdiInterceptor;GDTdiInterceptor;c:\windows\system32\drivers\GDTdiIcpt.sys [7/16/2009 4:47 PM 50888]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm --&GT; c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe -start -scm [?]
R3 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [7/16/2009 4:47 PM 50888]
R3 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [7/16/2009 4:47 PM 32200]
S2 gupdate1c9bcdceee47b6;Google Update Service (gupdate1c9bcdceee47b6);c:\program files\Google\Update\GoogleUpdate.exe [4/14/2009 4:36 PM 133104]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [6/24/2009 1:09 PM 34760]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [6/24/2009 1:08 PM 24416]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-07-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]

2009-07-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-14 08:29]

2009-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 08:35]

2009-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 08:35]

2009-07-22 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2009-07-18 04:30]
.
.
------- Supplementary Scan -------
.
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Administrator.SECURITY-928BF1\Application Data\Mozilla\Firefox\Profiles\k7dhg610.default\
FF - prefs.js: browser.search.selectedEngine - Searchme
FF - component: c:\program files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}\components\AvkWebFilterFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\Shim.dll
FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\SearchSettingsFF.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-22 10:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(692)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'explorer.exe'(1036)
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Panda USB Vaccine\USBVaccine.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\progra~1\SPEEDB~2\VideoAcceleratorService.exe
c:\progra~1\SPEEDB~2\VideoAcceleratorEngine.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-22 10:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-22 02:13
ComboFix2.txt 2009-07-22 01:11

Pre-Run: 6,467,457,024 bytes free
Post-Run: 6,453,354,496 bytes free

Current=2 Default=2 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
249

I'll just post the Kaspersky Log when its done scanning my computer....Ok, here's my Kaspersky Log....

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, July 22, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, July 22, 2009 05:51:12
Records in database: 2510764
--------------------------------------------------------------------------------

Scan settings:
   Scan using the following database: extended
   Scan archives: yes
   Scan mail databases: yes

Scan area - My Computer:
   A:\
   C:\
   D:\
   E:\

Scan statistics:
   Files scanned: 57344
   Threat name: 3
   Infected objects: 372
   Suspicious objects: 0
   Duration of the scan: 03:35:28

File name / Threat name / Threats count
C:\Documents and Settings\Administrator.SECURITY-928BF1\Desktop\Recovered Files\Back-up D2D Loan\Pag-IBIG LOANS.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\Desktop\Recovered Files\Back-up Database\SENTINEL SECURITY5162009.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\Desktop\Recovered Files\Claire\converted movies.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\Desktop\Recovered Files\Claire\ddo revised.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\Desktop\Recovered Files\Claire\Pictures.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\Desktop\Recovered Files\Claire\scandal.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\$hf_mig$.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\$MSI31Uninstall_KB893803v2$.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\$NtUninstallKB888111WXPSP2$.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\0525.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\45004b0a61070e440a2d792392c2.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\a.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Active Data Recovery Software.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\addins.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Administrator.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Adobe.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\After Image.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Ahead.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Alchemy Mindworks.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Alchemy.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Alcohol 120%.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Alcohol Soft.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\All User0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\All Users.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\ambethia-smtp-tls-7d62b44411d8e8d662a7df302ea10ade7ab3287c.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Apple Software Update.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\AppPatch.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\AUTHORIZATION.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Avenger.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\BACK-BILLING COLLECTION.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Back-up D2D Loan.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Back-up D2D Premium.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Back-up Database.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Back-up Philhealth.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\BACK-UP.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\bamboo.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Billing Codes.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Billing-Collection Back-up.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Billing-Collection Summary FORMAT.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\BILLING-FP.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\BIR 2316 forms.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\BIR Documents.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\BIR Remittances.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\BIRALPHA0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\BIRALPHA3.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\BITMAPS.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\BITMAPS0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Bonjour.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Bookworm Adventures Deluxe.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\BookWorm Adventures From GameHouse & Keygen.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Borland.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Caesar3.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\CCleaner.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Certification-Philhealth.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Certification.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\characters.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Cheetah Burner.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\cherish.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\CHEVRON GUARDS.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\CHRISTMAS SONG.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Claire.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\cmd.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Common Files.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\ComPlus Applications.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Conduit.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Config.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Connection Wizard.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Contacts.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Converted Data Base.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Converted Database.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\converted movies.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\creed.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\cruisin'.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Crystal.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\csrss.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Cursors.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\CyberLin0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\CyberLink.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\D2D.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\D2D____0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\D2D____1.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\DAP.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\DATA.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\data0000.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\data0001.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Database.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\DataLink.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\DATA___0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\DATA___1.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\DATA___2.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\DATA___3.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Data___4.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\DBF Converter.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\DBF Converters Shell.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\DBF to XLS.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\DBF Viewer 2000.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\DBFView Trial.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\ddo revised.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\DDO.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Dealio Toolbar.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Debug.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Decompiled.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Default User.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\DIFX.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Documents and Settings.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Documents.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\domain.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\DOMAIN.EXE.del   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\domain_0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Downloaded Program Files.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Downloads.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Driver Cache.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\eAlpha.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\eAlpha_0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\ehome.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Emulator.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Enigma Software Group.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Error.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Error__0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\ESET.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\EXTRACT HER0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\EXTRACT HERE.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\FILES.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Fix.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Fonts.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\forms.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\from Jonas I-pod.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\G DATA.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Gameboy Advance.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\GameHous0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\GameHouse.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Google.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Guest.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\help.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\help___0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Help___1.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\HP.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Icons.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Icons__0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\ime.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\ImTOO.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Income Statement.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\index_files.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\inf.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Installer.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\InstallShield Installation Information.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\InstallShield.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Internet Explorer.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Intuit.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Intuit_0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\iostrea0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\iostrea1.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\iostream.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\iPod.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\ips.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\iTunes.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Java.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\java___0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\LastGood.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\LEDGERS.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\LEERZ.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\LIBS.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\LIBS___0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\LimeWir0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\LimeWire.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\lmstdxp.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\LocalService.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Logs.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Logs___0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Logs___1.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\LSoft Technologies.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\MailList King.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Malwarebytes' Anti-Malware.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\maps.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\MDB to DBF.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Media.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\MENUS.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\MENUS__0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Messenger.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Microsoft ActiveSync.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\microsoft frontpage.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Microsoft Office.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Microsoft Visual Studio.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Microsoft Works.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Minidump.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Misc.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Morpheus Photo Animation Suite.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Morpheus.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\MountPointManagerRemoteDatabase.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Movie Maker.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Mozilla Firefox.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\msagent.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\msapps.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\MSN Gaming Zone.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\MSN.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\MSOCache.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\mui.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\My Animation Workshop Documents.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\My Completed Downloads.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\My documents.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\My Installations.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\My Musi0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\My Musi1.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\My Music.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\My Picture0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\My Picture1.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\My Pictures.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\My Videos.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Nero.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\NeroVision.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Nes Emulator.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\NetMeeting.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\NetworkService.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\New Databas0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\New Database.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\NEW Payroll.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Nintendo DS.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Nokia.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\NovaLogic.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\ntldr.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Nucleus Kernel for FAT and NTFS Demo.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Offline Web Pages.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\oLd payroll '08.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Online Services.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Outlook Express.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Overtime.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Pag-IBIG LOANS.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Pag-ibig-Monthly.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Panda USB Vaccine.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Passware.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\PAYROLL.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\PC Connectivity Solution.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\pchealth.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\PeerNet.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\PER30S.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\PER30S_0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\PH Database.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\PHILHEALT0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\philhealt1.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\philhealt2.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\PhilHealth Program.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\PhilHealth-Monthl0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\PhilHealth-Monthly.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Philhealth-remittanc0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Philhealth-remittance.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\philhealth.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\PICTURE & LETTER.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Pictures.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\PIF.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\PPRS2.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\PPRS2__0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\PPRS2__1.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\PPRS2__2.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\PREDATA.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\PREDATA0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Prefetch.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Program Files.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Project Profile.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Provisioning.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Qualcomm.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\QuickTime.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\RA2.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\RealArcade.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Realtek.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\reanimitor.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\RECYCLE0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\RECYCLE1.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\RECYCLER.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\RegCure.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\RegisteredPackages.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Registration.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\registry cure.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\RegRun2.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\RegRun20.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\repair.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Report Formats.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\REPORTS.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\REPORTS0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Reports1.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Requests.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Resources.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Ron.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Ronald.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\S-1-5-21-1177238915-1275210071-725345543-1000.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\S-1-5-21-1177238915-1275210071-725345543-1006.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\S-1-5-21-1177238915-1275210071-725345543-1007.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\S-1-5-21-1177238915-1275210071-725345543-1008.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\S-1-5-21-1177238915-1275210071-725345543-500.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\S-1-5-21-1177238915-1275210071-725345543-501.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\S-1-5-21-1177238915-1275210071-725345543-502.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Sage Software.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\samples.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\save.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\save___0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\scandal.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\screenshots.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\scripts.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\SEC accredited auditors.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\security.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\securityagenc0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\securityagency.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Sentinel Billing-Collectio0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Sentinel Billing-Collection.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\SENTINEL SECURITY5162009.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Senuti iPod Rip.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\ShellNew.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Sierra On-Line.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\SIERRA.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\SIS.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\sisagp.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Skype.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\SMRTNTKY.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\SOC - REPORTS.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\SoftwareDistribution.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\solcache.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\SpeedBit Video Accelerator.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\SpeedBitPlus.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Spyware Doctor.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\srchasst.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\SSS LOAN.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\SSS PREMIUM AND LOAN.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\SSS.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Starcraft.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\states.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\SUMMARY REPORTS 2008.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\SUMMARY REPORTS 2009.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Sun.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\SUPERAntiSpyware.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\System Volume Informatio0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\System Volume Information.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\system.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\System_0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\system~0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Tasks.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Temp.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Template0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Templates.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Temp___0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\ToGo Game.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\TONYO COLLECTION REPORT.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\TONYOK GWAPO KUNO '08.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Trend Micro.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Tutil32.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Tutil320.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\twain_32.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Uniblue.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Uninstall Information.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\update.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Utherverse Digital Inc.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\VideoLAN.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Web Publish.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Web.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Windows Media Player.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Windows NT.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\WindowsUpdate.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\WinRAR.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\WinSxS.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\X-Files.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\X-Files0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\X-Files1.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\xerox.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Xilisoft Corporation.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Xilisoft.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\Yahoo!.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\YouTube Downloader.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\_resto~1.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\ñiäw.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Administrator.SECURITY-928BF1\DoctorWeb\Quarantine\ñiäw___0.exe   Infected: Worm.Win32.Agent.uw   1
C:\Documents and Settings\Guest\Desktop\ophcrack-win32-installer-3.3.0.exe   Infected: not-a-virus:PSWTool.Win32.PWDump.at   1
C:\Documents and Settings\Guest\Desktop\ophcrack-win32-installer-3.3.0.exe   Infected: not-a-virus:PSWTool.Win32.PWDump.ar   1
C:\Documents and Settings\Guest\Local Settings\Application Data\Mozilla\Firefox\Profiles\jpqidczh.default\Cache\1FE7AB4Dd01   Infected: not-a-virus:PSWTool.Win32.PWDump.at   1
C:\Documents and Settings\Guest\Local Settings\Application Data\Mozilla\Firefox\Profiles\jpqidczh.default\Cache\1FE7AB4Dd01   Infected: not-a-virus:PSWTool.Win32.PWDump.ar   1

The selected area was scanned.

As of the moment, my computer is running satisfactorily.... no more administrator pass change...... but my file folders are gone....... i think they are being quarantined by Dr. Web Cure It!..
....... my internet connection is quite sluggish
....... folder options on control panel is gone

I just have one question, can we retrieve those files and folders at the quarantine after the infections are compromised?

that's all... and thank you very much for your help at this problem.... Your Recovered Files are all infected as well as what Dr Web quarantined. Recovering them will just reinfect the computer. At this point your BEST option is to reformat and reinstall. Further cleaning will just make the computer more unstable.
So reformatting is the only option to totally get rid of the infections......
I have recovered some of my infected files, and burn it on CD & DVD..... does it mean that the files i have burned are all infected? If i COPY it to my new formatted drives, would the infection also transfer from my disk to the drives? any suggestion on how to prevent this infections on transferring to my newly formatted drive?

Currently, im using G Data Antivirus but its only a trial, it is not updated. Any suggestion on an effective AV which can block this infections from transferring?

Anyway, thank you very much for your efforts and time on solving this case.......
Im very grateful for all of your help.....One area that is infected is here. C:\Documents and Settings\Administrator.SECURITY-928BF1\Desktop\Recovered Files

If those are what you backed up to the CD then they are infected. Is this what you backed up to CD?

Quote

Currently, im using G Data Antivirus but its only a trial, it is not updated.

You need to get a good updated antivirus installed ASAP.

Download one of these to the desktop but before installing it uninstall G Data, restart the computer and then install the new one before going online.

Remember to only install one antivirus!

1) Avast! Home Free Edition
2) AVG Free Edition
3) Avira AntiVir Personal

Then run a full scan with the new antivirus. You can place your backup CD in the drive and let it be scanned also.

Let me know how that goes.

Solve : Virus that changes my administrator pass.....and changes my folder to applicatio?

Discussion

No Comment Found

Related InterviewSolutions

Reply to Comment