Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

HighJackThis File Log, Help Needed.

Reply
1 2 Last »

Join Date: Jul 2005
Posts: 18
Reputation: RPeeteRules is an unknown quantity at this point 
Solved Threads: 0
RPeeteRules RPeeteRules is offline Offline
Newbie Poster

HighJackThis File Log, Help Needed.

 
0
  #1
Jul 13th, 2005
Here is the process I have done so far, followed by the HighJackThis Log. All of this was done while all hidden folders were shown and the "Hide Protected Operating System Files" option was unchecked.

1. Ran Ad-Aware.
2. Ran TrojanHunter.
3. Ran Spybot Search & Destroy.
4. Deleted C:\Windows\Temp folder contents
5. Searched and deleted all files of "*.tmp".
6. Deleted Local Settings\Temp, Cookies, History for all users.
7. Deleted Prefetch.
8. Ran CCleaner.
9. Ran HighJackThis v1.99

Here is the log file...

Logfile of HijackThis v1.99.1
Scan saved at 1:11:25 PM, on 7/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\xl.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\TrojanHunter 4.2\TrojanHunter.exe
C:\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\Program Files\HighJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xktsb.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xktsb.dll/sp.html#12047
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {B7C25C68-FA17-FA9D-AF0F-BB29B5B9B64C} - C:\WINDOWS\apicj.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Microsoft Tray] C:\Documents and Settings\JDG\Desktop\Josh\My Shared Folder\Video Strip Poker 2002.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IEXPLORE.EXE] c:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [javakf32.exe] C:\WINDOWS\system32\javakf32.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\RunOnce: [winiw.exe] C:\WINDOWS\winiw.exe
O4 - HKLM\..\RunOnce: [ieqb32.exe] C:\WINDOWS\system32\ieqb32.exe
O4 - HKLM\..\RunOnce: [CounterSpyCleaner] C:\Program Files\Sunbelt Software\CounterSpy Client\sunASCleaner.exe
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: VirtuaGirl2.lnk = C:\Program Files\vg\VirtuaGirl2.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global User Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global User Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Java Client 2.1.0.91L - http://207.29.194.123:8000/Java/cs4msl091.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct1_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/game...s/y/dtt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt0_x.cab
O16 - DPF: Yahoo! NFL StatTracker - http://aud10.sports.yahoo.com/java/y/nflst8219_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potc_x.cab
O16 - DPF: Yahoo! Trivia - http://download.games.yahoo.com/game...s/y/tvt0_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemp...veSekurity.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...43/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/def...GameLoader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall....eInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/def...ploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\JDG\Local Settings\Temporary Internet Files\Content.IE5\EJYP4R78\SFUninstaller[1].exe" service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: XtreamLok License Manager - Unknown owner - C:\WINDOWS\System32\xl.exe
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 642
Reputation: swatkat is an unknown quantity at this point 
Solved Threads: 50
swatkat's Avatar
swatkat swatkat is offline Offline
Small Town Boy

Re: HighJackThis File Log, Help Needed.

 
0
  #2
Jul 13th, 2005
Hi,
Download CleanUp! and install it, do not run it now.

Download CWShredder. Download SpSeHjfix to the Desktop and then right click a blank part of Desktop & select new folder, call it SpFix unzip the file into that folder.

Reboot in Safe Mode:-
Restart (or switch ON) the PC.
Then, keep tapping the F8 Key.
From the menu that will be displayed, out of which choose Safe Mode and press Enter.

Run SpSeHjfix112 and click on "Start Disinfection". When it's finished it will reboot your machine to finish the cleaning process. The tool creates a log of the fix which will appear in the folder.
If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage.

Now run the CWShredder, and click "Fix" button.

Now, run CleanUp!, click the "Options" button. Here move the "Quick Setup" slider to "Thorough CleanUp!" and click "OK" to warning message. Exit from Options and in the main window, click "CleanUp!" to start cleaning. After cleaning, click "Close" and choose "Yes" to restart the PC.

Reboot the PC to Normal Mode. Perform a virus scan at Panda ActiveScan with the "Disinfection" option enabled. Save the log file it gives after the scan.

Run HijackThis, click the "Do a system scan and save log" button, and post the log here along with SpSeHjFix log and Panda ActiveScan log.
Reply With Quote Quick reply to this message  
Join Date: Dec 2003
Posts: 6,439
Reputation: DMR will become famous soon enough DMR will become famous soon enough 
Solved Threads: 363
Team Colleague
DMR's Avatar
DMR DMR is offline Offline
Wombat At Large

Re: HighJackThis File Log, Help Needed.

 
0
  #3
Jul 13th, 2005
<EDIT>

Hmm... looks like swatkat and I are posting at the same time again.

</EDIT>
"May the Wombat of Happiness snuffle through your underbrush."
- Ancient Aborigine blessing

Please do not contact me by email or PM for help. We're all volunteers here, and only have so much free time to dedicate to our efforts.

However, if I've been working on a thread with you already, and seem to have "forgotten" your thread, please do send me a message. I try not to let things slip through the cracks, but it does happen sometimes.
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 18
Reputation: RPeeteRules is an unknown quantity at this point 
Solved Threads: 0
RPeeteRules RPeeteRules is offline Offline
Newbie Poster

Re: HighJackThis File Log, Help Needed.

 
0
  #4
Jul 14th, 2005
HighJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:05:08 AM, on 7/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\xl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\javakf32.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HighJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ytrgd.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ytrgd.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ytrgd.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ytrgd.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ytrgd.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ytrgd.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ytrgd.dll/sp.html#12047
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {1C72FEB7-4D6C-FAF3-195A-D51516EDCC77} - C:\WINDOWS\apihw32.dll
O2 - BHO: Class - {52CA0E68-18D4-4EE7-27A9-12262907D778} - C:\WINDOWS\system32\addcm32.dll
O2 - BHO: Class - {8C4F8213-4CBA-4C70-31C9-B2D727A270F1} - C:\WINDOWS\ipoh.dll
O2 - BHO: Class - {9A65FF84-5F62-35FE-18D6-0C43F27B7AEB} - C:\WINDOWS\system32\netxj.dll
O2 - BHO: Class - {B784881A-C236-6F52-D86B-285DC0FC4011} - C:\WINDOWS\syskb32.dll
O2 - BHO: Class - {B7C25C68-FA17-FA9D-AF0F-BB29B5B9B64C} - C:\WINDOWS\apicj.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Microsoft Tray] C:\Documents and Settings\JDG\Desktop\Josh\My Shared Folder\Video Strip Poker 2002.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IEXPLORE.EXE] c:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [javakf32.exe] C:\WINDOWS\system32\javakf32.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\RunOnce: [iect.exe] C:\WINDOWS\iect.exe
O4 - HKLM\..\RunOnce: [atlsj32.exe] C:\WINDOWS\system32\atlsj32.exe
O4 - HKLM\..\RunOnce: [appim32.exe] C:\WINDOWS\system32\appim32.exe
O4 - HKLM\..\RunOnce: [atlat32.exe] C:\WINDOWS\system32\atlat32.exe
O4 - HKLM\..\RunOnce: [ipzm32.exe] C:\WINDOWS\system32\ipzm32.exe
O4 - HKLM\..\RunOnce: [appsw.exe] C:\WINDOWS\appsw.exe
O4 - HKLM\..\RunOnce: [crse32.exe] C:\WINDOWS\system32\crse32.exe
O4 - HKLM\..\RunOnce: [d3mp.exe] C:\WINDOWS\d3mp.exe
O4 - HKLM\..\RunOnce: [d3gh.exe] C:\WINDOWS\system32\d3gh.exe
O4 - HKLM\..\RunOnce: [sdkns32.exe] C:\WINDOWS\system32\sdkns32.exe
O4 - HKLM\..\RunOnce: [ipru.exe] C:\WINDOWS\system32\ipru.exe
O4 - HKLM\..\RunOnce: [sdknu.exe] C:\WINDOWS\system32\sdknu.exe
O4 - HKLM\..\RunOnce: [apiry.exe] C:\WINDOWS\apiry.exe
O4 - HKLM\..\RunOnce: [sdknc.exe] C:\WINDOWS\sdknc.exe
O4 - HKLM\..\RunOnce: [msfd32.exe] C:\WINDOWS\msfd32.exe
O4 - HKLM\..\RunOnce: [winvl.exe] C:\WINDOWS\winvl.exe
O4 - HKLM\..\RunOnce: [d3uy.exe] C:\WINDOWS\system32\d3uy.exe
O4 - HKLM\..\RunOnce: [addyc.exe] C:\WINDOWS\addyc.exe
O4 - HKLM\..\RunOnce: [mfcjv32.exe] C:\WINDOWS\system32\mfcjv32.exe
O4 - HKLM\..\RunOnce: [sdkgn32.exe] C:\WINDOWS\sdkgn32.exe
O4 - HKLM\..\RunOnce: [javaob32.exe] C:\WINDOWS\system32\javaob32.exe
O4 - HKLM\..\RunOnce: [ntwx32.exe] C:\WINDOWS\system32\ntwx32.exe
O4 - HKLM\..\RunOnce: [apipo32.exe] C:\WINDOWS\apipo32.exe
O4 - HKLM\..\RunOnce: [msem.exe] C:\WINDOWS\system32\msem.exe
O4 - HKLM\..\RunOnce: [appie32.exe] C:\WINDOWS\system32\appie32.exe
O4 - HKLM\..\RunOnce: [mswy.exe] C:\WINDOWS\system32\mswy.exe
O4 - HKLM\..\RunOnce: [netzt.exe] C:\WINDOWS\netzt.exe
O4 - HKLM\..\RunOnce: [sdklp32.exe] C:\WINDOWS\sdklp32.exe
O4 - HKLM\..\RunOnce: [sysqd.exe] C:\WINDOWS\system32\sysqd.exe
O4 - HKLM\..\RunOnce: [netle.exe] C:\WINDOWS\netle.exe
O4 - HKLM\..\RunOnce: [d3im32.exe] C:\WINDOWS\d3im32.exe
O4 - HKLM\..\RunOnce: [wingl.exe] C:\WINDOWS\system32\wingl.exe
O4 - HKLM\..\RunOnce: [appeq32.exe] C:\WINDOWS\system32\appeq32.exe
O4 - HKLM\..\RunOnce: [winpc32.exe] C:\WINDOWS\winpc32.exe
O4 - HKLM\..\RunOnce: [apich.exe] C:\WINDOWS\apich.exe
O4 - HKLM\..\RunOnce: [mfchl.exe] C:\WINDOWS\system32\mfchl.exe
O4 - HKLM\..\RunOnce: [sysae32.exe] C:\WINDOWS\sysae32.exe
O4 - HKLM\..\RunOnce: [mfcuw.exe] C:\WINDOWS\mfcuw.exe
O4 - HKLM\..\RunOnce: [crnw32.exe] C:\WINDOWS\crnw32.exe
O4 - HKLM\..\RunOnce: [apieo32.exe] C:\WINDOWS\system32\apieo32.exe
O4 - HKLM\..\RunOnce: [sdkvj.exe] C:\WINDOWS\system32\sdkvj.exe
O4 - HKLM\..\RunOnce: [sdkpc32.exe] C:\WINDOWS\system32\sdkpc32.exe
O4 - HKLM\..\RunOnce: [sysiz.exe] C:\WINDOWS\system32\sysiz.exe
O4 - HKLM\..\RunOnce: [sdkbg32.exe] C:\WINDOWS\system32\sdkbg32.exe
O4 - HKLM\..\RunOnce: [addvl.exe] C:\WINDOWS\system32\addvl.exe
O4 - HKLM\..\RunOnce: [apian.exe] C:\WINDOWS\apian.exe
O4 - HKLM\..\RunOnce: [sdkah.exe] C:\WINDOWS\system32\sdkah.exe
O4 - HKLM\..\RunOnce: [mfcfb32.exe] C:\WINDOWS\mfcfb32.exe
O4 - HKLM\..\RunOnce: [netdl.exe] C:\WINDOWS\netdl.exe
O4 - HKLM\..\RunOnce: [javarb.exe] C:\WINDOWS\javarb.exe
O4 - HKLM\..\RunOnce: [javanw32.exe] C:\WINDOWS\javanw32.exe
O4 - HKLM\..\RunOnce: [sysgs.exe] C:\WINDOWS\system32\sysgs.exe
O4 - HKLM\..\RunOnce: [apivj32.exe] C:\WINDOWS\apivj32.exe
O4 - HKLM\..\RunOnce: [sysgc32.exe] C:\WINDOWS\system32\sysgc32.exe
O4 - HKLM\..\RunOnce: [mfczz.exe] C:\WINDOWS\mfczz.exe
O4 - HKLM\..\RunOnce: [ieyg.exe] C:\WINDOWS\ieyg.exe
O4 - HKLM\..\RunOnce: [sdkdr.exe] C:\WINDOWS\sdkdr.exe
O4 - HKLM\..\RunOnce: [msvk.exe] C:\WINDOWS\msvk.exe
O4 - HKLM\..\RunOnce: [d3yv.exe] C:\WINDOWS\system32\d3yv.exe
O4 - HKLM\..\RunOnce: [winho.exe] C:\WINDOWS\winho.exe
O4 - HKLM\..\RunOnce: [crnq32.exe] C:\WINDOWS\system32\crnq32.exe
O4 - HKLM\..\RunOnce: [d3sh32.exe] C:\WINDOWS\system32\d3sh32.exe
O4 - HKLM\..\RunOnce: [netxj.exe] C:\WINDOWS\system32\netxj.exe
O4 - HKLM\..\RunOnce: [atlqi.exe] C:\WINDOWS\atlqi.exe
O4 - HKLM\..\RunOnce: [ievc32.exe] C:\WINDOWS\system32\ievc32.exe
O4 - HKLM\..\RunOnce: [mskx32.exe] C:\WINDOWS\mskx32.exe
O4 - HKLM\..\RunOnce: [apptz32.exe] C:\WINDOWS\system32\apptz32.exe
O4 - HKLM\..\RunOnce: [d3zu.exe] C:\WINDOWS\system32\d3zu.exe
O4 - HKLM\..\RunOnce: [apikh.exe] C:\WINDOWS\system32\apikh.exe
O4 - HKLM\..\RunOnce: [crud32.exe] C:\WINDOWS\crud32.exe
O4 - HKLM\..\RunOnce: [crzu32.exe] C:\WINDOWS\crzu32.exe
O4 - HKLM\..\RunOnce: [mstn32.exe] C:\WINDOWS\system32\mstn32.exe
O4 - HKLM\..\RunOnce: [ipyj32.exe] C:\WINDOWS\system32\ipyj32.exe
O4 - HKLM\..\RunOnce: [mstv.exe] C:\WINDOWS\mstv.exe
O4 - HKLM\..\RunOnce: [apprq32.exe] C:\WINDOWS\apprq32.exe
O4 - HKLM\..\RunOnce: [msaa.exe] C:\WINDOWS\msaa.exe
O4 - HKLM\..\RunOnce: [addee.exe] C:\WINDOWS\system32\addee.exe
O4 - HKLM\..\RunOnce: [addtw32.exe] C:\WINDOWS\addtw32.exe
O4 - HKLM\..\RunOnce: [sysrr32.exe] C:\WINDOWS\sysrr32.exe
O4 - HKLM\..\RunOnce: [winrh32.exe] C:\WINDOWS\winrh32.exe
O4 - HKLM\..\RunOnce: [apiaa32.exe] C:\WINDOWS\apiaa32.exe
O4 - HKLM\..\RunOnce: [apidr32.exe] C:\WINDOWS\apidr32.exe
O4 - HKLM\..\RunOnce: [nttz32.exe] C:\WINDOWS\nttz32.exe
O4 - HKLM\..\RunOnce: [netoc.exe] C:\WINDOWS\system32\netoc.exe
O4 - HKLM\..\RunOnce: [addns32.exe] C:\WINDOWS\addns32.exe
O4 - HKLM\..\RunOnce: [iprk32.exe] C:\WINDOWS\iprk32.exe
O4 - HKLM\..\RunOnce: [crhr.exe] C:\WINDOWS\crhr.exe
O4 - HKLM\..\RunOnce: [ipge.exe] C:\WINDOWS\system32\ipge.exe
O4 - HKLM\..\RunOnce: [mfcwt.exe] C:\WINDOWS\mfcwt.exe
O4 - HKLM\..\RunOnce: [javarl.exe] C:\WINDOWS\system32\javarl.exe
O4 - HKLM\..\RunOnce: [apiqb32.exe] C:\WINDOWS\system32\apiqb32.exe
O4 - HKLM\..\RunOnce: [addpi32.exe] C:\WINDOWS\addpi32.exe
O4 - HKLM\..\RunOnce: [appoy32.exe] C:\WINDOWS\appoy32.exe
O4 - HKLM\..\RunOnce: [ipyr32.exe] C:\WINDOWS\system32\ipyr32.exe
O4 - HKLM\..\RunOnce: [sysyz32.exe] C:\WINDOWS\sysyz32.exe
O4 - HKLM\..\RunOnce: [apibl32.exe] C:\WINDOWS\system32\apibl32.exe
O4 - HKLM\..\RunOnce: [winby32.exe] C:\WINDOWS\system32\winby32.exe
O4 - HKLM\..\RunOnce: [javaur32.exe] C:\WINDOWS\javaur32.exe
O4 - HKLM\..\RunOnce: [cruh32.exe] C:\WINDOWS\cruh32.exe
O4 - HKLM\..\RunOnce: [winda32.exe] C:\WINDOWS\system32\winda32.exe
O4 - HKLM\..\RunOnce: [atlrc.exe] C:\WINDOWS\atlrc.exe
O4 - HKLM\..\RunOnce: [netbd.exe] C:\WINDOWS\netbd.exe
O4 - HKLM\..\RunOnce: [winal32.exe] C:\WINDOWS\winal32.exe
O4 - HKLM\..\RunOnce: [iphz32.exe] C:\WINDOWS\iphz32.exe
O4 - HKLM\..\RunOnce: [winhz32.exe] C:\WINDOWS\system32\winhz32.exe
O4 - HKLM\..\RunOnce: [netkl32.exe] C:\WINDOWS\system32\netkl32.exe
O4 - HKLM\..\RunOnce: [crtm32.exe] C:\WINDOWS\system32\crtm32.exe
O4 - HKLM\..\RunOnce: [atltu.exe] C:\WINDOWS\atltu.exe
O4 - HKLM\..\RunOnce: [msis32.exe] C:\WINDOWS\system32\msis32.exe
O4 - HKLM\..\RunOnce: [mfcxh32.exe] C:\WINDOWS\mfcxh32.exe
O4 - HKLM\..\RunOnce: [ipdr.exe] C:\WINDOWS\ipdr.exe
O4 - HKLM\..\RunOnce: [ipxk32.exe] C:\WINDOWS\system32\ipxk32.exe
O4 - HKLM\..\RunOnce: [addqd32.exe] C:\WINDOWS\system32\addqd32.exe
O4 - HKLM\..\RunOnce: [addql32.exe] C:\WINDOWS\system32\addql32.exe
O4 - HKLM\..\RunOnce: [netam32.exe] C:\WINDOWS\system32\netam32.exe
O4 - HKLM\..\RunOnce: [sysam.exe] C:\WINDOWS\sysam.exe
O4 - HKLM\..\RunOnce: [crdy.exe] C:\WINDOWS\crdy.exe
O4 - HKLM\..\RunOnce: [sdknx.exe] C:\WINDOWS\system32\sdknx.exe
O4 - HKLM\..\RunOnce: [addlx.exe] C:\WINDOWS\system32\addlx.exe
O4 - HKLM\..\RunOnce: [msbn.exe] C:\WINDOWS\msbn.exe
O4 - HKLM\..\RunOnce: [wintn32.exe] C:\WINDOWS\wintn32.exe
O4 - HKLM\..\RunOnce: [mfckv.exe] C:\WINDOWS\mfckv.exe
O4 - HKLM\..\RunOnce: [winii.exe] C:\WINDOWS\system32\winii.exe
O4 - HKLM\..\RunOnce: [mfcem.exe] C:\WINDOWS\mfcem.exe
O4 - HKLM\..\RunOnce: [ntxf32.exe] C:\WINDOWS\system32\ntxf32.exe
O4 - HKLM\..\RunOnce: [crnn.exe] C:\WINDOWS\system32\crnn.exe
O4 - HKLM\..\RunOnce: [msbz.exe] C:\WINDOWS\system32\msbz.exe
O4 - HKLM\..\RunOnce: [iego32.exe] C:\WINDOWS\iego32.exe
O4 - HKLM\..\RunOnce: [ipan.exe] C:\WINDOWS\system32\ipan.exe
O4 - HKLM\..\RunOnce: [sysuy.exe] C:\WINDOWS\sysuy.exe
O4 - HKLM\..\RunOnce: [ipfi.exe] C:\WINDOWS\ipfi.exe
O4 - HKLM\..\RunOnce: [ntco.exe] C:\WINDOWS\ntco.exe
O4 - HKLM\..\RunOnce: [mfchq32.exe] C:\WINDOWS\system32\mfchq32.exe
O4 - HKLM\..\RunOnce: [sdkrr32.exe] C:\WINDOWS\system32\sdkrr32.exe
O4 - HKLM\..\RunOnce: [addrz.exe] C:\WINDOWS\addrz.exe
O4 - HKLM\..\RunOnce: [ievd.exe] C:\WINDOWS\ievd.exe
O4 - HKLM\..\RunOnce: [atlks32.exe] C:\WINDOWS\system32\atlks32.exe
O4 - HKLM\..\RunOnce: [ipih.exe] C:\WINDOWS\system32\ipih.exe
O4 - HKLM\..\RunOnce: [cred32.exe] C:\WINDOWS\system32\cred32.exe
O4 - HKLM\..\RunOnce: [sdkom.exe] C:\WINDOWS\system32\sdkom.exe
O4 - HKLM\..\RunOnce: [addwk32.exe] C:\WINDOWS\addwk32.exe
O4 - HKLM\..\RunOnce: [ntou.exe] C:\WINDOWS\ntou.exe
O4 - HKLM\..\RunOnce: [neteb.exe] C:\WINDOWS\neteb.exe
O4 - HKLM\..\RunOnce: [appil32.exe] C:\WINDOWS\system32\appil32.exe
O4 - HKLM\..\RunOnce: [d3ue32.exe] C:\WINDOWS\system32\d3ue32.exe
O4 - HKLM\..\RunOnce: [msbu.exe] C:\WINDOWS\system32\msbu.exe
O4 - HKLM\..\RunOnce: [d3cu.exe] C:\WINDOWS\system32\d3cu.exe
O4 - HKLM\..\RunOnce: [addrk32.exe] C:\WINDOWS\system32\addrk32.exe
O4 - HKLM\..\RunOnce: [mska.exe] C:\WINDOWS\system32\mska.exe
O4 - HKLM\..\RunOnce: [netyf.exe] C:\WINDOWS\netyf.exe
O4 - HKLM\..\RunOnce: [iekq.exe] C:\WINDOWS\system32\iekq.exe
O4 - HKLM\..\RunOnce: [crax.exe] C:\WINDOWS\system32\crax.exe
O4 - HKLM\..\RunOnce: [netsq32.exe] C:\WINDOWS\netsq32.exe
O4 - HKLM\..\RunOnce: [sdkys.exe] C:\WINDOWS\system32\sdkys.exe
O4 - HKLM\..\RunOnce: [appvr.exe] C:\WINDOWS\appvr.exe
O4 - HKLM\..\RunOnce: [wincg.exe] C:\WINDOWS\system32\wincg.exe
O4 - HKLM\..\RunOnce: [crvz32.exe] C:\WINDOWS\system32\crvz32.exe
O4 - HKLM\..\RunOnce: [ipmu32.exe] C:\WINDOWS\system32\ipmu32.exe
O4 - HKLM\..\RunOnce: [apihy32.exe] C:\WINDOWS\apihy32.exe
O4 - HKLM\..\RunOnce: [sdkfv.exe] C:\WINDOWS\sdkfv.exe
O4 - HKLM\..\RunOnce: [appls32.exe] C:\WINDOWS\system32\appls32.exe
O4 - HKLM\..\RunOnce: [mfcel32.exe] C:\WINDOWS\system32\mfcel32.exe
O4 - HKLM\..\RunOnce: [iebp32.exe] C:\WINDOWS\system32\iebp32.exe
O4 - HKLM\..\RunOnce: [atlak.exe] C:\WINDOWS\atlak.exe
O4 - HKLM\..\RunOnce: [apidd32.exe] C:\WINDOWS\system32\apidd32.exe
O4 - HKLM\..\RunOnce: [apisa32.exe] C:\WINDOWS\apisa32.exe
O4 - HKLM\..\RunOnce: [syswe.exe] C:\WINDOWS\system32\syswe.exe
O4 - HKLM\..\RunOnce: [d3ai.exe] C:\WINDOWS\d3ai.exe
O4 - HKLM\..\RunOnce: [sdkkg32.exe] C:\WINDOWS\sdkkg32.exe
O4 - HKLM\..\RunOnce: [appkp.exe] C:\WINDOWS\appkp.exe
O4 - HKLM\..\RunOnce: [ieob.exe] C:\WINDOWS\ieob.exe
O4 - HKLM\..\RunOnce: [netim32.exe] C:\WINDOWS\netim32.exe
O4 - HKLM\..\RunOnce: [sdkzt32.exe] C:\WINDOWS\sdkzt32.exe
O4 - HKLM\..\RunOnce: [ipcx.exe] C:\WINDOWS\system32\ipcx.exe
O4 - HKLM\..\RunOnce: [appbn32.exe] C:\WINDOWS\system32\appbn32.exe
O4 - HKLM\..\RunOnce: [netmm32.exe] C:\WINDOWS\netmm32.exe
O4 - HKLM\..\RunOnce: [ipfx32.exe] C:\WINDOWS\system32\ipfx32.exe
O4 - HKLM\..\RunOnce: [syscq32.exe] C:\WINDOWS\syscq32.exe
O4 - HKLM\..\RunOnce: [msft.exe] C:\WINDOWS\system32\msft.exe
O4 - HKLM\..\RunOnce: [ntej32.exe] C:\WINDOWS\system32\ntej32.exe
O4 - HKLM\..\RunOnce: [ieab32.exe] C:\WINDOWS\ieab32.exe
O4 - HKLM\..\RunOnce: [appyi.exe] C:\WINDOWS\appyi.exe
O4 - HKLM\..\RunOnce: [netum32.exe] C:\WINDOWS\system32\netum32.exe
O4 - HKLM\..\RunOnce: [atldn.exe] C:\WINDOWS\system32\atldn.exe
O4 - HKLM\..\RunOnce: [mfcrj32.exe] C:\WINDOWS\system32\mfcrj32.exe
O4 - HKLM\..\RunOnce: [atlxy32.exe] C:\WINDOWS\atlxy32.exe
O4 - HKLM\..\RunOnce: [iecc32.exe] C:\WINDOWS\iecc32.exe
O4 - HKLM\..\RunOnce: [d3ax.exe] C:\WINDOWS\d3ax.exe
O4 - HKLM\..\RunOnce: [netzx32.exe] C:\WINDOWS\netzx32.exe
O4 - HKLM\..\RunOnce: [msgu.exe] C:\WINDOWS\system32\msgu.exe
O4 - HKLM\..\RunOnce: [sysfc.exe] C:\WINDOWS\sysfc.exe
O4 - HKLM\..\RunOnce: [atlxu.exe] C:\WINDOWS\system32\atlxu.exe
O4 - HKLM\..\RunOnce: [d3oc32.exe] C:\WINDOWS\system32\d3oc32.exe
O4 - HKLM\..\RunOnce: [atldr32.exe] C:\WINDOWS\atldr32.exe
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: VirtuaGirl2.lnk = C:\Program Files\vg\VirtuaGirl2.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global User Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global User Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Java Client 2.1.0.91L - http://207.29.194.123:8000/Java/cs4msl091.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct1_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/game...s/y/dtt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt0_x.cab
O16 - DPF: Yahoo! NFL StatTracker - http://aud10.sports.yahoo.com/java/y/nflst8219_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potc_x.cab
O16 - DPF: Yahoo! Trivia - http://download.games.yahoo.com/game...s/y/tvt0_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemp...veSekurity.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...43/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/def...GameLoader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall....eInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/def...ploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\winiw.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\JDG\Local Settings\Temporary Internet Files\Content.IE5\EJYP4R78\SFUninstaller[1].exe" service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: XtreamLok License Manager - Unknown owner - C:\WINDOWS\System32\xl.exe


SpSeHjFix Log File:



(7/13/05 4:54:24 PM) SPSeHjFix started v1.1.2
(7/13/05 4:54:24 PM) OS: WinXP Service Pack 2 (5.1.2600)
(7/13/05 4:54:24 PM) Language: english
(7/13/05 4:54:24 PM) Win-Path: C:\WINDOWS
(7/13/05 4:54:24 PM) System-Path: C:\WINDOWS\system32
(7/13/05 4:54:24 PM) Temp-Path: C:\DOCUME~1\JDG\LOCALS~1\Temp\
(7/13/05 4:54:36 PM) Disinfection started
(7/13/05 4:54:36 PM) Bad-Dll(IEP): c:\windows\xktsb.dll
(7/13/05 4:54:36 PM) UBF: 4 - UBB: 1 - UBR: 26
(7/13/05 4:54:36 PM) UBF: 4 - UBB: 1 - UBR: 26
(7/13/05 4:54:36 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: res://c:\windows\xktsb.dll/sp.html#12047
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: res://c:\windows\xktsb.dll/sp.html#12047
(7/13/05 4:54:36 PM) Stealth-String not found
(7/13/05 4:54:36 PM) No locked Files to delete. End without Reboot
(7/13/05 4:54:41 PM) Disinfection started
(7/13/05 4:54:41 PM) Bad-Dll(IEP): c:\windows\xktsb.dll
(7/13/05 4:54:41 PM) UBF: 4 - UBB: 1 - UBR: 26
(7/13/05 4:54:41 PM) UBF: 4 - UBB: 1 - UBR: 26
(7/13/05 4:54:41 PM) Bad IE-pages: (none)
(7/13/05 4:54:41 PM) Stealth-String not found
(7/13/05 4:54:41 PM) No locked Files to delete. End without Reboot
(7/13/05 4:55:03 PM) Disinfection started
(7/13/05 4:55:03 PM) Bad-Dll(IEP): c:\windows\xktsb.dll
(7/13/05 4:55:03 PM) UBF: 4 - UBB: 1 - UBR: 26
(7/13/05 4:55:03 PM) UBF: 4 - UBB: 1 - UBR: 26
(7/13/05 4:55:03 PM) Bad IE-pages: (none)
(7/13/05 4:55:03 PM) Stealth-String not found
(7/13/05 4:55:03 PM) No locked Files to delete. End without Reboot


(7/13/05 4:55:26 PM) SPSeHjFix started v1.1.2
(7/13/05 4:55:26 PM) OS: WinXP Service Pack 2 (5.1.2600)
(7/13/05 4:55:26 PM) Language: english
(7/13/05 4:55:26 PM) Win-Path: C:\WINDOWS
(7/13/05 4:55:26 PM) System-Path: C:\WINDOWS\system32
(7/13/05 4:55:26 PM) Temp-Path: C:\DOCUME~1\JDG\LOCALS~1\Temp\
(7/13/05 4:55:32 PM) Disinfection started
(7/13/05 4:55:32 PM) Bad-Dll(IEP): (not found)
(7/13/05 4:55:32 PM) Bad-Dll(IEP) in BHO: (not found)
(7/13/05 4:55:32 PM) UBF: 4 - UBB: 1 - UBR: 26
(7/13/05 4:55:32 PM) UBF: 4 - UBB: 1 - UBR: 26
(7/13/05 4:55:32 PM) Bad IE-pages: (none)
(7/13/05 4:55:32 PM) Stealth-String not found
(7/13/05 4:55:32 PM) Not infected->END


Panda Scan Log:


Incident Status Location

Spywarepyware/Cydoor No disinfected C:\WINDOWS\cdmxtras
Spywarepyware/BargainBuddy No disinfected C:\WINDOWS\system32\NLNupgradeV4_5P13.exe
Adware:Adware/MyWay No disinfected C:\WINDOWS\system32\Xcite.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\system32\FLEOK
Adware:Adware/BrilliantDigitalNo disinfected Windows Registry
Adware:Adware/DownloadWare No disinfected C:\Program Files\MediaLoads*
Spywarepyware/ISTbar No disinfected C:\Program Files\Common Files\Totem Shared
Spywarepyware/ClearSearch No disinfected C:\WINDOWS\system32\ClrSchP0??.dll
Adware:Adware/TalkStocks No disinfected C:\WINDOWS\system32\mstbl.ocx
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\sahagent*.exe
Adware:Adware/SearchAid No disinfected Windows Registry
Adware:Adware/SideSearch No disinfected C:\Documents and Settings\JDG\Application Data\Lycos
Adware:Adware/BlazeFind No disinfected Windows Registry
Adware:Adware/MSView No disinfected C:\WINDOWS\system32\nostalgia.dll
Spywarepyware/Altnet No disinfected Windows Registry
Spywarepyware/Whazit No disinfected C:\WINDOWS\system32\fiz1
Adware:Adware/CWS.Aboutblank No disinfected Windows Registry
Adware:Adware/Antivirus-gold No disinfected C:\Documents and Settings\JDG\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusGold 2.0.lnk
Adware:Adware/Gator No disinfected C:\Program Files\Common Files\ppetpper\nfhpeent\htjlnejn.exe.tcf
Adware:Adware/Gator No disinfected C:\Program Files\Common Files\ppetpper\peppcnapah\pnjnnflbl.exe.tcf
Adware:Adware/VirtualBouncer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\09249232-8AB0-4C82-B484-B259DB\22855475-A4FE-46F8-ACC9-89FC84
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\07962896-0F3D-45EC-BB74-B30C02
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\07A96FF7-8F51-47F4-8FA9-AE7642
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\2245E673-988A-4C21-9F36-E3E580
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\24C304DE-0A64-447A-88C3-D352C3
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\2EB8B370-9440-4473-9921-14C9E5
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\320DFE9A-65E1-413D-B7A4-0BBE1B
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\320DFE9A-65E1-413D-B7A4-0BBE1B[sysdetect.dll]
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\3213AA3A-2D4C-4302-93DA-DA63CC
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\5274E52D-0192-4F30-AA3A-38D60D
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\5C0B0532-168E-47BA-99F9-A4545F
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\617E34AB-6E8E-4F78-8197-58F77E
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\6A95E07C-9AB3-44DE-B40D-33AECD
Adware:Adware/MyWay No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\71FE6599-60FD-4072-A1C6-202C3F
Adware:Adware/MyWay No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\71FE6599-60FD-4072-A1C6-202C3F[mySetp.exe]
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\88D3F65E-BE0E-424E-A950-EDE339
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\8D73D7F8-0DBD-4A71-A9AB-E06F24
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\9085447E-E893-445C-BE65-7935F3
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\9085447E-E893-445C-BE65-7935F3[Points Manager.exe]
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\960CD96A-23F0-457C-B15D-E8DC0F
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\A0BA2442-C030-4A25-AB58-D5DE08
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\AB3C410E-83A7-4F3B-8CF3-D14313
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\B6582C33-8486-4BE1-B256-611871
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\C869D74A-EB7C-4170-8974-A9A6D7
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\CB7FF7D8-6856-41BD-B2C5-305FCB
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\CCFF6568-F7EE-4861-B31E-37BCCE
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\E326382D-1627-48A2-82FF-8F7561
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\F850E8C2-6523-4996-BAA9-4266FD
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\F850E8C2-6523-4996-BAA9-4266FD[AltnetUninstall.exe]
Spywarepyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\F850E8C2-6523-4996-BAA9-4266FD[asmend.exe]
Adware:Adware/MSView No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\26E39A8E-5679-47A3-967F-2B6D3B\B44B9D1C-F27F-4474-9254-914057
Adware:Adware/InstaFinder No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\38A88E24-F777-4B77-B011-3B5F45\37E8D4B2-0F05-4B5D-846B-8E8A56
Adware:Adware/MyWay No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\62D851C8-6263-4F33-B43B-CCE57E\A957F6ED-365B-4510-B742-664F87
Adware:Adware/MyWay No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\79DB9F22-1B5E-44EF-8560-27517F\6DFBF217-D82A-484C-B47E-355989
Adware:Adware/P2PNetworking No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8061A45F-594A-4531-BE21-DACB02\0FCC5CFB-E7F4-4E44-A4B7-0533C7
Adware:Adware/P2PNetworking No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8061A45F-594A-4531-BE21-DACB02\2363F935-D070-445D-85A9-FB7418
Adware:Adware/P2PNetworking No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8061A45F-594A-4531-BE21-DACB02\2E408893-9621-427E-A2B2-03B33A
Adware:Adware/P2PNetworking No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8061A45F-594A-4531-BE21-DACB02\4EF4204A-F472-406F-AC07-263679
Adware:Adware/Medload No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8061A45F-594A-4531-BE21-DACB02\5D53FC52-0EFB-4EC7-BEE8-3218CF
Adware:Adware/P2PNetworking No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8061A45F-594A-4531-BE21-DACB02\68A0BA8D-D254-4E75-8B2F-528608
Adware:Adware/P2PNetworking No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8061A45F-594A-4531-BE21-DACB02\74C8DE8D-258D-479F-97F4-9C725F
Adware:Adware/P2PNetworking No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8061A45F-594A-4531-BE21-DACB02\9377129E-73F3-48C8-90C2-6D998C
Adware:Adware/P2PNetworking No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8061A45F-594A-4531-BE21-DACB02\E48842EB-41A6-4756-9225-CD6A7E
Adware:Adware/P2PNetworking No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8061A45F-594A-4531-BE21-DACB02\EF82B114-25AB-47A7-9D15-7447EB
Adware:Adware/MyWay No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\9D2688BD-AE77-4233-A938-B71A8B\51D02FAD-C9A4-4673-AF10-10236D
Adware:Adware/MyWay No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\9D2688BD-AE77-4233-A938-B71A8B\CCDC6BFC-FCDE-4282-942A-F5DC20
Adware:Adware/Medload No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C34FC78C-A7FF-43B4-A6B0-2216AF\B5B9628E-BCC0-4161-A9CE-EBA1FF
Adware:Adware/VirtualBouncer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E06A5280-F03D-4F7A-B49A-255E28\EE808BEB-58D2-477B-9EF3-C1026F
Adware:Adware/Antivirus-gold No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\82F65484-5FEC-439C-8B2F-E1593D\9B332885-A7CB-488B-9F5C-60090B
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3ub.exe
Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.dll
Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.inf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\fahic.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\gqisx.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\hdaeo.dll.tcf
Spywarepyware/BetterInet No disinfected C:\WINDOWS\INF\biini.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\polmx2.inf
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipmo.exe
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\jvhqb.dll.tcf
Adware:Adware/WinTools No disinfected C:\WINDOWS\Key2.txt
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\likqa.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\nbntv.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\rvqak.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\sedgh.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\SYSTEM32\akuda.dll.tcf
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\appxd32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\atlxd.exe
Spywarepyware/ClearSearch No disinfected C:\WINDOWS\SYSTEM32\ClrSchP012.dll
Spywarepyware/ClearSearch No disinfected C:\WINDOWS\SYSTEM32\ClrSchP0121.dll
Spywarepyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\cm1.dll
Spywarepyware/Whazit No disinfected C:\WINDOWS\SYSTEM32\fiz1
Spywarepyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\fly.dll
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\SYSTEM32\gchui.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\SYSTEM32\hbpif.dll.tcf
Adware:Adware/Specofer No disinfected C:\WINDOWS\SYSTEM32\httppost.exe
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\SYSTEM32\hwgei.dll.tcf
Spywarepyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\ignet.dll
Spywarepyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\ignet2.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\ipbh.exe
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\SYSTEM32\kcdsy.dll.tcf
Spywarepyware/Whazit No disinfected C:\WINDOWS\SYSTEM32\kyf.dat
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\SYSTEM32\kzxjg.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\SYSTEM32\maaxt.dll.tcf
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\mfcbz.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\msss.exe
Adware:Adware/TalkStocks No disinfected C:\WINDOWS\SYSTEM32\mstbl.ocx
Spywarepyware/BetterInet No disinfected C:\WINDOWS\SYSTEM32\MSView.exe
Adware:Adware/nCase No disinfected C:\WINDOWS\SYSTEM32\ncase.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\SYSTEM32\ncase2.dll
Spywarepyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\NLNupgradeV4_5P13.exe
Adware:Adware/MSView No disinfected C:\WINDOWS\SYSTEM32\nostalgia.dll
Spywarepyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\OMsetup.exe
Adware:Adware/RCSync No disinfected C:\WINDOWS\SYSTEM32\pr1ze5.dll.tcf
Adware:Adware/RCSync No disinfected C:\WINDOWS\SYSTEM32\pr1ze5.dlltmp
Adware:Adware/RCSync No disinfected C:\WINDOWS\SYSTEM32\prizesurfer_setup.exe
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\SYSTEM32\qgcok.dll.tcf
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM32\sahagent1003.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM32\SHAgent.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM32\SHAgent1007.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\SYSTEM32\vkhzp.dll.tcf
Adware:Adware/MyWay No disinfected C:\WINDOWS\SYSTEM32\Xcite.dll
Adware:Adware/MyWay No disinfected C:\WINDOWS\SYSTEM32\Xcite.exe
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\SYSTEM32\xexaf.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\SYSTEM32\ytrgd.dll
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\ucval.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\xjjgm.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\xktsb.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\yvmot.dll.tcf
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 18
Reputation: RPeeteRules is an unknown quantity at this point 
Solved Threads: 0
RPeeteRules RPeeteRules is offline Offline
Newbie Poster

Re: HighJackThis File Log, Help Needed.

 
0
  #5
Jul 14th, 2005
Where do I go from here?
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 18
Reputation: RPeeteRules is an unknown quantity at this point 
Solved Threads: 0
RPeeteRules RPeeteRules is offline Offline
Newbie Poster

Re: HighJackThis File Log, Help Needed.

 
0
  #6
Jul 15th, 2005
What should I do with those logs? Anyone?
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 642
Reputation: swatkat is an unknown quantity at this point 
Solved Threads: 50
swatkat's Avatar
swatkat swatkat is offline Offline
Small Town Boy

Re: HighJackThis File Log, Help Needed.

 
0
  #7
Jul 15th, 2005
Hi,
There are few things which needs to be removed, now. Download Sysclean Pacakge, create a folder named Sysclean on Desktop, and put the downloaded file to that folder. Next download the pattern file for Windows OS (pattern file will have a name like lpt731.zip ) and extract the contents of the ZIP file to the same Sysclean folder.

Boot in SAFE Mode.

Double-click on the sysclean.com file, and after few seconds, the Sysclean window appears. Here make sure that Automatically clean or delete infected files option is selected. Then click "Scan". After the scan is complete it gives a log, save the log file.


Reboot to normal mode, run HijackThis again, and post a fresh log along with Sysclean log.
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 18
Reputation: RPeeteRules is an unknown quantity at this point 
Solved Threads: 0
RPeeteRules RPeeteRules is offline Offline
Newbie Poster

Re: HighJackThis File Log, Help Needed.

 
0
  #8
Jul 16th, 2005
Thanks so far for all the help so far. Here are the two logs, I'll do them on two seperate replies.

HighJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:16:54 AM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\xl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ieqg32.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\HP Share-to-Web\hpgs2wnd.exe
C:\Digital Imaging\Unload\hpqcmon.exe
C:\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HighJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\bcdzj.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bcdzj.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\bcdzj.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\bcdzj.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bcdzj.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\bcdzj.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\bcdzj.dll/sp.html#12047
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {038102A8-6BBF-3523-E9F7-013C8EC35F4A} - C:\WINDOWS\system32\atlku32.dll
O2 - BHO: Class - {19C147DB-0AAE-4BC9-7FA4-0291F21C5F33} - C:\WINDOWS\atlex.dll
O2 - BHO: Class - {1C72FEB7-4D6C-FAF3-195A-D51516EDCC77} - C:\WINDOWS\apihw32.dll
O2 - BHO: Class - {29E7FFD8-E6A5-9FCB-ED6E-4AAE63F4CAE9} - C:\WINDOWS\system32\sysyx32.dll
O2 - BHO: Class - {4197FF54-5C18-A7E5-9CC3-32130092E2A4} - C:\WINDOWS\crms32.dll
O2 - BHO: Class - {52CA0E68-18D4-4EE7-27A9-12262907D778} - C:\WINDOWS\system32\addcm32.dll
O2 - BHO: Class - {5FED6D45-2D6E-9D60-4B64-A4543F387F99} - C:\WINDOWS\system32\javaia32.dll
O2 - BHO: Class - {605BB929-10FB-81EB-196F-7822E1EA2567} - C:\WINDOWS\ipwg32.dll
O2 - BHO: Class - {789FEB82-8DED-7AC4-9DDA-995AC51398B1} - C:\WINDOWS\system32\atlnk.dll
O2 - BHO: Class - {8C4F8213-4CBA-4C70-31C9-B2D727A270F1} - C:\WINDOWS\ipoh.dll
O2 - BHO: Class - {92935E29-CDC5-7406-9FD4-6550E38F847C} - C:\WINDOWS\sdkdt.dll
O2 - BHO: Class - {991DF816-06EC-05DF-D306-F828A69AEF22} - C:\WINDOWS\netwy32.dll
O2 - BHO: Class - {9A65FF84-5F62-35FE-18D6-0C43F27B7AEB} - C:\WINDOWS\system32\netxj.dll
O2 - BHO: Class - {A5F02AA1-E33B-02E2-EE38-6C66F5363B53} - C:\WINDOWS\winaw.dll
O2 - BHO: Class - {B784881A-C236-6F52-D86B-285DC0FC4011} - C:\WINDOWS\syskb32.dll
O2 - BHO: Class - {B7C25C68-FA17-FA9D-AF0F-BB29B5B9B64C} - C:\WINDOWS\apicj.dll
O2 - BHO: Class - {BC88BD6A-B85D-124E-8F1A-F26233A0C485} - C:\WINDOWS\javatg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {BF8E8A3B-3B07-92AF-7CDE-94E44B1AB52C} - C:\WINDOWS\system32\javang32.dll
O2 - BHO: Class - {C0146C97-9E45-541E-2BF9-8DEC38F21C73} - C:\WINDOWS\javaif.dll
O2 - BHO: Class - {C57C0B7D-AA25-C69F-541D-8DFCEADF8E7E} - C:\WINDOWS\system32\ieak.dll
O2 - BHO: Class - {FA224A3B-80E3-FC4E-47BB-C7027C3BE4E9} - C:\WINDOWS\system32\javauq32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Microsoft Tray] C:\Documents and Settings\JDG\Desktop\Josh\My Shared Folder\Video Strip Poker 2002.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IEXPLORE.EXE] c:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [javakf32.exe] C:\WINDOWS\system32\javakf32.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [ieqg32.exe] C:\WINDOWS\system32\ieqg32.exe
O4 - HKLM\..\RunOnce: [iect.exe] C:\WINDOWS\iect.exe
O4 - HKLM\..\RunOnce: [sdkns32.exe] C:\WINDOWS\system32\sdkns32.exe
O4 - HKLM\..\RunOnce: [ipru.exe] C:\WINDOWS\system32\ipru.exe
O4 - HKLM\..\RunOnce: [sdknu.exe] C:\WINDOWS\system32\sdknu.exe
O4 - HKLM\..\RunOnce: [apiry.exe] C:\WINDOWS\apiry.exe
O4 - HKLM\..\RunOnce: [winvl.exe] C:\WINDOWS\winvl.exe
O4 - HKLM\..\RunOnce: [d3uy.exe] C:\WINDOWS\system32\d3uy.exe
O4 - HKLM\..\RunOnce: [addyc.exe] C:\WINDOWS\system32\addyc.exe
O4 - HKLM\..\RunOnce: [mfcjv32.exe] C:\WINDOWS\system32\mfcjv32.exe
O4 - HKLM\..\RunOnce: [sdkgn32.exe] C:\WINDOWS\sdkgn32.exe
O4 - HKLM\..\RunOnce: [javaob32.exe] C:\WINDOWS\system32\javaob32.exe
O4 - HKLM\..\RunOnce: [ntwx32.exe] C:\WINDOWS\system32\ntwx32.exe
O4 - HKLM\..\RunOnce: [apipo32.exe] C:\WINDOWS\apipo32.exe
O4 - HKLM\..\RunOnce: [msem.exe] C:\WINDOWS\system32\msem.exe
O4 - HKLM\..\RunOnce: [appie32.exe] C:\WINDOWS\system32\appie32.exe
O4 - HKLM\..\RunOnce: [mswy.exe] C:\WINDOWS\system32\mswy.exe
O4 - HKLM\..\RunOnce: [netzt.exe] C:\WINDOWS\netzt.exe
O4 - HKLM\..\RunOnce: [sdklp32.exe] C:\WINDOWS\sdklp32.exe
O4 - HKLM\..\RunOnce: [netle.exe] C:\WINDOWS\netle.exe
O4 - HKLM\..\RunOnce: [d3im32.exe] C:\WINDOWS\d3im32.exe
O4 - HKLM\..\RunOnce: [wingl.exe] C:\WINDOWS\system32\wingl.exe
O4 - HKLM\..\RunOnce: [winpc32.exe] C:\WINDOWS\winpc32.exe
O4 - HKLM\..\RunOnce: [apich.exe] C:\WINDOWS\apich.exe
O4 - HKLM\..\RunOnce: [sdkah.exe] C:\WINDOWS\system32\sdkah.exe
O4 - HKLM\..\RunOnce: [mfcfb32.exe] C:\WINDOWS\mfcfb32.exe
O4 - HKLM\..\RunOnce: [netdl.exe] C:\WINDOWS\netdl.exe
O4 - HKLM\..\RunOnce: [javarb.exe] C:\WINDOWS\javarb.exe
O4 - HKLM\..\RunOnce: [javanw32.exe] C:\WINDOWS\javanw32.exe
O4 - HKLM\..\RunOnce: [sysgs.exe] C:\WINDOWS\system32\sysgs.exe
O4 - HKLM\..\RunOnce: [ieyg.exe] C:\WINDOWS\ieyg.exe
O4 - HKLM\..\RunOnce: [sdkdr.exe] C:\WINDOWS\sdkdr.exe
O4 - HKLM\..\RunOnce: [msvk.exe] C:\WINDOWS\msvk.exe
O4 - HKLM\..\RunOnce: [d3yv.exe] C:\WINDOWS\system32\d3yv.exe
O4 - HKLM\..\RunOnce: [crnq32.exe] C:\WINDOWS\system32\crnq32.exe
O4 - HKLM\..\RunOnce: [d3sh32.exe] C:\WINDOWS\system32\d3sh32.exe
O4 - HKLM\..\RunOnce: [atlqi.exe] C:\WINDOWS\atlqi.exe
O4 - HKLM\..\RunOnce: [mskx32.exe] C:\WINDOWS\mskx32.exe
O4 - HKLM\..\RunOnce: [d3zu.exe] C:\WINDOWS\system32\d3zu.exe
O4 - HKLM\..\RunOnce: [apikh.exe] C:\WINDOWS\system32\apikh.exe
O4 - HKLM\..\RunOnce: [crud32.exe] C:\WINDOWS\crud32.exe
O4 - HKLM\..\RunOnce: [crzu32.exe] C:\WINDOWS\crzu32.exe
O4 - HKLM\..\RunOnce: [ipyj32.exe] C:\WINDOWS\system32\ipyj32.exe
O4 - HKLM\..\RunOnce: [apprq32.exe] C:\WINDOWS\apprq32.exe
O4 - HKLM\..\RunOnce: [addtw32.exe] C:\WINDOWS\addtw32.exe
O4 - HKLM\..\RunOnce: [ipge.exe] C:\WINDOWS\system32\ipge.exe
O4 - HKLM\..\RunOnce: [javarl.exe] C:\WINDOWS\system32\javarl.exe
O4 - HKLM\..\RunOnce: [addpi32.exe] C:\WINDOWS\addpi32.exe
O4 - HKLM\..\RunOnce: [appoy32.exe] C:\WINDOWS\appoy32.exe
O4 - HKLM\..\RunOnce: [ipyr32.exe] C:\WINDOWS\system32\ipyr32.exe
O4 - HKLM\..\RunOnce: [sysyz32.exe] C:\WINDOWS\sysyz32.exe
O4 - HKLM\..\RunOnce: [apibl32.exe] C:\WINDOWS\system32\apibl32.exe
O4 - HKLM\..\RunOnce: [javaur32.exe] C:\WINDOWS\javaur32.exe
O4 - HKLM\..\RunOnce: [cruh32.exe] C:\WINDOWS\cruh32.exe
O4 - HKLM\..\RunOnce: [winda32.exe] C:\WINDOWS\system32\winda32.exe
O4 - HKLM\..\RunOnce: [atlrc.exe] C:\WINDOWS\atlrc.exe
O4 - HKLM\..\RunOnce: [netbd.exe] C:\WINDOWS\netbd.exe
O4 - HKLM\..\RunOnce: [winal32.exe] C:\WINDOWS\winal32.exe
O4 - HKLM\..\RunOnce: [mfckv.exe] C:\WINDOWS\mfckv.exe
O4 - HKLM\..\RunOnce: [winii.exe] C:\WINDOWS\system32\winii.exe
O4 - HKLM\..\RunOnce: [mfcem.exe] C:\WINDOWS\mfcem.exe
O4 - HKLM\..\RunOnce: [ntxf32.exe] C:\WINDOWS\system32\ntxf32.exe
O4 - HKLM\..\RunOnce: [msbz.exe] C:\WINDOWS\system32\msbz.exe
O4 - HKLM\..\RunOnce: [iego32.exe] C:\WINDOWS\iego32.exe
O4 - HKLM\..\RunOnce: [sysuy.exe] C:\WINDOWS\sysuy.exe
O4 - HKLM\..\RunOnce: [ipfi.exe] C:\WINDOWS\ipfi.exe
O4 - HKLM\..\RunOnce: [ntco.exe] C:\WINDOWS\ntco.exe
O4 - HKLM\..\RunOnce: [mfchq32.exe] C:\WINDOWS\system32\mfchq32.exe
O4 - HKLM\..\RunOnce: [sdkrr32.exe] C:\WINDOWS\system32\sdkrr32.exe
O4 - HKLM\..\RunOnce: [addrz.exe] C:\WINDOWS\addrz.exe
O4 - HKLM\..\RunOnce: [ievd.exe] C:\WINDOWS\ievd.exe
O4 - HKLM\..\RunOnce: [ipih.exe] C:\WINDOWS\system32\ipih.exe
O4 - HKLM\..\RunOnce: [addte32.exe] C:\WINDOWS\system32\addte32.exe
O4 - HKLM\..\RunOnce: [sdkom.exe] C:\WINDOWS\system32\sdkom.exe
O4 - HKLM\..\RunOnce: [ntou.exe] C:\WINDOWS\ntou.exe
O4 - HKLM\..\RunOnce: [appil32.exe] C:\WINDOWS\system32\appil32.exe
O4 - HKLM\..\RunOnce: [msbu.exe] C:\WINDOWS\system32\msbu.exe
O4 - HKLM\..\RunOnce: [d3cu.exe] C:\WINDOWS\system32\d3cu.exe
O4 - HKLM\..\RunOnce: [mska.exe] C:\WINDOWS\system32\mska.exe
O4 - HKLM\..\RunOnce: [netyf.exe] C:\WINDOWS\netyf.exe
O4 - HKLM\..\RunOnce: [iekq.exe] C:\WINDOWS\system32\iekq.exe
O4 - HKLM\..\RunOnce: [netsq32.exe] C:\WINDOWS\system32\netsq32.exe
O4 - HKLM\..\RunOnce: [sdkys.exe] C:\WINDOWS\system32\sdkys.exe
O4 - HKLM\..\RunOnce: [appvr.exe] C:\WINDOWS\appvr.exe
O4 - HKLM\..\RunOnce: [crvz32.exe] C:\WINDOWS\system32\crvz32.exe
O4 - HKLM\..\RunOnce: [ieob.exe] C:\WINDOWS\ieob.exe
O4 - HKLM\..\RunOnce: [netim32.exe] C:\WINDOWS\netim32.exe
O4 - HKLM\..\RunOnce: [sdkzt32.exe] C:\WINDOWS\sdkzt32.exe
O4 - HKLM\..\RunOnce: [ipcx.exe] C:\WINDOWS\system32\ipcx.exe
O4 - HKLM\..\RunOnce: [appbn32.exe] C:\WINDOWS\system32\appbn32.exe
O4 - HKLM\..\RunOnce: [ipfx32.exe] C:\WINDOWS\system32\ipfx32.exe
O4 - HKLM\..\RunOnce: [syscq32.exe] C:\WINDOWS\syscq32.exe
O4 - HKLM\..\RunOnce: [ntej32.exe] C:\WINDOWS\system32\ntej32.exe
O4 - HKLM\..\RunOnce: [msgu.exe] C:\WINDOWS\system32\msgu.exe
O4 - HKLM\..\RunOnce: [atlxu.exe] C:\WINDOWS\system32\atlxu.exe
O4 - HKLM\..\RunOnce: [d3oc32.exe] C:\WINDOWS\system32\d3oc32.exe
O4 - HKLM\..\RunOnce: [nthd.exe] C:\WINDOWS\nthd.exe
O4 - HKLM\..\RunOnce: [iewa32.exe] C:\WINDOWS\system32\iewa32.exe
O4 - HKLM\..\RunOnce: [sdkjk32.exe] C:\WINDOWS\system32\sdkjk32.exe
O4 - HKLM\..\RunOnce: [crpp32.exe] C:\WINDOWS\system32\crpp32.exe
O4 - HKLM\..\RunOnce: [crja.exe] C:\WINDOWS\system32\crja.exe
O4 - HKLM\..\RunOnce: [sdkgy.exe] C:\WINDOWS\system32\sdkgy.exe
O4 - HKLM\..\RunOnce: [ieft32.exe] C:\WINDOWS\system32\ieft32.exe
O4 - HKLM\..\RunOnce: [atlxw.exe] C:\WINDOWS\system32\atlxw.exe
O4 - HKLM\..\RunOnce: [crww32.exe] C:\WINDOWS\crww32.exe
O4 - HKLM\..\RunOnce: [msqx.exe] C:\WINDOWS\msqx.exe
O4 - HKLM\..\RunOnce: [mfcna32.exe] C:\WINDOWS\system32\mfcna32.exe
O4 - HKLM\..\RunOnce: [sdkyj32.exe] C:\WINDOWS\sdkyj32.exe
O4 - HKLM\..\RunOnce: [ntfw.exe] C:\WINDOWS\system32\ntfw.exe
O4 - HKLM\..\RunOnce: [mfcbn32.exe] C:\WINDOWS\system32\mfcbn32.exe
O4 - HKLM\..\RunOnce: [netvo32.exe] C:\WINDOWS\system32\netvo32.exe
O4 - HKLM\..\RunOnce: [sdkov.exe] C:\WINDOWS\system32\sdkov.exe
O4 - HKLM\..\RunOnce: [crcx32.exe] C:\WINDOWS\system32\crcx32.exe
O4 - HKLM\..\RunOnce: [javaru32.exe] C:\WINDOWS\system32\javaru32.exe
O4 - HKLM\..\RunOnce: [crzc32.exe] C:\WINDOWS\crzc32.exe
O4 - HKLM\..\RunOnce: [msep32.exe] C:\WINDOWS\system32\msep32.exe
O4 - HKLM\..\RunOnce: [javadk32.exe] C:\WINDOWS\system32\javadk32.exe
O4 - HKLM\..\RunOnce: [netsu32.exe] C:\WINDOWS\system32\netsu32.exe
O4 - HKLM\..\RunOnce: [mfcxm32.exe] C:\WINDOWS\mfcxm32.exe
O4 - HKLM\..\RunOnce: [iequ32.exe] C:\WINDOWS\iequ32.exe
O4 - HKLM\..\RunOnce: [ntsj32.exe] C:\WINDOWS\ntsj32.exe
O4 - HKLM\..\RunOnce: [crfn.exe] C:\WINDOWS\crfn.exe
O4 - HKLM\..\RunOnce: [javagn32.exe] C:\WINDOWS\system32\javagn32.exe
O4 - HKLM\..\RunOnce: [windt.exe] C:\WINDOWS\system32\windt.exe
O4 - HKLM\..\RunOnce: [addyk32.exe] C:\WINDOWS\system32\addyk32.exe
O4 - HKLM\..\RunOnce: [crcg32.exe] C:\WINDOWS\system32\crcg32.exe
O4 - HKLM\..\RunOnce: [mfcjt32.exe] C:\WINDOWS\mfcjt32.exe
O4 - HKLM\..\RunOnce: [iedm32.exe] C:\WINDOWS\iedm32.exe
O4 - HKLM\..\RunOnce: [crvb.exe] C:\WINDOWS\crvb.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\system32\ieqi32.exe
O4 - HKLM\..\RunOnce: [sysbb32.exe] C:\WINDOWS\sysbb32.exe
O4 - HKLM\..\RunOnce: [sysye32.exe] C:\WINDOWS\system32\sysye32.exe
O4 - HKLM\..\RunOnce: [mshm.exe] C:\WINDOWS\system32\mshm.exe
O4 - HKLM\..\RunOnce: [sdkfc32.exe] C:\WINDOWS\system32\sdkfc32.exe
O4 - HKLM\..\RunOnce: [wintr32.exe] C:\WINDOWS\system32\wintr32.exe
O4 - HKLM\..\RunOnce: [sdktr.exe] C:\WINDOWS\sdktr.exe
O4 - HKLM\..\RunOnce: [crms32.exe] C:\WINDOWS\crms32.exe
O4 - HKLM\..\RunOnce: [msgl.exe] C:\WINDOWS\system32\msgl.exe
O4 - HKLM\..\RunOnce: [crqz32.exe] C:\WINDOWS\crqz32.exe
O4 - HKLM\..\RunOnce: [d3jl32.exe] C:\WINDOWS\system32\d3jl32.exe
O4 - HKLM\..\RunOnce: [ipoh32.exe] C:\WINDOWS\system32\ipoh32.exe
O4 - HKLM\..\RunOnce: [mssj.exe] C:\WINDOWS\system32\mssj.exe
O4 - HKLM\..\RunOnce: [systi32.exe] C:\WINDOWS\systi32.exe
O4 - HKLM\..\RunOnce: [sdkwa.exe] C:\WINDOWS\sdkwa.exe
O4 - HKLM\..\RunOnce: [apism32.exe] C:\WINDOWS\system32\apism32.exe
O4 - HKLM\..\RunOnce: [addqt.exe] C:\WINDOWS\system32\addqt.exe
O4 - HKLM\..\RunOnce: [d3pj32.exe] C:\WINDOWS\d3pj32.exe
O4 - HKLM\..\RunOnce: [ntgz32.exe] C:\WINDOWS\system32\ntgz32.exe
O4 - HKLM\..\RunOnce: [sysry32.exe] C:\WINDOWS\system32\sysry32.exe
O4 - HKLM\..\RunOnce: [iprr.exe] C:\WINDOWS\iprr.exe
O4 - HKLM\..\RunOnce: [croc32.exe] C:\WINDOWS\system32\croc32.exe
O4 - HKLM\..\RunOnce: [apihw32.exe] C:\WINDOWS\system32\apihw32.exe
O4 - HKLM\..\RunOnce: [apiwy.exe] C:\WINDOWS\apiwy.exe
O4 - HKLM\..\RunOnce: [crtn32.exe] C:\WINDOWS\system32\crtn32.exe
O4 - HKLM\..\RunOnce: [d3eh.exe] C:\WINDOWS\system32\d3eh.exe
O4 - HKLM\..\RunOnce: [atlcm32.exe] C:\WINDOWS\atlcm32.exe
O4 - HKLM\..\RunOnce: [apiet32.exe] C:\WINDOWS\system32\apiet32.exe
O4 - HKLM\..\RunOnce: [msln.exe] C:\WINDOWS\msln.exe
O4 - HKLM\..\RunOnce: [javaif.exe] C:\WINDOWS\javaif.exe
O4 - HKLM\..\RunOnce: [atlnk.exe] C:\WINDOWS\system32\atlnk.exe
O4 - HKLM\..\RunOnce: [atlnh32.exe] C:\WINDOWS\atlnh32.exe
O4 - HKLM\..\RunOnce: [apisw32.exe] C:\WINDOWS\apisw32.exe
O4 - HKLM\..\RunOnce: [atlhj32.exe] C:\WINDOWS\atlhj32.exe
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: VirtuaGirl2.lnk = C:\Program Files\vg\VirtuaGirl2.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global User Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global User Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Java Client 2.1.0.91L - http://207.29.194.123:8000/Java/cs4msl091.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct1_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/game...s/y/dtt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/game...ts/y/tt0_x.cab
O16 - DPF: Yahoo! NFL StatTracker - http://aud10.sports.yahoo.com/java/y/nflst8219_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/game...s/y/potc_x.cab
O16 - DPF: Yahoo! Trivia - http://download.games.yahoo.com/game...s/y/tvt0_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemp...veSekurity.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com...43/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/def...GameLoader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall....eInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/def...ploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/...ampx_en_dl.cab
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\winiw.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\JDG\Local Settings\Temporary Internet Files\Content.IE5\EJYP4R78\SFUninstaller[1].exe" service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: XtreamLok License Manager - Unknown owner - C:\WINDOWS\System32\xl.exe
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 18
Reputation: RPeeteRules is an unknown quantity at this point 
Solved Threads: 0
RPeeteRules RPeeteRules is offline Offline
Newbie Poster

Re: HighJackThis File Log, Help Needed.

 
0
  #9
Jul 16th, 2005
SysClean Log:

2005-07-15, 15:59:27, Auto-clean mode specified.
2005-07-15, 15:59:27, Running scanner "C:\Documents and Settings\JDG\Desktop\SysClean\TSC.BIN"...
2005-07-15, 16:04:00, Scanner "C:\Documents and Settings\JDG\Desktop\SysClean\TSC.BIN" has finished running.
2005-07-15, 16:04:00, TSC Log:

Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: Service Pack 2)

Start time : Fri Jul 15 2005 15:59:28

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\JDG\Desktop\SysClean\tsc.ptn" (version 627) [success]

Complete time : Fri Jul 15 2005 16:03:59
Execute pattern count(4102), Virus found count(0), Virus clean count(0), Clean failed count(0)

2005-07-15, 17:31:56, An error occurred while scanning file "C:\Documents and Settings\JDG\NTUSER.DAT": Access is denied.
2005-07-15, 17:31:56, An error occurred while scanning file "C:\Documents and Settings\JDG\ntuser.dat.LOG": Access is denied.
2005-07-15, 18:37:10, An error occurred while scanning file "C:\Documents and Settings\JDG\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-07-15, 18:37:10, An error occurred while scanning file "C:\Documents and Settings\JDG\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-07-15, 20:15:41, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Access is denied.
2005-07-15, 20:15:41, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Access is denied.
2005-07-15, 20:15:41, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-07-15, 20:15:41, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-07-15, 21:30:02, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB824141$\user32.dll": Access is denied.
2005-07-15, 21:30:02, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB824141$\win32k.sys": Access is denied.
2005-07-15, 21:30:03, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll": Access is denied.
2005-07-15, 21:30:03, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll": Access is denied.
2005-07-15, 21:30:18, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll": Access is denied.
2005-07-15, 21:30:18, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB839645$\shell32.dll": Access is denied.
2005-07-15, 21:30:18, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll": Access is denied.
2005-07-15, 21:30:18, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB839645$\sxs.dll": Access is denied.
2005-07-15, 21:30:18, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll": Access is denied.
2005-07-15, 21:31:10, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx": Access is denied.
2005-07-15, 21:31:10, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ828026$\wmp.dll": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ADDAS32.EXE-21CF3701.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ADDGJ32.EXE-0A6A0DEA.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ADDQT.EXE-197EDD06.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ADDVA.EXE-228442E1.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ADDYK32.EXE-25D0085A.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APIAA32.EXE-311D3D98.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APICR32.EXE-24B4CC71.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APIET32.EXE-08FD6745.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APIHW32.EXE-23CF857C.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APISM32.EXE-17121EB4.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APIWY.EXE-0004285F.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APIXD.EXE-07F4FE6C.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APIZC.EXE-1E88034B.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APIZN.EXE-29EDCE58.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APPIU32.EXE-10EAFCD3.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APPLP32.EXE-385CE062.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APPOP32.EXE-0D5A2F9F.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APPTO32.EXE-29791B83.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ATLCM32.EXE-2A5B9865.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ATLJQ.EXE-30200EE2.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ATLNH32.EXE-2A5F1963.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ATLNK.EXE-15176429.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRCG32.EXE-24886C68.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRCM32.EXE-0AF675F0.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRFN.EXE-33CB6BB0.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRIV.EXE-367AF4C2.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRKV32.EXE-2E18D4F9.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRLD.EXE-06C2EEB3.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRMS32.EXE-0B092E77.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CROC32.EXE-120497F9.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRQZ32.EXE-170DC154.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRTN32.EXE-20D6ABF8.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRVB.EXE-14AEE1E5.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3BU.EXE-1DBC073B.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3EH.EXE-0271AC48.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3JL32.EXE-0CD7CACF.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3KC.EXE-2F488364.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3PJ32.EXE-08A93985.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3TI.EXE-17FA0A29.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3VB32.EXE-15174E3D.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3WL.EXE-138A8A17.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3ZE.EXE-0BBEF52B.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\FIREFOX.EXE-06188867.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IEDM32.EXE-1148C755.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IEJD32.EXE-003F93C2.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IEQI32.EXE-01CD0FD2.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IETB32.EXE-3A251A01.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IPDW32.EXE-029D81A3.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IPEZ.EXE-0803F2BA.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IPFB32.EXE-1D9C8674.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IPMG.EXE-0F76CCF4.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IPOH32.EXE-3113D1BA.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IPRR.EXE-2C62FA6C.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IPXI32.EXE-05784344.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\JAVAFD.EXE-038C8B23.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\JAVAIF.EXE-1C8F9671.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCBU.EXE-0E636635.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCCL.EXE-064CD694.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCJT32.EXE-2B61F658.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCLZ32.EXE-3925430B.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCMP32.EXE-2299558E.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCPW.EXE-2B55419D.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCSZ32.EXE-17EAAB12.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCZH.EXE-24E272F7.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSCONFIG.EXE-1EF1EA0F.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSGL.EXE-28877D59.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSHM.EXE-1A8E82A3.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSJI.EXE-30BF360A.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSJT.EXE-088B274D.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSLN.EXE-09888B42.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSN6.EXE-04E65C15.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSOM.EXE-0E04A87C.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSSJ.EXE-0163B8FF.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\NDETECT.EXE-2DABC14D.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\NETAF32.EXE-3423DBF0.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NETGD.EXE-39F8B1C8.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NETGM.EXE-1D82655E.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NETHE32.EXE-20A3EF72.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NETPE.EXE-16F6C398.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NETVX.EXE-21E08DA5.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NTGZ32.EXE-0133B0DF.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NTPS32.EXE-1B46E892.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NTRX32.EXE-208E3893.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NTSJ32.EXE-005A4315.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NTXS.EXE-1BC638DD.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-5645E36A.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKCR.EXE-2BFE0FED.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKDT.EXE-3A014F09.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKFC32.EXE-1226F755.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKNH.EXE-0A3D7435.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKNZ.EXE-36F4C0C9.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKTR.EXE-1FECC4A7.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKUI32.EXE-046E1013.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKVG32.EXE-02077BE9.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKWA.EXE-0398D243.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSAG.EXE-0FF1AAFD.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSBB32.EXE-2D11B6D9.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSBP32.EXE-35FEFB33.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCC.EXE-3B593405.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.COM-154CC31B.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.EXE-02908E51.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.EXE-080D21C0.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSDZ32.EXE-0A68DA7F.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSER32.EXE-1A833386.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSRY32.EXE-0D095A4C.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSSJ32.EXE-06598C80.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSTI32.EXE-3A4B99D8.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSXQ.EXE-2BD58976.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSYE32.EXE-392C65B2.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\WINRG.EXE-147391CA.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\WINSM32.EXE-3A2018A7.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\WINTR32.EXE-313D46D2.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\WINZIP32.EXE-2491095F.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf": Access is denied.
2005-07-15, 21:42:37, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT": Access is denied.
2005-07-15, 21:42:37, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG": Access is denied.
2005-07-15, 21:42:37, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SAM": Access is denied.
2005-07-15, 21:42:37, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG": Access is denied.
2005-07-15, 21:42:37, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SECURITY": Access is denied.
2005-07-15, 21:42:37, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG": Access is denied.
2005-07-15, 21:42:37, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE": Access is denied.
2005-07-15, 21:42:37, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG": Access is denied.
2005-07-15, 21:42:38, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM": Access is denied.
2005-07-15, 21:42:38, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG": Access is denied.
2005-07-15, 21:44:50, Running scanner "C:\Documents and Settings\JDG\Desktop\SysClean\VSCANTM.BIN"...
2005-07-15, 23:23:56, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 7/15/2005 21:44:52
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 731 (104621 Patterns) (2005/07/14) (273100)
Command Line: C:\Documents and Settings\JDG\Desktop\SysClean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\JDG\Desktop\SysClean

C:\Documents and Settings\JDG\Desktop\Josh\backups\backup-20050711-192527-698.dll [TROJ_DLOADER.UQ]
C:\Program Files\Microsoft AntiSpyware\Quarantine\26E39A8E-5679-47A3-967F-2B6D3B\B44B9D1C-F27F-4474-9254-914057 [TROJ_KEYHOST.E]
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\82F65484-5FEC-439C-8B2F-E1593D\9B332885-A7CB-488B-9F5C-60090B [TROJ_SMALL.AMW]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1088\A0091021.exe [TROJ_SDBOT.GEN]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1111\A0093485.exe [TROJ_DLOADER.UR]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1111\A0093486.dll [TROJ_DLOADER.UQ]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094428.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094430.dll [TROJ_DLOADER.UQ]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094463.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094464.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094465.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094466.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094467.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094468.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094469.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094470.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094471.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094472.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094473.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094474.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094475.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094476.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094477.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0095620.dll.tcf [TROJ_SMALL.AZF]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096160.dll [TROJ_DLOADER.UQ]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096163.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096164.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096165.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096166.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096167.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096168.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096169.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096170.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096171.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096173.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096174.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096175.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096176.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096177.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096178.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096179.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096180.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096181.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096183.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096184.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096185.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096186.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096187.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096188.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096300.exe [TROJ_DATER.A]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096304.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096305.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096306.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096307.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096308.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096492.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096494.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096495.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096496.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096498.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096499.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096500.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096501.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096502.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096503.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096505.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096507.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096508.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096509.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096510.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096511.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096512.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096761.exe [TROJ_SMALL.AMW]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096864.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096865.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096895.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096896.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096897.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096898.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096899.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096900.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096901.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096902.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096903.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096904.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096905.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096906.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096907.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096908.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096909.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096910.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096911.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096912.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096913.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096914.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096915.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096916.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096917.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096922.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096923.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096924.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096925.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096928.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096929.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096930.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096931.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096932.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096933.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096934.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096935.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096936.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096937.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096938.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096939.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096940.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096941.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096942.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096944.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096945.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096946.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096947.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096948.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096949.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096950.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096951.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096952.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096953.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096954.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096955.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096956.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096957.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096958.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096959.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096960.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096961.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096962.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096963.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096964.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096965.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096966.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096967.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096968.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096969.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096970.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096971.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096972.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096973.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096974.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096975.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096976.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096977.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096978.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096980.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096981.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096982.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096983.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096984.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096985.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096986.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096987.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096988.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096989.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096990.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096991.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096992.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096993.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096994.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096995.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096996.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096997.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096998.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096999.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097000.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097001.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097002.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097003.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097004.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097005.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097006.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097007.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097008.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097009.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097010.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097011.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097012.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097013.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097014.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097015.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097016.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097017.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097018.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097019.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097020.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097021.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097022.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097023.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097024.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097025.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097026.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097027.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097028.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097029.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097030.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097031.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097032.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1120\A0097195.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\apinj32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\apirr.exe [TROJ_AGENT.GAJ]
C:\WINDOWS\appku32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\appzo32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\atlcr32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\atlim32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\d3ub.exe [TROJ_DLOADER.UR]
C:\WINDOWS\fahic.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\gqisx.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\hdaeo.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\ietw32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\iphb.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\ipmo.exe [TROJ_DLOADER.UR]
C:\WINDOWS\javaae.exe [TROJ_AGENT.GAJ]
C:\WINDOWS\javadc.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\javaqo.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\jvhqb.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\likqa.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\msej32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\mshl32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\nbntv.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\netbh32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\rvqak.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\sdkcj32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\sdkhx32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\sdkxk.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\sedgh.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\akuda.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\apipz.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\atlgc.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\atlms.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\atlxd.exe [TROJ_DLOADER.UR]
C:\WINDOWS\SYSTEM32\atlxd32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\atlxl.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\d3ax.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\d3md32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\gchui.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\hbpif.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\hwgei.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\ievo.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\ipbh.exe [TROJ_DLOADER.UR]
C:\WINDOWS\SYSTEM32\ipdq32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\ipid.exe [TROJ_AGENT.GAJ]
C:\WINDOWS\SYSTEM32\javakf32.exe [TROJ_AGENT.GAJ]
C:\WINDOWS\SYSTEM32\kcdsy.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\kzxjg.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\maaxt.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\mfcsx32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\msru32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\ntmx32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\qgcok.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\sdkom.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\vkhzp.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\winjt32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\winta32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\winzx32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\xexaf.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\ytrgd.dll [TROJ_STARTPAG.RE]
C:\WINDOWS\ucval.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\winuz.exe [TROJ_DLOADER.UQ]
C:\WINDOWS\xjjgm.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\xktsb.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\yvmot.dll.tcf [TROJ_STARTPAG.RE]
70721 files have been read.
70721 files have been checked.
52801 files have been scanned.
120467 files have been scanned. (including files in archived)
269 files containing viruses.
Found 269 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/15/2005 23:23:55
---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-15, 23:23:56, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 7/15/2005 21:44:52
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 731 (104621 Patterns) (2005/07/14) (273100)
Command Line: C:\Documents and Settings\JDG\Desktop\SysClean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\JDG\Desktop\SysClean

Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\Documents and Settings\JDG\Desktop\Josh\backups\backup-20050711-192527-698.dll
Success Clean [ TROJ_KEYHOST.E]( 1) from C:\Program Files\Microsoft AntiSpyware\Quarantine\26E39A8E-5679-47A3-967F-2B6D3B\B44B9D1C-F27F-4474-9254-914057
Success Clean [ TROJ_SMALL.AMW]( 1) from C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\82F65484-5FEC-439C-8B2F-E1593D\9B332885-A7CB-488B-9F5C-60090B
Success Clean [ TROJ_SDBOT.GEN]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1088\A0091021.exe
Success Clean [ TROJ_DLOADER.UR]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1111\A0093485.exe
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1111\A0093486.dll
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094428.exe
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094430.dll
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094463.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094464.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094465.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094466.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094467.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094468.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094469.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094470.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094471.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094472.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094473.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094474.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094475.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094476.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094477.exe
Success Clean [ TROJ_SMALL.AZF]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0095620.dll.tcf
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096160.dll
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096163.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096164.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096165.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096166.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096167.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096168.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096169.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096170.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096171.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096173.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096174.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096175.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096176.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096177.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096178.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096179.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096180.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096181.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096183.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096184.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096185.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096186.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096187.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096188.exe
Success Clean [ TROJ_DATER.A]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096300.exe
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096304.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096305.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096306.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096307.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096308.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096492.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096494.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096495.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096496.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096498.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096499.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096500.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096501.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096502.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096503.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096505.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096507.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096508.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096509.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096510.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096511.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096512.dll
Success Clean [ TROJ_SMALL.AMW]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096761.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096864.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096865.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096895.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096896.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096897.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096898.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096899.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096900.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096901.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096902.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096903.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096904.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096905.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096906.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096907.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096908.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096909.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096910.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096911.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096912.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096913.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096914.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096915.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096916.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096917.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096922.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096923.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096924.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096925.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096928.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096929.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096930.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096931.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096932.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096933.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096934.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096935.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096936.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096937.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096938.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096939.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096940.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096941.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096942.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096944.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096945.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096946.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096947.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096948.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096949.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096950.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096951.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096952.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096953.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096954.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096955.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096956.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096957.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096958.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096959.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096960.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096961.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096962.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096963.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096964.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096965.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096966.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096967.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096968.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096969.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096970.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096971.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096972.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096973.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096974.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096975.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096976.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096977.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096978.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096980.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096981.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096982.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096983.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096984.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096985.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096986.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096987.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096988.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096989.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096990.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096991.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096992.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096993.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096994.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096995.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096996.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096997.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096998.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096999.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097000.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097001.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097002.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097003.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097004.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097005.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097006.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097007.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097008.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097009.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097010.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097011.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097012.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097013.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097014.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097015.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097016.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097017.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097018.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097019.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097020.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097021.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097022.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097023.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097024.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097025.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097026.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097027.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097028.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097029.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097030.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097031.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097032.exe
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1120\A0097195.dll
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\apinj32.dll
Success Clean [ TROJ_AGENT.GAJ]( 1) from C:\WINDOWS\apirr.exe
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\appku32.dll
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\appzo32.dll
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\atlcr32.dll
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\atlim32.dll
Success Clean [ TROJ_DLOADER.UR]( 1) from C:\WINDOWS\d3ub.exe
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\WINDOWS\fahic.dll.tcf
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\WINDOWS\gqisx.dll.tcf
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\WINDOWS\hdaeo.dll.tcf
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\ietw32.dll
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\iphb.dll
Success Clean [ TROJ_DLOADER.UR]( 1) from C:\WINDOWS\ipmo.exe
Success Clean [ TROJ_AGENT.GAJ]( 1) from C:\WINDOWS\javaae.exe
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\javadc.dll
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\javaqo.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\WINDOWS\jvhqb.dll.tcf
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\WINDOWS\likqa.dll.tcf
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\msej32.dll
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\mshl32.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\WINDOWS\nbntv.dll.tcf
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\netbh32.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\WINDOWS\rvqak.dll.tcf
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\sdkcj32.dll
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\sdkhx32.dll
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\sdkxk.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\WINDOWS\sedgh.dll.tcf
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\WINDOWS\SYSTEM32\akuda.dll.tcf
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\SYSTEM32\apipz.dll
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\SYSTEM32\atlgc.dll
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\SYSTEM32\atlms.dll
Success Clean [ TROJ_DLOADER.UR]( 1) from C:\WINDOWS\SYSTEM32\atlxd.exe
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\SYSTEM32\atlxd32.dll
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\SYSTEM32\atlxl.dll
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\SYSTEM32\d3ax.dll
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\SYSTEM32\d3md32.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\WINDOWS\SYSTEM32\gchui.dll.tcf
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\WINDOWS\SYSTEM32\hbpif.dll.tcf
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\WINDOWS\SYSTEM32\hwgei.dll.tcf
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\SYSTEM32\ievo.dll
Success Clean [ TROJ_DLOADER.UR]( 1) from C:\WINDOWS\SYSTEM32\ipbh.exe
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\SYSTEM32\ipdq32.dll
Success Clean [ TROJ_AGENT.GAJ]( 1) from C:\WINDOWS\SYSTEM32\ipid.exe
Success Clean [ TROJ_AGENT.GAJ]( 1) from C:\WINDOWS\SYSTEM32\javakf32.exe
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\WINDOWS\SYSTEM32\kcdsy.dll.tcf
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\WINDOWS\SYSTEM32\kzxjg.dll.tcf
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\WINDOWS\SYSTEM32\maaxt.dll.tcf
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\SYSTEM32\mfcsx32.dll
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\SYSTEM32\msru32.dll
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\SYSTEM32\ntmx32.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\WINDOWS\SYSTEM32\qgcok.dll.tcf
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\SYSTEM32\sdkom.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\WINDOWS\SYSTEM32\vkhzp.dll.tcf
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\SYSTEM32\winjt32.dll
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\SYSTEM32\winta32.dll
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\SYSTEM32\winzx32.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\WINDOWS\SYSTEM32\xexaf.dll.tcf
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\WINDOWS\SYSTEM32\ytrgd.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\WINDOWS\ucval.dll.tcf
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\WINDOWS\winuz.exe
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\WINDOWS\xjjgm.dll.tcf
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\WINDOWS\xktsb.dll.tcf
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\WINDOWS\yvmot.dll.tcf
70721 files have been read.
70721 files have been checked.
52801 files have been scanned.
120467 files have been scanned. (including files in archived)
269 files containing viruses.
Found 269 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/15/2005 23:23:55 1 hour 38 minutes 56 seconds (5936.27 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-15, 23:23:56, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 7/15/2005 21:44:52
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 731 (104621 Patterns) (2005/07/14) (273100)
Command Line: C:\Documents and Settings\JDG\Desktop\SysClean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\JDG\Desktop\SysClean

70721 files have been read.
70721 files have been checked.
52801 files have been scanned.
120467 files have been scanned. (including files in archived)
269 files containing viruses.
Found 269 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/15/2005 23:23:55 1 hour 38 minutes 56 seconds (5936.27 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-15, 23:23:56, Scanner "C:\Documents and Settings\JDG\Desktop\SysClean\VSCANTM.BIN" has finished running.
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 1
Reputation: JorgePerez is an unknown quantity at this point 
Solved Threads: 0
JorgePerez JorgePerez is offline Offline
Newbie Poster

Re: HighJackThis File Log, Help Needed.

 
0
  #10
Jul 16th, 2005
hi, im new and i've been looking for a solution for a problem i have....I've tried the fixes that dougknox.com has and they work but when i reboot my computer for the 2nd time, everythiing goes back to .lnk (ex. mixcraft.lnk)
then i found on some website that hijackthis could help me fix my problem but it said i need someone to help me with the log file...it is this:

Logfile of HijackThis v1.99.1
Scan saved at 3:51:36 AM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Rar$EX00.860\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmr...1&bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmr...1&bm=ho_search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/info/hho-hp-music-hpdesktop-icon
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - Startup: Ad-Watch SE Professional (2).lnk = C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Can someone help me please??
Reply With Quote Quick reply to this message  
Reply
1 2 Last »

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus apple attack audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit facebook fake fancheckvirus gaming gumblar halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista warning windows worm yahoo
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC