0

Hello i have posted under the internet not being able to connect and stuff earlier and sooner or later i got it fixed and downloaded mozilla and sygate firewall and deleted some stuff...Now i cant get online again and once again many things are going wrong. #1 my sygate firewall automatically allows all when i open My Computer or My Shared Folder and shortly after sygate says a remote computer is trying to send a packet and asks if i want to accept or something close to that. I click no and then it says a packet is trying to open and i say no and it doesnt. #2 AntiVir Guard says this:
AntiVir Guard
Service-Status: Not Loaded
Notify User: No
File Action: Deny Action
Files to scan: Use Extensions List
File Count: 0
Last Detection:
Detections: 0

........................................................................................................
Is that normal or good at all?
Here is the program history file:

3/12/2005,1:59:25 WARNING: Is the Trojan horse TR/Esepor.C3!
C:\WINDOWS\SYSTEM32\XPLUGIN.DLL
File has been deleted!
3/12/2005,12:34:20 [INFO] Stop Filter Device.
3/12/2005,12:34:26 AVGuard service has been stopped!
3/12/2005,12:35:23 ---------------------------------------------------------
3/12/2005,12:35:23 [INIT] The AVGuard Service is starting.
3/12/2005,12:35:24 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
3/12/2005,12:36:35 ---------------------------------------------------------
3/12/2005,12:36:35 [INIT] The AVGuard Service is starting.
3/12/2005,12:36:38 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
3/12/2005,12:36:51 [INFO] Start Filter Device.
3/12/2005,12:36:51 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.5 VDF Version: 6.30.0.25
3/12/2005,12:36:51 AVGuard has been started successfully!
3/12/2005,12:37:29 [LOGON] Connection request by remote computer. Establishing secure communication channel.
3/12/2005,12:37:29 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab2128.
3/12/2005,13:22:27 [INFO] Stop Filter Device.
3/12/2005,13:22:33 AVGuard service has been stopped!
3/12/2005,13:23:39 ---------------------------------------------------------
3/12/2005,13:23:39 [INIT] The AVGuard Service is starting.
3/12/2005,13:23:39 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
3/12/2005,13:24:19 [INFO] Start Filter Device.
3/12/2005,13:24:19 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.5 VDF Version: 6.30.0.25
3/12/2005,13:24:19 AVGuard has been started successfully!
3/12/2005,13:25:12 [LOGON] Connection request by remote computer. Establishing secure communication channel.
3/12/2005,13:25:12 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa88f77.
3/12/2005,13:26:55 ---------------------------------------------------------
3/12/2005,13:26:55 [INIT] The AVGuard Service is starting.
3/12/2005,13:26:55 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
3/12/2005,13:27:36 [INFO] Start Filter Device.
3/12/2005,13:27:36 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.5 VDF Version: 6.30.0.25
3/12/2005,13:27:36 AVGuard has been started successfully!
3/12/2005,13:28:27 [LOGON] Connection request by remote computer. Establishing secure communication channel.
3/12/2005,13:28:27 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa881f1.
3/12/2005,13:56:15 [INFO] Stop Filter Device.
3/12/2005,13:56:21 AVGuard service has been stopped!
3/12/2005,13:57:22 ---------------------------------------------------------
3/12/2005,13:57:22 [INIT] The AVGuard Service is starting.
3/12/2005,13:57:23 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
3/12/2005,13:58:00 [INFO] Start Filter Device.
3/12/2005,13:58:00 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.5 VDF Version: 6.30.0.25
3/12/2005,13:58:00 AVGuard has been started successfully!
3/12/2005,13:59:27 [LOGON] Connection request by remote computer. Establishing secure communication channel.
3/12/2005,13:59:27 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa80faa.
3/12/2005,14:27:38 [INFO] Stop Filter Device.
3/12/2005,14:27:44 AVGuard service has been stopped!
3/12/2005,14:28:51 ---------------------------------------------------------
3/12/2005,14:28:51 [INIT] The AVGuard Service is starting.
3/12/2005,14:28:53 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
3/12/2005,14:29:14 [LOGON] Connection request by remote computer. Establishing secure communication channel.
3/12/2005,14:29:14 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab8baa.
3/12/2005,14:29:51 [INFO] Start Filter Device.
3/12/2005,14:29:51 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.5 VDF Version: 6.30.0.25
3/12/2005,14:29:51 AVGuard has been started successfully!
3/12/2005,15:56:15 [INFO] Stop Filter Device.
3/12/2005,15:56:23 AVGuard service has been stopped!
3/12/2005,15:57:23 ---------------------------------------------------------
3/12/2005,15:57:23 [INIT] The AVGuard Service is starting.
3/12/2005,15:57:24 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
3/12/2005,15:57:42 [LOGON] Connection request by remote computer. Establishing secure communication channel.
3/12/2005,15:57:42 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaa5507.
3/12/2005,15:58:16 [INFO] Start Filter Device.
3/12/2005,15:58:16 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.5 VDF Version: 6.30.0.25
3/12/2005,15:58:17 AVGuard has been started successfully!
3/14/2005,13:03:19 [INFO] Stop Filter Device.
3/14/2005,13:03:36 AVGuard service has been stopped!
3/14/2005,13:04:43 ---------------------------------------------------------
3/14/2005,13:04:43 [INIT] The AVGuard Service is starting.
3/14/2005,13:04:44 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
3/14/2005,13:05:22 [INFO] Start Filter Device.
3/14/2005,13:05:22 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.5 VDF Version: 6.30.0.25
3/14/2005,13:05:22 AVGuard has been started successfully!
3/14/2005,13:06:33 [LOGON] Connection request by remote computer. Establishing secure communication channel.
3/14/2005,13:06:33 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8ce70.
3/14/2005,15:01:33 WARNING: Contains signature of the HTML script virus HTML/Exploit.OBJ-Mht!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\QZU72PUF\1[1].HTM
File has been deleted!
3/14/2005,15:01:43 WARNING: Contains signature of the HTML script virus HTML/Exploit.OBJ-Mht!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\09QB896J\1[1].HTM
File has been deleted!
3/14/2005,15:01:48 WARNING: Is the Trojan horse TR/Dldr.Small.aiq!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\QZU72PUF\LOADADV157[1].EXE
File has been deleted!
3/14/2005,15:04:18 WARNING: Is the Trojan horse TR/Dldr.IstBar.A!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\09QB896J\YSB_PROMPT[2].PHP
File has been deleted!
3/14/2005,15:04:25 WARNING: Is the Trojan horse TR/Dldr.IstBar.A!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\C1URO1MZ\PROMPT[2].PHP
File has been deleted!
3/14/2005,15:05:02 WARNING: Is the Trojan horse TR/Dldr.IstBar.A!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\09QB896J\YSB_PROMPT[3].PHP
File has been deleted!
3/14/2005,15:05:51 WARNING: Is the Trojan horse TR/Dldr.IstBar.A!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\C1URO1MZ\YSB_PROMPT[1].PHP
File has been deleted!
3/14/2005,15:05:54 WARNING: Is the Trojan horse TR/Dldr.IstBar.A!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\C1URO1MZ\PROMPT[2].PHP
3/14/2005,15:23:31 WARNING: Contains signature of the Java script virus JS/Small.AF!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\C1URO1MZ\A674[1].JS
3/14/2005,15:23:54 WARNING: Contains signature of the Java script virus JS/Small.AF!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\C1URO1MZ\A674[1].JS
3/14/2005,15:35:02 WARNING: Contains signature of the Java script virus JS/Small.AF!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\C1URO1MZ\A674[1].JS
3/14/2005,16:52:51 ---------------------------------------------------------
3/14/2005,16:52:51 [INIT] The AVGuard Service is starting.
3/14/2005,16:52:51 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
3/14/2005,16:53:30 [INFO] Start Filter Device.
3/14/2005,16:53:30 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.5 VDF Version: 6.30.0.25
3/14/2005,16:53:30 AVGuard has been started successfully!
3/14/2005,16:59:57 [LOGON] Connection request by remote computer. Establishing secure communication channel.
3/14/2005,16:59:57 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaadecd6.
3/14/2005,17:05:54 ---------------------------------------------------------
3/14/2005,17:05:54 [INIT] The AVGuard Service is starting.
3/14/2005,17:05:55 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
3/14/2005,17:06:11 [INFO] Start Filter Device.
3/14/2005,17:06:11 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.5 VDF Version: 6.30.0.25
3/14/2005,17:06:11 AVGuard has been started successfully!
3/14/2005,17:06:57 [LOGON] Connection request by remote computer. Establishing secure communication channel.
3/14/2005,17:06:57 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab4ad2.
3/14/2005,17:09:09 [LOGON] Connection request by remote computer. Establishing secure communication channel.
3/14/2005,17:09:10 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa9437e.
3/15/2005,21:57:48 [INFO] Stop Filter Device.
3/15/2005,21:58:01 AVGuard service has been stopped!
3/16/2005,21:33:58 ---------------------------------------------------------
3/16/2005,21:33:58 [INIT] The AVGuard Service is starting.
3/16/2005,21:33:58 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
3/16/2005,21:34:37 [INFO] Start Filter Device.
3/16/2005,21:34:37 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.5 VDF Version: 6.30.0.25
3/16/2005,21:34:37 AVGuard has been started successfully!
3/16/2005,21:37:29 [LOGON] Connection request by remote computer. Establishing secure communication channel.
3/16/2005,21:37:31 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa958fa.
3/17/2005,0:15:54 WARNING: Is the Trojan horse TR/Dldr.Ist.15360.A!
C:\DOCUME~1\TEMPYO~1.002\LOCALS~1\TEMP\DRTEMP\THNALL2R.EXE
File has been moved to quarantine directory!
3/17/2005,0:16:40 WARNING: Is the Trojan horse TR/Dldr.IstBar.A!
C:\DOCUMENTS AND SETTINGS\TEMP.YOUR-M5D4U9R2UV.002\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\492N85IF\PROMPT[2].PHP
File has been moved to quarantine directory!
3/17/2005,0:19:57 WARNING: Is the Trojan horse TR/Dldr.IstBar.A!
C:\DOCUMENTS AND SETTINGS\TEMP.YOUR-M5D4U9R2UV.002\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\K5UFGPM7\PROMPT[2].PHP
File has been moved to quarantine directory!
3/17/2005,0:20:08 WARNING: Contains signature of the Java script virus JS/Seeker!
C:\DOCUMENTS AND SETTINGS\TEMP.YOUR-M5D4U9R2UV.002\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\492N85IF\FRAME[1].HTM
3/17/2005,0:20:22 WARNING: Is the Trojan horse TR/Dldr.Small.air!
C:\DOCUMENTS AND SETTINGS\TEMP.YOUR-M5D4U9R2UV.002\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\O16JKTIZ\LOADADV156[1].EXE
3/17/2005,0:24:02 WARNING: Contains signature of the Java script virus JS/Small.AF!
C:\DOCUMENTS AND SETTINGS\TEMP.YOUR-M5D4U9R2UV.002\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\492N85IF\38DE12476F0E691CF127F74C103038C1_V3[1].JS
3/17/2005,0:24:06 WARNING: Contains signature of the Java script virus JS/Small.AF!
C:\DOCUMENTS AND SETTINGS\TEMP.YOUR-M5D4U9R2UV.002\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\492N85IF\38DE12476F0E691CF127F74C103038C1_V3[1].JS
3/18/2005,0:41:00 WARNING: Is the Trojan horse TR/Dldr.IstBar.A!
C:\DOCUMENTS AND SETTINGS\TEMP.YOUR-M5D4U9R2UV.002\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CDM3K523\YSB_PROMPT[2].PHP
3/18/2005,0:42:55 WARNING: Is the Trojan horse TR/Dldr.Ist.15360.A!
C:\DOCUME~1\TEMPYO~1.002\LOCALS~1\TEMP\DRTEMP\THNALL2R.EXE
3/18/2005,0:46:15 WARNING: Is the Trojan horse TR/Dldr.IstBar.A!
C:\DOCUMENTS AND SETTINGS\TEMP.YOUR-M5D4U9R2UV.002\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CDM3K523\YSB_PROMPT[3].PHP
3/18/2005,1:00:23 WARNING: Contains signature of the Java script virus JS/Small.AF!
C:\DOCUMENTS AND SETTINGS\TEMP.YOUR-M5D4U9R2UV.002\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ODABW1YR\A775A8[1].JS
3/18/2005,1:00:30 WARNING: Is the Trojan horse TR/Dldr.IstBar.A!
C:\DOCUMENTS AND SETTINGS\TEMP.YOUR-M5D4U9R2UV.002\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ODABW1YR\PROMPT[2].PHP
3/18/2005,1:01:05 WARNING: Contains signature of the Java script virus JS/Small.AF!
C:\DOCUMENTS AND SETTINGS\TEMP.YOUR-M5D4U9R2UV.002\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CDM3K523\A775A8[1].JS
3/18/2005,1:01:06 WARNING: Is the Trojan horse TR/Dldr.IstBar.A!
C:\DOCUMENTS AND SETTINGS\TEMP.YOUR-M5D4U9R2UV.002\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\CDM3K523\PROMPT[1].PHP
3/19/2005,0:53:59 WARNING: Is the Trojan horse TR/Dldr.Ist.15360.A!
C:\DOCUME~1\TEMPYO~1.002\LOCALS~1\TEMP\DRTEMP\THNALL2R.EXE
3/20/2005,0:53:56 WARNING: Is the Trojan horse TR/Dldr.Ist.15360.A!
C:\DOCUME~1\TEMPYO~1.002\LOCALS~1\TEMP\DRTEMP\THNALL2R.EXE
3/20/2005,20:48:14 ---------------------------------------------------------
3/20/2005,20:48:14 [INIT] The AVGuard Service is starting.
3/20/2005,20:48:15 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
3/20/2005,20:48:53 [INFO] Start Filter Device.
3/20/2005,20:48:53 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.5 VDF Version: 6.30.0.25
3/20/2005,20:48:53 AVGuard has been started successfully!
3/20/2005,20:59:15 ---------------------------------------------------------
3/20/2005,20:59:15 [INIT] The AVGuard Service is starting.
3/20/2005,20:59:15 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
3/20/2005,20:59:49 [LOGON] Connection request by remote computer. Establishing secure communication channel.
3/20/2005,20:59:50 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab905b.
3/20/2005,21:00:18 [INFO] Start Filter Device.
3/20/2005,21:00:18 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.5 VDF Version: 6.30.0.25
3/20/2005,21:00:18 AVGuard has been started successfully!
3/20/2005,21:02:29 WARNING: Is the Trojan horse TR/Dldr.Ist.15360.A!
C:\DOCUME~1\ALEX2~1\LOCALS~1\TEMP\DRTEMP\THNALL2R.EXE
3/22/2005,16:43:54 WARNING: Contains signature of the Java script virus JS/Small.AF!
C:\DOCUMENTS AND SETTINGS\ALEX 2\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\492N85IF\A072AA[1].JS
3/22/2005,16:44:00 WARNING: Contains signature of the Java script virus JS/Small.AF!
C:\DOCUMENTS AND SETTINGS\ALEX 2\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\492N85IF\A072AA[1].JS
3/23/2005,16:24:39 ---------------------------------------------------------
3/23/2005,16:24:39 [INIT] The AVGuard Service is starting.
3/23/2005,16:24:40 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
3/23/2005,16:25:18 [INFO] Start Filter Device.
3/23/2005,16:25:18 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.5 VDF Version: 6.30.0.25
3/23/2005,16:25:18 AVGuard has been started successfully!
3/23/2005,16:29:33 [LOGON] Connection request by remote computer. Establishing secure communication channel.
3/23/2005,16:29:33 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaafedb9.
3/23/2005,16:35:59 WARNING: Is the Trojan horse TR/Dldr.Ist.15360.A!
C:\DOCUME~1\ALEX2~1\LOCALS~1\TEMP\DRTEMP\BHO_PROB.EXE
3/23/2005,16:54:53 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\TMP_FILE_1.TMP
3/23/2005,16:55:41 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\TMP_FILE_1.TMP
3/23/2005,16:55:47 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\SYSTB.EXE
3/23/2005,16:55:51 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\SYSTB.EXE
3/23/2005,16:55:54 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\DOCUME~1\ALEX2~1\LOCALS~1\TEMP\AUTONOMY.TMP
3/23/2005,16:55:51 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\SYSTB.EXE
3/23/2005,16:56:00 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\SYSTB.EXE
3/23/2005,16:55:58 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\SYSTB.EXE
3/23/2005,16:56:04 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\SYSTB.EXE
3/23/2005,16:56:03 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\SYSTB.EXE
3/23/2005,16:56:11 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\SYSTB.EXE
3/23/2005,16:56:46 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\TMP_FILE_1.TMP
3/23/2005,16:56:50 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\SYSTB.EXE
3/23/2005,16:57:33 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\TMP_FILE_1.TMP
File has been overwritten and deleted!
3/23/2005,16:57:36 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\SYSTB.EXE
File has been overwritten and deleted!
3/23/2005,16:58:22 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\TMP_FILE_1.TMP
3/23/2005,16:59:07 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\TMP_FILE_1.TMP
3/23/2005,16:59:26 WARNING: Contains signature of the worm Worm/Appkills!
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE
3/23/2005,16:59:55 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\TMP_FILE_1.TMP
3/23/2005,17:00:05 WARNING: Contains signature of the worm Worm/Appkills!
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE
File has been deleted!
3/23/2005,17:00:44 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\TMP_FILE_1.TMP
3/23/2005,17:01:06 WARNING: Contains signature of the worm Worm/Appkills!
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE
File has been moved to quarantine directory!
3/23/2005,17:01:29 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\TMP_FILE_1.TMP
3/23/2005,17:02:14 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\TMP_FILE_1.TMP
3/23/2005,17:02:55 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\TMP_FILE_1.TMP
3/23/2005,17:03:37 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\TMP_FILE_1.TMP
3/23/2005,17:03:48 WARNING: Contains signature of the worm Worm/Appkills!
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE
3/23/2005,17:04:20 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\TMP_FILE_1.TMP
3/23/2005,17:04:35 WARNING: Contains signature of the worm Worm/Appkills!
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE
File has been moved to quarantine directory!
3/23/2005,17:05:05 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\TMP_FILE_1.TMP
3/23/2005,17:05:58 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\TMP_FILE_1.TMP
3/23/2005,17:06:42 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\TMP_FILE_1.TMP
3/23/2005,17:07:24 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\TMP_FILE_1.TMP
3/23/2005,17:08:05 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\TMP_FILE_1.TMP
3/23/2005,17:08:45 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\TMP_FILE_1.TMP
3/23/2005,17:09:27 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\TMP_FILE_1.TMP
3/23/2005,17:10:11 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\TMP_FILE_1.TMP
3/23/2005,17:10:21 [INFO] Stop Filter Device.
3/23/2005,17:14:32 [INFO] Start Filter Device.
3/23/2005,17:14:46 WARNING: Is the Trojan horse TR/Drop.Intexp.B!
C:\WINDOWS\SYSTB.DLL
3/23/2005,17:14:44 WARNING: Is the Trojan horse TR/Drop.Intexp.B!
C:\WINDOWS\SYSTB.DLL
3/23/2005,17:19:13 WARNING: Contains signature of the worm Worm/Appkills!
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE
3/23/2005,17:46:49 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\SYSTB.EXE
3/23/2005,17:15:17 WARNING: Is the Trojan horse TR/Drop.Intexp.B!
C:\WINDOWS\SYSTB.DLL
3/23/2005,18:11:23 WARNING: Is the Trojan horse TR/Drop.Intexp.B!
C:\WINDOWS\SYSTB.DLL
3/23/2005,18:11:34 WARNING: Is the Trojan horse TR/Drop.Intexp.B!
C:\WINDOWS\SYSTB.DLL
3/23/2005,18:11:43 WARNING: Is the Trojan horse TR/Drop.Intexp.B!
C:\WINDOWS\SYSTB.DLL
3/23/2005,18:13:20 WARNING: Contains signature of the worm Worm/Appkills!
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE
3/23/2005,21:35:29 WARNING: Contains signature of the worm Worm/Appkills!
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE
3/23/2005,21:39:41 WARNING: Contains signature of the worm Worm/Appkills!
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE
3/23/2005,21:42:45 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\SYSTB.EXE
3/23/2005,21:43:03 [INFO] Stop Filter Device.
3/24/2005,0:04:53 [INFO] Start Filter Device.
3/24/2005,10:31:02 WARNING: Is the Trojan horse TR/Drop.Intexp.B!
C:\WINDOWS\SYSTB.DLL
3/24/2005,10:31:17 WARNING: Is the Trojan horse TR/Drop.Intexp.B!
C:\WINDOWS\SYSTB.DLL
3/24/2005,10:31:22 WARNING: Is the Trojan horse TR/Drop.Intexp.B!
C:\WINDOWS\SYSTB.DLL
3/24/2005,10:32:31 WARNING: Is the Trojan horse TR/Drop.Intexp.B!
C:\WINDOWS\SYSTB.DLL
3/24/2005,10:35:36 WARNING: Is the Trojan horse TR/Drop.Intexp.B!
C:\WINDOWS\SYSTB.DLL
3/24/2005,10:54:04 [INFO] Stop Filter Device.
3/24/2005,10:54:06 AVGuard service has been stopped!
3/24/2005,10:54:11 ---------------------------------------------------------
3/24/2005,10:54:11 [INIT] The AVGuard Service is starting.
3/24/2005,10:54:13 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
3/24/2005,10:54:14 [INFO] Start Filter Device.
3/24/2005,10:54:14 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
3/24/2005,10:54:14 AVGuard has been started successfully!
3/24/2005,10:54:15 [LOGON] Connection request by remote computer. Establishing secure communication channel.
3/24/2005,10:54:15 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xa9520d50.
3/24/2005,10:55:35 WARNING: Is the Trojan horse TR/Drop.Intexp.B!
C:\WINDOWS\SYSTB.DLL
3/24/2005,10:55:46 WARNING: Is the Trojan horse TR/Drop.Intexp.B!
C:\WINDOWS\SYSTB.DLL
3/24/2005,10:57:19 WARNING: Is the Trojan horse TR/Drop.Intexp.B!
C:\WINDOWS\SYSTB.DLL
3/24/2005,11:00:13 [INFO] Stop Filter Device.
3/24/2005,11:00:14 AVGuard service has been stopped!
3/31/2005,16:56:53 ---------------------------------------------------------
3/31/2005,16:56:53 [INIT] The AVGuard Service is starting.
3/31/2005,16:56:53 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
3/31/2005,16:58:07 [LOGON] Connection request by remote computer. Establishing secure communication channel.
3/31/2005,16:58:07 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaaf4ee7.
3/31/2005,16:58:58 [INFO] Start Filter Device.
3/31/2005,16:58:58 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
3/31/2005,16:58:58 AVGuard has been started successfully!
3/31/2005,17:02:56 [INFO] Stop Filter Device.
3/31/2005,20:39:24 [INFO] Stop Filter Device.
3/31/2005,20:39:30 AVGuard service has been stopped!
3/31/2005,20:40:28 ---------------------------------------------------------
3/31/2005,20:40:28 [INIT] The AVGuard Service is starting.
3/31/2005,20:40:29 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
3/31/2005,20:41:02 [INFO] Start Filter Device.
3/31/2005,20:41:02 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
3/31/2005,20:41:02 AVGuard has been started successfully!
3/31/2005,20:52:51 [LOGON] Connection request by remote computer. Establishing secure communication channel.
3/31/2005,20:52:51 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa6a905.
3/31/2005,21:17:56 ---------------------------------------------------------
3/31/2005,21:17:56 [INIT] The AVGuard Service is starting.
3/31/2005,21:17:56 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
3/31/2005,21:18:36 [INFO] Start Filter Device.
3/31/2005,21:18:36 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
3/31/2005,21:18:36 AVGuard has been started successfully!
3/31/2005,21:19:31 [LOGON] Connection request by remote computer. Establishing secure communication channel.
3/31/2005,21:19:31 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8b6a0.
3/31/2005,22:18:39 [INFO] Stop Filter Device.
3/31/2005,22:18:47 AVGuard service has been stopped!
3/31/2005,22:19:48 ---------------------------------------------------------
3/31/2005,22:19:48 [INIT] The AVGuard Service is starting.
3/31/2005,22:19:49 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
3/31/2005,22:20:30 [LOGON] Connection request by remote computer. Establishing secure communication channel.
3/31/2005,22:20:30 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabfa11.
3/31/2005,22:20:33 [INFO] Start Filter Device.
3/31/2005,22:20:33 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
3/31/2005,22:20:33 AVGuard has been started successfully!
3/31/2005,23:27:08 [LOGON] Connection request by remote computer. Establishing secure communication channel.
3/31/2005,23:27:09 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaa94fca8.
3/31/2005,23:32:23 [LOGON] Connection request by remote computer. Establishing secure communication channel.
3/31/2005,23:32:24 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaae988b2.
3/31/2005,23:32:33 [LOGON] Connection request by remote computer. Establishing secure communication channel.
3/31/2005,23:32:33 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaae9ed7a.
3/31/2005,23:32:35 [LOGON] Connection request by remote computer. Establishing secure communication channel.
3/31/2005,23:32:35 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaae9e751.
4/1/2005,23:00:03 ---------------------------------------------------------
4/1/2005,23:00:03 [INIT] The AVGuard Service is starting.
4/1/2005,23:00:04 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/1/2005,23:00:43 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/1/2005,23:00:43 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabe130.
4/1/2005,23:00:51 [INFO] Start Filter Device.
4/1/2005,23:00:51 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
4/1/2005,23:00:51 AVGuard has been started successfully!
4/1/2005,23:24:43 ---------------------------------------------------------
4/1/2005,23:24:43 [INIT] The AVGuard Service is starting.
4/1/2005,23:24:44 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/1/2005,23:24:58 [INFO] Start Filter Device.
4/1/2005,23:24:58 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
4/1/2005,23:24:58 AVGuard has been started successfully!
4/1/2005,23:26:34 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/1/2005,23:26:34 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8f335.
4/1/2005,23:53:04 WARNING: Is the Trojan horse TR/VB.LD!
C:\DOCUMENTS AND SETTINGS\ALEX 2\MY DOCUMENTS\MY RECEIVED FILES\BLUEDEATH\BLUEDEATH\UNINSTALL.EXE
4/1/2005,23:53:24 WARNING: Is the Trojan horse TR/VB.CQ!
C:\DOCUMENTS AND SETTINGS\ALEX 2\MY DOCUMENTS\MY RECEIVED FILES\BLUEDEATH\BLUEDEATH\SETUP\MSCONFIG.EXE
4/1/2005,23:57:14 WARNING: Is the Trojan horse TR/VB.LD!
C:\DOCUMENTS AND SETTINGS\ALEX 2\MY DOCUMENTS\MY RECEIVED FILES\BLUEDEATH\BLUEDEATH\UNINSTALL.EXE
4/1/2005,23:57:22 WARNING: Is the Trojan horse TR/VB.CQ!
C:\DOCUMENTS AND SETTINGS\ALEX 2\MY DOCUMENTS\MY RECEIVED FILES\BLUEDEATH\BLUEDEATH\SETUP\MSCONFIG.EXE
4/2/2005,0:08:32 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\SYSTB.EXE
4/2/2005,1:59:54 WARNING: Contains signature of the worm Worm/Appkills!
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE
4/2/2005,1:24:56 WARNING: Contains signature of the worm Worm/Appkills!
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE
4/2/2005,22:01:42 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/2/2005,22:01:42 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xae71afb8.
4/2/2005,9:34:29 WARNING: Is the Trojan horse TR/VB.LD!
C:\DOCUMENTS AND SETTINGS\ALEX 2\MY DOCUMENTS\MY RECEIVED FILES\BLUEDEATH\BLUEDEATH\UNINSTALL.EXE
4/2/2005,22:02:14 WARNING: Is the Trojan horse TR/VB.CQ!
C:\DOCUMENTS AND SETTINGS\ALEX 2\MY DOCUMENTS\MY RECEIVED FILES\BLUEDEATH\BLUEDEATH\SETUP\MSCONFIG.EXE
4/3/2005,18:51:50 ---------------------------------------------------------
4/3/2005,18:51:50 [INIT] The AVGuard Service is starting.
4/3/2005,18:51:51 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/3/2005,18:52:25 [INFO] Start Filter Device.
4/3/2005,18:52:25 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
4/3/2005,18:52:25 AVGuard has been started successfully!
4/3/2005,19:08:28 WARNING: Is the Trojan horse TR/VB.LD!
C:\DOCUMENTS AND SETTINGS\ALEX 2\MY DOCUMENTS\MY RECEIVED FILES\BLUEDEATH\BLUEDEATH\UNINSTALL.EXE
4/3/2005,19:43:05 WARNING: Is the Trojan horse TR/VB.CQ!
C:\DOCUMENTS AND SETTINGS\ALEX 2\MY DOCUMENTS\MY RECEIVED FILES\BLUEDEATH\BLUEDEATH\SETUP\MSCONFIG.EXE
4/3/2005,19:44:11 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/3/2005,19:44:12 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaa9a6033.
4/3/2005,19:50:49 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\SYSTB.EXE
4/3/2005,22:29:44 WARNING: Contains signature of the worm Worm/Appkills!
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE
4/3/2005,22:43:13 WARNING: Contains signature of the worm Worm/Appkills!
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE
4/3/2005,23:37:04 WARNING: Is the Trojan horse TR/VB.LD!
C:\DOCUMENTS AND SETTINGS\ALEX 2\MY DOCUMENTS\MY RECEIVED FILES\BLUEDEATH\BLUEDEATH\UNINSTALL.EXE
4/3/2005,23:45:28 WARNING: Is the Trojan horse TR/VB.CQ!
C:\DOCUMENTS AND SETTINGS\ALEX 2\MY DOCUMENTS\MY RECEIVED FILES\BLUEDEATH\BLUEDEATH\SETUP\MSCONFIG.EXE
File has been deleted!
4/4/2005,19:42:20 WARNING: Contains signature of the worm Worm/Appkills!
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE
4/4/2005,19:42:27 WARNING: Contains signature of the worm Worm/Appkills!
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE
4/4/2005,19:42:59 WARNING: Contains signature of the worm Worm/Appkills!
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE
4/4/2005,19:45:19 WARNING: Contains signature of the worm Worm/Appkills!
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE
4/4/2005,19:45:22 WARNING: Contains signature of the worm Worm/Appkills!
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE
4/5/2005,19:34:05 [INFO] Stop Filter Device.
4/5/2005,19:34:09 AVGuard service has been stopped!
4/5/2005,19:35:24 ---------------------------------------------------------
4/5/2005,19:35:24 [INIT] The AVGuard Service is starting.
4/5/2005,19:35:26 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/5/2005,19:35:46 [INFO] Start Filter Device.
4/5/2005,19:35:46 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
4/5/2005,19:35:46 AVGuard has been started successfully!
4/5/2005,19:36:41 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/5/2005,19:36:41 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa8add2.
4/5/2005,20:08:55 [INFO] Stop Filter Device.
4/5/2005,20:09:03 AVGuard service has been stopped!
4/5/2005,20:11:15 ---------------------------------------------------------
4/5/2005,20:11:15 [INIT] The AVGuard Service is starting.
4/5/2005,20:11:15 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/5/2005,20:21:20 ---------------------------------------------------------
4/5/2005,20:21:20 [INIT] The AVGuard Service is starting.
4/5/2005,20:21:22 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/5/2005,20:22:05 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/5/2005,20:22:05 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab3255.
4/5/2005,20:23:09 [INFO] Start Filter Device.
4/5/2005,20:23:09 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
4/5/2005,20:23:09 AVGuard has been started successfully!
4/5/2005,20:51:32 [INFO] Stop Filter Device.
4/5/2005,20:51:42 AVGuard service has been stopped!
4/5/2005,20:52:52 ---------------------------------------------------------
4/5/2005,20:52:52 [INIT] The AVGuard Service is starting.
4/5/2005,20:52:53 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/5/2005,20:53:22 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/5/2005,20:53:22 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabfb82.
4/5/2005,20:53:56 [INFO] Start Filter Device.
4/5/2005,20:53:56 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
4/5/2005,20:53:56 AVGuard has been started successfully!
4/5/2005,21:29:25 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\SYSTB.EXE
4/6/2005,21:26:10 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/6/2005,21:26:10 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xafef1f38.
4/7/2005,7:45:34 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/7/2005,7:45:34 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xadd66d17.
4/7/2005,15:58:17 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/7/2005,15:58:17 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xa3954aef.
4/8/2005,19:21:36 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/8/2005,19:21:36 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xa58aca37.
4/9/2005,14:27:40 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/9/2005,14:27:40 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xb9930833.
4/9/2005,15:39:30 ---------------------------------------------------------
4/9/2005,15:39:30 [INIT] The AVGuard Service is starting.
4/9/2005,15:39:31 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/9/2005,15:40:12 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/9/2005,15:40:12 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab2175.
4/9/2005,15:41:33 [INFO] Start Filter Device.
4/9/2005,15:41:33 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
4/9/2005,15:41:33 AVGuard has been started successfully!
4/9/2005,15:47:48 [INFO] Stop Filter Device.
4/9/2005,15:47:56 AVGuard service has been stopped!
4/9/2005,16:06:39 ---------------------------------------------------------
4/9/2005,16:06:39 [INIT] The AVGuard Service is starting.
4/9/2005,16:06:39 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/9/2005,16:07:14 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/9/2005,16:07:15 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabd8b4.
4/9/2005,16:08:13 [INFO] Start Filter Device.
4/9/2005,16:08:13 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
4/9/2005,16:08:13 AVGuard has been started successfully!
4/9/2005,16:09:57 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/9/2005,16:09:57 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa94619.
4/9/2005,16:40:52 [INFO] Stop Filter Device.
4/9/2005,16:42:00 ---------------------------------------------------------
4/9/2005,16:42:00 [INIT] The AVGuard Service is starting.
4/9/2005,16:42:00 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/9/2005,16:42:39 [INFO] Start Filter Device.
4/9/2005,16:42:39 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
4/9/2005,16:42:39 AVGuard has been started successfully!
4/9/2005,16:49:00 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/9/2005,16:49:01 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaad8474.
4/9/2005,17:07:31 WARNING: Is the Trojan horse TR/Imiserv.D!
C:\WINDOWS\SYSTB.EXE
File has been deleted!
4/9/2005,17:42:57 ---------------------------------------------------------
4/9/2005,17:42:57 [INIT] The AVGuard Service is starting.
4/9/2005,17:42:57 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/9/2005,17:43:28 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/9/2005,17:43:29 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabf046.
4/9/2005,17:46:06 [INFO] Start Filter Device.
4/9/2005,17:46:06 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
4/9/2005,17:46:06 AVGuard has been started successfully!
4/9/2005,17:50:41 ---------------------------------------------------------
4/9/2005,17:50:41 [INIT] The AVGuard Service is starting.
4/9/2005,17:50:42 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/9/2005,17:51:02 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/9/2005,17:51:02 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab8a08.
4/9/2005,17:51:37 [INFO] Start Filter Device.
4/9/2005,17:51:37 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
4/9/2005,17:51:37 AVGuard has been started successfully!
4/9/2005,19:24:39 [INFO] Stop Filter Device.
4/9/2005,19:24:50 AVGuard service has been stopped!
4/9/2005,19:26:06 ---------------------------------------------------------
4/9/2005,19:26:06 [INIT] The AVGuard Service is starting.
4/9/2005,19:26:08 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/9/2005,19:26:23 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/9/2005,19:26:23 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab84aa.
4/9/2005,19:27:10 [INFO] Start Filter Device.
4/9/2005,19:27:10 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
4/9/2005,19:27:11 AVGuard has been started successfully!
4/9/2005,19:28:18 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/9/2005,19:28:19 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaa85bb6.
4/9/2005,19:34:18 [INFO] Stop Filter Device.
4/9/2005,19:34:25 AVGuard service has been stopped!
4/9/2005,19:35:44 ---------------------------------------------------------
4/9/2005,19:35:44 [INIT] The AVGuard Service is starting.
4/9/2005,19:36:03 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/9/2005,19:36:05 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/9/2005,19:36:05 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabe648.
4/9/2005,19:36:41 [INFO] Start Filter Device.
4/9/2005,19:36:41 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
4/9/2005,19:36:41 AVGuard has been started successfully!
4/10/2005,22:24:31 [INFO] Stop Filter Device.
4/10/2005,22:24:35 AVGuard service has been stopped!
4/10/2005,22:25:54 ---------------------------------------------------------
4/10/2005,22:25:54 [INIT] The AVGuard Service is starting.
4/10/2005,22:25:54 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/10/2005,22:26:31 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/10/2005,22:26:32 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabd8f6.
4/10/2005,22:27:18 [INFO] Start Filter Device.
4/10/2005,22:27:18 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
4/10/2005,22:27:19 AVGuard has been started successfully!
4/10/2005,22:29:35 ---------------------------------------------------------
4/10/2005,22:29:35 [INIT] The AVGuard Service is starting.
4/10/2005,22:29:35 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/10/2005,22:30:09 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/10/2005,22:30:09 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabd6f5.
4/10/2005,22:30:56 [INFO] Start Filter Device.
4/10/2005,22:30:56 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
4/10/2005,22:30:56 AVGuard has been started successfully!
4/11/2005,16:08:58 ---------------------------------------------------------
4/11/2005,16:08:58 [INIT] The AVGuard Service is starting.
4/11/2005,16:09:00 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/11/2005,16:09:20 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/11/2005,16:09:20 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab865c.
4/11/2005,16:10:17 [INFO] Start Filter Device.
4/11/2005,16:10:17 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
4/11/2005,16:10:17 AVGuard has been started successfully!
4/12/2005,16:44:42 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\MIRINDASPE.EXE
File has been deleted!
4/12/2005,16:55:39 [INFO] Stop Filter Device.
4/12/2005,16:55:50 AVGuard service has been stopped!
4/12/2005,17:04:47 ---------------------------------------------------------
4/12/2005,17:04:47 [INIT] The AVGuard Service is starting.
4/12/2005,17:04:48 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/12/2005,17:05:12 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/12/2005,17:05:12 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab877b.
4/12/2005,17:06:50 [INFO] Start Filter Device.
4/12/2005,17:06:50 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
4/12/2005,17:06:50 AVGuard has been started successfully!
4/12/2005,17:07:29 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\MIRINDASPE.EXE
Unable to delete the file:
0x00000005 - Access is denied.
4/12/2005,17:06:57 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\MIRINDASPE.EXE
Unable to delete the file:
0x00000020 - The process cannot access the file because it is being used by another process.
4/12/2005,17:09:04 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\MIRINDASPE.EXE
Unable to delete the file:
0x00000005 - Access is denied.
4/12/2005,17:09:34 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\MIRINDASPE.EXE
Unable to delete the file:
0x00000005 - Access is denied.
4/12/2005,17:09:26 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\MIRINDASPE.EXE
Unable to delete the file:
0x00000005 - Access is denied.
4/12/2005,17:10:16 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\MIRINDASPE.EXE
Unable to delete the file:
0x00000005 - Access is denied.
4/12/2005,17:10:13 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\MIRINDASPE.EXE
Unable to delete the file:
0x00000005 - Access is denied.
4/12/2005,17:10:40 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\MIRINDASPE.EXE
4/12/2005,17:10:47 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\MIRINDASPE.EXE
4/12/2005,17:15:32 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\MIRINDASPE.EXE
Unable to delete the file:
0x00000005 - Access is denied.
4/12/2005,17:17:54 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\MIRINDASPE.EXE
Unable to delete the file:
0x00000005 - Access is denied.
4/12/2005,17:18:03 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\MIRINDASPE.EXE
Unable to delete the file:
0x00000005 - Access is denied.
4/12/2005,17:18:22 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\MIRINDASPE.EXE
Unable to delete the file:
0x00000005 - Access is denied.
4/12/2005,17:18:27 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\MIRINDASPE.EXE
Unable to delete the file:
0x00000005 - Access is denied.
4/12/2005,17:18:27 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\MIRINDASPE.EXE
Unable to delete the file:
0x00000005 - Access is denied.
4/12/2005,17:18:33 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\MIRINDASPE.EXE
4/12/2005,17:18:36 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\MIRINDASPE.EXE
4/12/2005,17:18:40 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\MIRINDASPE.EXE
4/12/2005,17:18:43 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\MIRINDASPE.EXE
4/12/2005,17:18:51 [INFO] Stop Filter Device.
4/12/2005,17:20:27 [INFO] Start Filter Device.
4/12/2005,17:20:35 WARNING: Is the Trojan horse TR/Delf.CF.1!
C:\WINDOWS\SYSTEM32\1DD41H.DLL
4/12/2005,17:21:46 WARNING: Is the Trojan horse TR/Delf.CF.1!
C:\WINDOWS\SYSTEM32\1DD41H.DLL
4/12/2005,17:21:49 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\7MZYI5.SYS
4/12/2005,17:26:59 WARNING: Is the Trojan horse TR/Delf.CF.1!
C:\WINDOWS\SYSTEM32\1DD41H.DLL
4/12/2005,17:27:10 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\7MZYI5.SYS
4/12/2005,17:50:22 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\7MZYI5.SYS
4/12/2005,18:10:19 [INFO] Stop Filter Device.
4/12/2005,18:10:23 AVGuard service has been stopped!
4/12/2005,18:11:32 ---------------------------------------------------------
4/12/2005,18:11:32 [INIT] The AVGuard Service is starting.
4/12/2005,18:11:35 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/12/2005,18:11:59 [INFO] Start Filter Device.
4/12/2005,18:11:59 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
4/12/2005,18:11:59 AVGuard has been started successfully!
4/12/2005,18:12:17 WARNING: Is the Trojan horse TR/Delf.CF.1!
C:\WINDOWS\SYSTEM32\1DD41H.DLL
4/12/2005,18:12:03 WARNING: Is the Trojan horse TR/Delf.CF.1!
C:\WINDOWS\SYSTEM32\1DD41H.DLL
4/12/2005,18:12:16 WARNING: Is the Trojan horse TR/Delf.CF.1!
C:\WINDOWS\SYSTEM32\1DD41H.DLL
4/12/2005,18:12:38 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\7MZYI5.SYS
4/12/2005,18:12:38 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\7MZYI5.SYS
4/12/2005,18:12:40 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\7MZYI5.SYS
4/12/2005,18:12:41 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\7MZYI5.SYS
4/12/2005,18:12:35 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\7MZYI5.SYS
4/12/2005,18:12:42 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\7MZYI5.SYS
4/12/2005,18:12:42 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\7MZYI5.SYS
4/12/2005,18:12:44 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\7MZYI5.SYS
4/12/2005,18:12:44 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\7MZYI5.SYS
4/12/2005,18:12:43 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\7MZYI5.SYS
4/12/2005,18:12:46 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\7MZYI5.SYS
4/12/2005,18:16:24 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\SYSTEM32\7MZYI5.SYS
File has been deleted!
4/12/2005,18:23:20 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\7MZYI5.SYS
4/12/2005,19:09:54 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\7MZYI5.SYS
4/12/2005,19:10:00 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\7MZYI5.SYS
4/12/2005,19:30:04 WARNING: Is the Trojan horse TR/Delf.CF!
C:\WINDOWS\7MZYI5.SYS
File has been deleted!
4/12/2005,20:46:35 WARNING: Is the Trojan horse TR/Delf.CF.1!
C:\WINDOWS\SYSTEM32\1DD41H.DLL
4/12/2005,20:56:59 WARNING: Is the Trojan horse TR/Delf.CF.1!
C:\WINDOWS\SYSTEM32\1DD41H.DLL
4/12/2005,22:12:04 WARNING: Is the Trojan horse TR/Delf.CF.1!
C:\WINDOWS\SYSTEM32\1DD41H.DLL
4/12/2005,22:21:58 WARNING: Is the Trojan horse TR/Delf.CF.1!
C:\WINDOWS\SYSTEM32\1DD41H.DLL
4/12/2005,22:25:24 WARNING: Is the Trojan horse TR/Delf.CF.1!
C:\WINDOWS\SYSTEM32\1DD41H.DLL
Unable to delete the file:
0x00000005 - Access is denied.
4/12/2005,22:55:45 [INFO] Stop Filter Device.
4/12/2005,22:55:51 AVGuard service has been stopped!
4/12/2005,22:57:01 ---------------------------------------------------------
4/12/2005,22:57:01 [INIT] The AVGuard Service is starting.
4/12/2005,22:57:01 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/12/2005,22:57:48 [INFO] Start Filter Device.
4/12/2005,22:57:48 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
4/12/2005,22:57:48 AVGuard has been started successfully!
4/12/2005,22:58:10 WARNING: Is the Trojan horse TR/Delf.CF.1!
C:\WINDOWS\SYSTEM32\1DD41H.DLL
4/12/2005,22:58:19 WARNING: Is the Trojan horse TR/Delf.CF.1!
C:\WINDOWS\SYSTEM32\1DD41H.DLL
4/12/2005,22:58:20 WARNING: Is the Trojan horse TR/Delf.CF.1!
C:\WINDOWS\SYSTEM32\1DD41H.DLL
4/12/2005,23:01:48 WARNING: Is the Trojan horse TR/Delf.CF.1!
C:\WINDOWS\SYSTEM32\1DD41H.DLL
4/12/2005,23:09:05 ---------------------------------------------------------
4/12/2005,23:09:05 [INIT] The AVGuard Service is starting.
4/12/2005,23:09:06 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/12/2005,23:09:30 [INFO] Start Filter Device.
4/12/2005,23:09:30 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
4/12/2005,23:09:30 AVGuard has been started successfully!
4/12/2005,23:09:37 WARNING: Is the Trojan horse TR/Delf.CF.1!
C:\WINDOWS\SYSTEM32\1DD41H.DLL
4/12/2005,23:09:37 WARNING: Is the Trojan horse TR/Delf.CF.1!
C:\WINDOWS\SYSTEM32\1DD41H.DLL
4/12/2005,23:13:10 WARNING: Is the Trojan horse TR/Delf.CF.1!
C:\WINDOWS\SYSTEM32\1DD41H.DLL
4/12/2005,23:17:42 ---------------------------------------------------------
4/12/2005,23:17:42 [INIT] The AVGuard Service is starting.
4/12/2005,23:17:43 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/12/2005,23:18:31 [INFO] Start Filter Device.
4/12/2005,23:18:31 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.45
4/12/2005,23:18:31 AVGuard has been started successfully!
4/12/2005,23:18:36 WARNING: Is the Trojan horse TR/Delf.CF.1!
C:\WINDOWS\SYSTEM32\1DD41H.DLL
File has been deleted!
4/13/2005,0:32:20 WARNING: Contains signature of the worm Worm/Appkills!
C:\PROGRAM FILES\EBATES_MOEMONEYMAKER\EBATESMOEMONEYMAKER0.EXE
File has been deleted!
4/13/2005,23:08:15 [INFO] Stop Filter Device.
4/13/2005,23:08:17 AVGuard service has been stopped!
4/13/2005,23:08:24 ---------------------------------------------------------
4/13/2005,23:08:24 [INIT] The AVGuard Service is starting.
4/13/2005,23:08:28 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/13/2005,23:08:29 [INFO] Start Filter Device.
4/13/2005,23:08:29 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.93
4/13/2005,23:08:29 AVGuard has been started successfully!
4/13/2005,23:16:49 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/13/2005,23:16:49 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaf8cf6f7.
4/13/2005,23:17:01 WARNING: Contains code of the Eicar-Test-Signature virus!
C:\DOCUME~1\OWNERY~1.000\LOCALS~1\TEMP\GRK5MY0P.COM
4/14/2005,0:07:40 WARNING: Is the Trojan horse TR/Dldr.Delf.GO.6!
C:\WINDOWS\SYSTEM32\MSSHED32.EXE
4/14/2005,7:16:13 WARNING: Is the Trojan horse TR/Dldr.Delf.GO.6!
C:\WINDOWS\SYSTEM32\MSSHED32.EXE
4/14/2005,7:23:29 WARNING: Is the Trojan horse TR/Dldr.Delf.GO.6!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV.000\LOCAL SETTINGS\TEMP\ATIUPDATE.EXE
File has been deleted!
4/14/2005,7:34:47 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
Unable to delete the file:
0x00000005 - Access is denied.
4/14/2005,7:37:14 WARNING: Is the Trojan horse TR/Agent.CB!
C:\DOCUMENTS AND SETTINGS\ALEX 2\LOCAL SETTINGS\TEMP\THI14B6.TMP\SPIKE.EXE
File has been deleted!
4/14/2005,7:45:10 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV\LOCAL SETTINGS\TEMP\CXTPLS_LOADER.EXE
File has been deleted!
4/14/2005,7:48:30 WARNING: Is the Trojan horse TR/Dldr.Delf.GO.6!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV.000\LOCAL SETTINGS\TEMP\MSSHED32.EXE
File has been deleted!
4/14/2005,8:11:19 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\PROGRAM FILES\CXTPLS\CXTPLS.DLL
File has been deleted!
4/14/2005,12:13:06 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
Unable to delete the file:
0x00000005 - Access is denied.
4/14/2005,7:50:45 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
Unable to delete the file:
0x00000005 - Access is denied.
4/14/2005,12:13:50 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\PROGRAM FILES\CXTPLS\UNINSTALLER.EXE
File has been deleted!
4/14/2005,12:13:52 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
Unable to delete the file:
0x00000005 - Access is denied.
4/14/2005,12:13:11 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\PROGRAM FILES\CXTPLS\UNINSTALLER.EXE
Unable to delete the file:
0x00000002 - The system cannot find the file specified.
4/14/2005,12:14:04 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
4/14/2005,12:16:32 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
4/14/2005,12:16:45 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
4/14/2005,12:16:47 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
4/14/2005,12:16:50 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
4/14/2005,12:16:32 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
4/14/2005,12:16:51 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
4/14/2005,12:16:54 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
4/14/2005,12:16:56 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
4/14/2005,12:17:07 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
4/14/2005,12:17:10 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
4/14/2005,12:17:20 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
Unable to delete the file:
0x00000005 - Access is denied.
4/14/2005,12:17:27 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
4/14/2005,12:17:32 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
4/14/2005,12:17:35 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\PROGRAM FILES\CXTPLS\CXTPLS.EXE
4/14/2005,12:19:51 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\A5V9QTFO.DEFAULT\CACHE\A90BD39AD01
4/14/2005,12:19:56 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUME~1\OWNERY~1.000\LOCALS~1\TEMP\X3M00P7V.EXE
4/14/2005,12:21:17 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\A5V9QTFO.DEFAULT\CACHE\A90BD39AD01
4/14/2005,12:21:18 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV.000\DESKTOP\UNINSTALLER.EXE
4/14/2005,12:21:28 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV.000\DESKTOP\UNINSTALLER.EXE
4/14/2005,12:21:37 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV.000\DESKTOP\UNINSTALLER.EXE
4/14/2005,12:22:03 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\A5V9QTFO.DEFAULT\CACHE\A90BD39AD01
4/14/2005,12:22:07 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUME~1\OWNERY~1.000\LOCALS~1\TEMP\CR1U5JXU.EXE
4/14/2005,12:22:42 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/14/2005,12:22:42 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xad5f711c.
4/14/2005,12:23:43 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\A5V9QTFO.DEFAULT\CACHE\A90BD39AD01
4/14/2005,12:23:59 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV.000\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\A5V9QTFO.DEFAULT\CACHE\A90BD39AD01
4/14/2005,12:24:03 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUME~1\OWNERY~1.000\LOCALS~1\TEMP\V2DAS8HQ.EXE
4/14/2005,12:24:25 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV.000\DESKTOP\UNINSTALLER.EXE
4/14/2005,12:24:23 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV.000\DESKTOP\UNINSTALLER.EXE
4/14/2005,12:24:35 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV.000\DESKTOP\UNINSTALLER.EXE
4/14/2005,12:24:47 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV.000\DESKTOP\UNINSTALLER.EXE
4/14/2005,12:31:49 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV.000\DESKTOP\UNINSTALLER.EXE
4/14/2005,12:36:16 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV.000\DESKTOP\UNINSTALLER.EXE
4/14/2005,12:36:25 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV.000\DESKTOP\UNINSTALLER.EXE
4/14/2005,12:36:27 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV.000\DESKTOP\UNINSTALLER.EXE
4/14/2005,12:51:11 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV.000\DESKTOP\UNINSTALLER.EXE
4/14/2005,12:51:17 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV.000\DESKTOP\UNINST~1.EXE
4/14/2005,12:51:20 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV.000\DESKTOP\UNINSTALLER.EXE
4/14/2005,12:51:32 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV.000\DESKTOP\UNINST~1.EXE
4/14/2005,14:06:30 WARNING: Is the Trojan horse TR/Dldr.Delf.GO.6!
C:\WINDOWS\SYSTEM32\MSSHED32.EXE
4/14/2005,16:54:30 WARNING: Is the Trojan horse TR/Dldr.Apropo.R!
C:\DOCUMENTS AND SETTINGS\OWNER.YOUR-M5D4U9R2UV.000\DESKTOP\UNINSTALLER.EXE
File has been deleted!
4/14/2005,16:59:04 [INFO] Stop Filter Device.
4/14/2005,16:59:15 AVGuard service has been stopped!
4/14/2005,20:25:59 ---------------------------------------------------------
4/14/2005,20:25:59 [INIT] The AVGuard Service is starting.
4/14/2005,20:25:59 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/14/2005,20:26:27 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/14/2005,20:26:27 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaab96b3.
4/14/2005,20:27:46 [INFO] Start Filter Device.
4/14/2005,20:27:46 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.93
4/14/2005,20:27:46 AVGuard has been started successfully!
4/14/2005,21:05:16 ---------------------------------------------------------
4/14/2005,21:05:16 [INIT] The AVGuard Service is starting.
4/14/2005,21:05:17 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/14/2005,21:05:31 [LOGON] Connection request by remote computer. Establishing secure communication channel.
4/14/2005,21:05:31 [LOGON] Connection to computer 127.0.0.1 established successfully. Session ID = 0xaaabb6e7.
4/14/2005,21:07:39 [INFO] Start Filter Device.
4/14/2005,21:07:39 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.93
4/14/2005,21:07:39 AVGuard has been started successfully!
4/14/2005,21:10:47 [INFO] Stop Filter Device.
4/14/2005,21:10:58 AVGuard service has been stopped!
4/14/2005,21:12:08 ---------------------------------------------------------
4/14/2005,21:12:08 [INIT] The AVGuard Service is starting.
4/14/2005,21:12:10 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/14/2005,21:12:40 [INFO] Start Filter Device.
4/14/2005,21:12:40 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.93
4/14/2005,21:12:40 AVGuard has been started successfully!
4/15/2005,22:18:21 [INFO] Stop Filter Device.
4/15/2005,22:18:35 AVGuard service has been stopped!
4/15/2005,22:20:20 ---------------------------------------------------------
4/15/2005,22:20:20 [INIT] The AVGuard Service is starting.
4/15/2005,22:20:20 [INIT] Keyfile contains a valid license. The AVGuard service will run as a fully functional version!
4/15/2005,22:20:42 [INFO] Start Filter Device.
4/15/2005,22:20:42 AntiVirService Version: 6.30.00.06 AVE Version 6.30.0.7 VDF Version: 6.30.0.93
4/15/2005,22:20:42 AVGuard has been started successfully!
4/15/2005,22:34:57 [INFO] Stop Filter Device.
4/15/2005,22:35:08 AVGuard service has been stopped!


........................................................................................................
That might help.
And last but definitely not least...the hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 5:41:36 PM, on 4/16/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\unzipped\hijackthis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr*http://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?uid=139034228&id=5.0
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\System32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\System32\scvhost.exe
O2 - BHO: N.QNPtqZiT160 - {190F0CCE-C492-4C34-83D5-DF358C340667} - C:\WINDOWS\System32\wsock32.sys
O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\system32\1dd41h.dll (file missing)
O2 - BHO: kbdln1 - {B88FB01B-8A8C-C12C-EFEF-B40271C6FDD1} - C:\WINDOWS\System32\kbdln1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\System32\scvhost.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\System32\scvhost.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: asurscsi - Unknown owner - C:\Program Files\Voyetra\AudioSurgeon 5\asurscsi.exe (file missing)
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)

........................................................................................................
PLease help...oh also my regedit is disabled and sytem restore and command prompt are all disabled and i use a script to re-enable regedit and fix the other two entries to make system restore and command prompt enabled.
They still disable after a short time and i have to repeat the process.
Am i being hacked poessibly? Do i have a certain virus? PLEASE HELP

2
Contributors
11
Replies
12
Views
12 Years
Discussion Span
Last Post by crunchie
0

helpme64,

Hi! and welcome :).

===============

When we're done cleaning off your system, i'd recommend that you install all the critical windows updates available from Microsoft, upto service pack 1. This will help to make your system more secure and prevent many 'problems' from reoccuring in the future.

===============

Go to www.trendmicro.com, and then:

1. Click "Free Online Scan".
2. Click "Scan now, it's free".

It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down:

1. Select all available drives.
2. Check(tick) "Auto Clean".
3. Click "Scan".

When it completes, post back the full filename of any files that cannot be cleaned or deleted.

===============

Now, let's open a command prompt by going to the start menu and then select 'Run'.

In the box that pops up type in 'cmd'. The command prompt will open.

OR

You can go to Start -> Programs -> Accessories -> Command Prompt. Unregister the dll(s) we're going to remove, by entering the following:

regsvr32 /u kbdln1.dll

It's ok, if these aren't found or 'error' out. If you want, just copy and paste the individual lines to the command prompt to save typing them in.

===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:


R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cus...://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sides...39034228&id=5.0

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\scvhost.exe

F3 - REG:win.ini: load=C:\WINDOWS\System32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\System32\scvhost.exe

O2 - BHO: N.QNPtqZiT160 - {190F0CCE-C492-4C34-83D5-DF358C340667} - C:\WINDOWS\System32\wsock32.sys
O2 - BHO: (no name) - {A78860C8-EE1A-46DF-A97F-E3E6D433E80B} - C:\WINDOWS\system32\1dd41h.dll (file missing)
O2 - BHO: kbdln1 - {B88FB01B-8A8C-C12C-EFEF-B40271C6FDD1} - C:\WINDOWS\System32\kbdln1.dll

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\System32\scvhost.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\System32\scvhost.exe

O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
...(Unless you've restricted the use of registry editing, have HiJackThis fix this.)

O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)


Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to "view system and hidden files/ folders:"

files...

C:\WINDOWS\System32\scvhost.exe
C:\WINDOWS\System32\kbdln1.dll

-

Note that some of these file(s) may or may not be present. If present, and cannot be deleted because they're 'in use', try deleting them in "Safe Mode".

-

Reboot.

===============

After rebooting your PC, post back a new log and let me know how everything goes.

-

crunchie.

0

Wow, thank you. That will help when i go home i hope but i have one question... how can i get trendmicro if my internet connection wont work? Is there any way i could copy this onto a disk or is there anyone that can help me reconnect to the internet? I tried repairing the connection and it said:
The following steps of the operation failed: Renewing the IP address
Please contact your local administrator or service provider.

0

Ok, well I tried to fix winsock and i downloaded it onto a floppy on this computer and ran it. It said it was done and to reboot so i did and the internet still wont work. So i skipped that and tried typing in the command prompt but it was disabled just like regedit. So i used my script i always use to re-enable regedit and i found the disableCMD entry and changed the value to 0 or 1 whichever makes it work. So it was re-enabled and i typed in the regsvr32 /u kbdln1.dll code but it did nothing. So i skipped that and used hijackthis to fix what you told me. So then when I went to system32 folder to find the stuff scvhost.exe wasnt there and kbdln.dll wouldnt delete because it was in use by another program. So i tried deleting it in safe mode and the strange thing was it was in use by another program in safe mode also. Therefore im pretty much back at the start. Anymore help please...

0

For the files that will not delete or cannot be found, do the following;

Download the Pocket KillBox
Unzip the file to your desktop.
Run Pocket Killbox and paste the full file path of each of the below files in the box and click on Standard File Kill and End Explorer Shell While Killing File. Click on the button with the red circle and an X in the middle after you enter each file (see the files below).

<Enter bad files here>

Reboot afterwards if the files are successfully deleted.

If all files are not deleted, do not reboot yet. Run Pocket Killbox again and paste the full file path in the box and click on Delete on Reboot. Next click on the button with the red circle and an X in the middle. You will get a message saying "File with be deleted on next reboot, Process and Reboot now?" Click "Yes" to reboot only after the last file you enter.

0

ok i hope this isn't bad... I useed hijackthis to delete kbdln.dll on sytem reboot and it worked so i hope there is nothing wrong with that. Still i will try pocket killbox just in case.

0

ok, kbdln.dll is removed but somehow my windows xp themes are all now like windows classic...and my computer has no sound because of something that has to do with system volume information. I found the hidden system volume information folder and when i try to access it it says "access is denied". I looked everywhere for scvhost.exe or anything that has the name scvhost but it is not in my system32 folder, i even checked nearly the whole windows folder. I repaired winsock and it said the connection was fixed but my computer still cant connect to the internet and when i restart the charter pipeline help wizard trys to come up but it is just a big white screen. I dont have a use for killbox because kbdln.exe was deleted at reboot by hijack this successfully.
Here is the new log file:

Logfile of HijackThis v1.99.1
Scan saved at 2:54:49 PM, on 4/24/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\internet explorer\iexplore.exe
C:\unzipped\hijackthis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\scvhost.exe
F3 - REG:win.ini: load=C:\WINDOWS\System32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\System32\scvhost.exe
O2 - BHO: N.QNPtqZiT160 - {190F0CCE-C492-4C34-83D5-DF358C340667} - C:\WINDOWS\System32\wsock32.sys
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [Hacker Eliminator] C:\PROGRA~1\HACKER~1\HACKER~1.EXE
O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\System32\scvhost.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\System32\scvhost.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Kaspersky Anti-Hacker.lnk = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Hacker\KAVPF.exe
O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll

:sad: please reply with help as soon as possible

0

Scan with hijackthis and tick the boxes next to all the following entries, then close all browser and explorer windows and hit the "Fix checked" button.

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\scvhost.exe

F3 - REG:win.ini: load=C:\WINDOWS\System32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\System32\scvhost.exe

O2 - BHO: N.QNPtqZiT160 - {190F0CCE-C492-4C34-83D5-DF358C340667} - C:\WINDOWS\System32\wsock32.sys

O4 - HKLM\..\Run: [Generic Host Process] C:\WINDOWS\System32\scvhost.exe
O4 - HKLM\..\RunServices: [Generic Host Process] C:\WINDOWS\System32\scvhost.exe

O9 - Extra button: MktBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
O9 - Extra 'Tools' menuitem: MarketBrowser - {17A27031-71FC-11d4-815C-005004D0F1FA} - C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy

==============

Run Pocket Killbox again and paste the full file path of each of the below files in the box and click on Standard File Kill and End Explorer Shell While Killing File. Click on the button with the red circle and an X in the middle after you enter each file (see the files below).

C:\WINDOWS\System32\wsock32.sys
C:\WINDOWS\System32\scvhost.exe

Reboot afterwards if the files are successfully deleted.

If all files are not deleted, do not reboot yet. Run Pocket Killbox again and paste the full file path in the box and click on Delete on Reboot. Next click on the button with the red circle and an X in the middle. You will get a message saying "File with be deleted on next reboot, Process and Reboot now?" Click "Yes" to reboot only after the last file you enter.

Once rebooted go to Msconfig and then startups and enable all for startup, but do not reboot. Rescan with hijackthis and post the log. You can then disable again what was disabled in Msconfig.

0

OK i have done that and now I will get my log posted soon, sorry about the wait. Still my windows xp is looking like windows classic. Also the internet is still broken even with winsock saying that it is fixed. Again the log is not with me on my disk yet so I will post ASAP.

0

Download LSPfix from here
Start it up and click the 'I know what I am doing' box (and nothing else).. Then click Finish.
See if the internet works now.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.