HighJackThis File Log, Help Needed.

Question

RPeeteRules 0 Newbie Poster

18 Years Ago

Here is the process I have done so far, followed by the HighJackThis Log. All of this was done while all hidden folders were shown and the "Hide Protected Operating System Files" option was unchecked.

1. Ran Ad-Aware.
2. Ran TrojanHunter.
3. Ran Spybot Search & Destroy.
4. Deleted C:\Windows\Temp folder contents
5. Searched and deleted all files of "*.tmp".
6. Deleted Local Settings\Temp, Cookies, History for all users.
7. Deleted Prefetch.
8. Ran CCleaner.
9. Ran HighJackThis v1.99

Here is the log file...

Logfile of HijackThis v1.99.1
Scan saved at 1:11:25 PM, on 7/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\xl.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\TrojanHunter 4.2\TrojanHunter.exe
C:\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\Program Files\HighJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xktsb.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\xktsb.dll/sp.html#12047
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {B7C25C68-FA17-FA9D-AF0F-BB29B5B9B64C} - C:\WINDOWS\apicj.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Microsoft Tray] C:\Documents and Settings\JDG\Desktop\Josh\My Shared Folder\Video Strip Poker 2002.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IEXPLORE.EXE] c:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [javakf32.exe] C:\WINDOWS\system32\javakf32.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\RunOnce: [winiw.exe] C:\WINDOWS\winiw.exe
O4 - HKLM\..\RunOnce: [ieqb32.exe] C:\WINDOWS\system32\ieqb32.exe
O4 - HKLM\..\RunOnce: [CounterSpyCleaner] C:\Program Files\Sunbelt Software\CounterSpy Client\sunASCleaner.exe
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: VirtuaGirl2.lnk = C:\Program Files\vg\VirtuaGirl2.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global User Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global User Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Java Client 2.1.0.91L - http://207.29.194.123:8000/Java/cs4msl091.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: Yahoo! NFL StatTracker - http://aud10.sports.yahoo.com/java/y/nflst8219_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Trivia - http://download.games.yahoo.com/games/clients/y/tvt0_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\JDG\Local Settings\Temporary Internet Files\Content.IE5\EJYP4R78\SFUninstaller[1].exe" service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: XtreamLok License Manager - Unknown owner - C:\WINDOWS\System32\xl.exe

windows-virus

4 Contributors
21 Replies
777 Views
1 Week Discussion Span
Latest Post 18 Years Ago Latest Post by DMR

All 21 Replies

swatkat 14 Practically a Master Poster

18 Years Ago

Hi,
Download CleanUp! and install it, do not run it now.

Download CWShredder. Download SpSeHjfix to the Desktop and then right click a blank part of Desktop & select new folder, call it SpFix unzip the file into that folder.

Reboot in Safe Mode:-
Restart (or switch ON) the PC.
Then, keep tapping the F8 Key.
From the menu that will be displayed, out of which choose Safe Mode and press Enter.

Run SpSeHjfix112 and click on "Start Disinfection". When it's finished it will reboot your machine to finish the cleaning process. The tool creates a log of the fix which will appear in the folder.
If it doesn't find any of the SE files or any hidden reinstallers it will say system clean and not go on to next stage.

Now run the CWShredder, and click "Fix" button.

Now, run CleanUp!, click the "Options" button. Here move the "Quick Setup" slider to "Thorough CleanUp!" and click "OK" to warning message. Exit from Options and in the main window, click "CleanUp!" to start cleaning. After cleaning, click "Close" and choose "Yes" to restart the PC.

Reboot the PC to Normal Mode. Perform a virus scan at Panda ActiveScan with the "Disinfection" option enabled. Save the log file it gives after the scan.

Run HijackThis, click the "Do a system scan and save log" button, and post the log here along with SpSeHjFix log and Panda ActiveScan log.

DMR 152 Wombat At Large

18 Years Ago

<EDIT>

Hmm... looks like swatkat and I are posting at the same time again.

</EDIT>

swatkat 14 Practically a Master Poster

18 Years Ago

Hi,
There are few things which needs to be removed, now. Download Sysclean Pacakge, create a folder named Sysclean on Desktop, and put the downloaded file to that folder. Next download the pattern file for Windows OS (pattern file will have a name like lpt731.zip ) and extract the contents of the ZIP file to the same Sysclean folder.

Boot in SAFE Mode.

Double-click on the sysclean.com file, and after few seconds, the Sysclean window appears. Here make sure that Automatically clean or delete infected files option is selected. Then click "Scan". After the scan is complete it gives a log, save the log file.

Reboot to normal mode, run HijackThis again, and post a fresh log along with Sysclean log.

DMR 152 Wombat At Large

18 Years Ago

Hi JorgePerez,

First of all- welcome to TechTalk!

What RPeeteRules suggested is true: we do ask that members not tag their questions on to a thread previously started by another member (regardless of how similar your problem might seem). Not only does it divert the focus of the thread away from the original poster's problem, but it also makes it less likely that you yourself will get the individual attention that you need.

Please start your own thread and post your question there. When you do, please try to give us as much specific info as possible regarding the problem (exact error messages, system specs, etc.).

For a full description of our posting guidelines and general rules of conduct, please see this page:

http://www.daniweb.com/techtalkforums/faq.php?faq=daniweb_faq#faq_rules

Thanks for understanding.

DMR 152 Wombat At Large

18 Years Ago

As you might have noticed from the logs you've posted, your system is very seriously infected. Given that, I'm going to toss out the suggestion that it might be more efficient time-wise to back up your critical data, reformat the drive, and do a fresh install of Windows.

If you don't want to (or can't) go that route, though:

1. You will need to disconnect from the Internet for most of the cleaning procedures, so you should print out the following instructions or save them into a text file using Notepad:

2. In addition to your current utilities, also download these programs if you don't have them already:

ewido Security Suite - http://www.ewido.net/en/download/
Microsoft Anti-Spyware beta - http://www.microsoft.com/downloads/...&displaylang=en

Open each of your anti-spyware tools and use their online update features to get the most current updates installed. Do not run scans/fixes with the utilities; just close them after they finish updating.

2. Your logs consistently indicate infections in certain areas your system that the removal programs are not doing the job of cleaning; you should manually clean these out yourself:

- Reboot into safe mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up) and log in as the administrator or a user who has administrator permissions.

- Open Windows Explorer, and in the Folder Options->View settings under the Tools menu, select "show hidden files and folders", and uncheck "Hide protected operating system files" and "Hide extentions for known file types".

- For every user account listed under the C:\Documents and Settings folder, delete the entire contents of the following subfolders (but not the folders themselves):

!! Important: One of the normal steps in eliminating malicious programs is to entirely delete the contents of all Temp folders. Given that, if any data that you care about is living in those Temp folders, you need to move it to a safe location now, or it will be erased along with everything else!

1. Cookies
2. Local Settings\Temp
3. Local Settings\History
4. Local Settings\Temporary Internet Files

- Delete the entire content of your C:\Windows\Temp folder.

- Delete the entire content of your C:\Windows\Prefetch folder.

Note- If you get any messages concerning the deletion of system files such as desktop.ini or index.dat, just choose to delete those files; they'll be automatically regenerated by Windows if needed. Windows will allow you to delete the versions of those files which exist in sub-folders within the main Temp/Temorary folders, but might not let you delete the versions of those files that exist in the main Temp folders themselves; this is normal and OK.

- Flush the contents of your C:\System Volume Information folder. See this post for more info and instructions.

- Empty your Recycle Bin.

3. While still in Safe Mode, run your anti-spyware utilities consecutively (the actual order doesn't matter); have each of them fix all infected items they find.

4. Once you've completed all of the above, reboot normally, run HJT again, and post the new log.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

RPeeteRules 0 Newbie Poster · Answer 1 · 2005-07-14T18:09:13+00:00

HighJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:05:08 AM, on 7/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\xl.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\javakf32.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HighJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ytrgd.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ytrgd.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\ytrgd.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\ytrgd.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\ytrgd.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ytrgd.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\ytrgd.dll/sp.html#12047
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {1C72FEB7-4D6C-FAF3-195A-D51516EDCC77} - C:\WINDOWS\apihw32.dll
O2 - BHO: Class - {52CA0E68-18D4-4EE7-27A9-12262907D778} - C:\WINDOWS\system32\addcm32.dll
O2 - BHO: Class - {8C4F8213-4CBA-4C70-31C9-B2D727A270F1} - C:\WINDOWS\ipoh.dll
O2 - BHO: Class - {9A65FF84-5F62-35FE-18D6-0C43F27B7AEB} - C:\WINDOWS\system32\netxj.dll
O2 - BHO: Class - {B784881A-C236-6F52-D86B-285DC0FC4011} - C:\WINDOWS\syskb32.dll
O2 - BHO: Class - {B7C25C68-FA17-FA9D-AF0F-BB29B5B9B64C} - C:\WINDOWS\apicj.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Microsoft Tray] C:\Documents and Settings\JDG\Desktop\Josh\My Shared Folder\Video Strip Poker 2002.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IEXPLORE.EXE] c:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [javakf32.exe] C:\WINDOWS\system32\javakf32.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\RunOnce: [iect.exe] C:\WINDOWS\iect.exe
O4 - HKLM\..\RunOnce: [atlsj32.exe] C:\WINDOWS\system32\atlsj32.exe
O4 - HKLM\..\RunOnce: [appim32.exe] C:\WINDOWS\system32\appim32.exe
O4 - HKLM\..\RunOnce: [atlat32.exe] C:\WINDOWS\system32\atlat32.exe
O4 - HKLM\..\RunOnce: [ipzm32.exe] C:\WINDOWS\system32\ipzm32.exe
O4 - HKLM\..\RunOnce: [appsw.exe] C:\WINDOWS\appsw.exe
O4 - HKLM\..\RunOnce: [crse32.exe] C:\WINDOWS\system32\crse32.exe
O4 - HKLM\..\RunOnce: [d3mp.exe] C:\WINDOWS\d3mp.exe
O4 - HKLM\..\RunOnce: [d3gh.exe] C:\WINDOWS\system32\d3gh.exe
O4 - HKLM\..\RunOnce: [sdkns32.exe] C:\WINDOWS\system32\sdkns32.exe
O4 - HKLM\..\RunOnce: [ipru.exe] C:\WINDOWS\system32\ipru.exe
O4 - HKLM\..\RunOnce: [sdknu.exe] C:\WINDOWS\system32\sdknu.exe
O4 - HKLM\..\RunOnce: [apiry.exe] C:\WINDOWS\apiry.exe
O4 - HKLM\..\RunOnce: [sdknc.exe] C:\WINDOWS\sdknc.exe
O4 - HKLM\..\RunOnce: [msfd32.exe] C:\WINDOWS\msfd32.exe
O4 - HKLM\..\RunOnce: [winvl.exe] C:\WINDOWS\winvl.exe
O4 - HKLM\..\RunOnce: [d3uy.exe] C:\WINDOWS\system32\d3uy.exe
O4 - HKLM\..\RunOnce: [addyc.exe] C:\WINDOWS\addyc.exe
O4 - HKLM\..\RunOnce: [mfcjv32.exe] C:\WINDOWS\system32\mfcjv32.exe
O4 - HKLM\..\RunOnce: [sdkgn32.exe] C:\WINDOWS\sdkgn32.exe
O4 - HKLM\..\RunOnce: [javaob32.exe] C:\WINDOWS\system32\javaob32.exe
O4 - HKLM\..\RunOnce: [ntwx32.exe] C:\WINDOWS\system32\ntwx32.exe
O4 - HKLM\..\RunOnce: [apipo32.exe] C:\WINDOWS\apipo32.exe
O4 - HKLM\..\RunOnce: [msem.exe] C:\WINDOWS\system32\msem.exe
O4 - HKLM\..\RunOnce: [appie32.exe] C:\WINDOWS\system32\appie32.exe
O4 - HKLM\..\RunOnce: [mswy.exe] C:\WINDOWS\system32\mswy.exe
O4 - HKLM\..\RunOnce: [netzt.exe] C:\WINDOWS\netzt.exe
O4 - HKLM\..\RunOnce: [sdklp32.exe] C:\WINDOWS\sdklp32.exe
O4 - HKLM\..\RunOnce: [sysqd.exe] C:\WINDOWS\system32\sysqd.exe
O4 - HKLM\..\RunOnce: [netle.exe] C:\WINDOWS\netle.exe
O4 - HKLM\..\RunOnce: [d3im32.exe] C:\WINDOWS\d3im32.exe
O4 - HKLM\..\RunOnce: [wingl.exe] C:\WINDOWS\system32\wingl.exe
O4 - HKLM\..\RunOnce: [appeq32.exe] C:\WINDOWS\system32\appeq32.exe
O4 - HKLM\..\RunOnce: [winpc32.exe] C:\WINDOWS\winpc32.exe
O4 - HKLM\..\RunOnce: [apich.exe] C:\WINDOWS\apich.exe
O4 - HKLM\..\RunOnce: [mfchl.exe] C:\WINDOWS\system32\mfchl.exe
O4 - HKLM\..\RunOnce: [sysae32.exe] C:\WINDOWS\sysae32.exe
O4 - HKLM\..\RunOnce: [mfcuw.exe] C:\WINDOWS\mfcuw.exe
O4 - HKLM\..\RunOnce: [crnw32.exe] C:\WINDOWS\crnw32.exe
O4 - HKLM\..\RunOnce: [apieo32.exe] C:\WINDOWS\system32\apieo32.exe
O4 - HKLM\..\RunOnce: [sdkvj.exe] C:\WINDOWS\system32\sdkvj.exe
O4 - HKLM\..\RunOnce: [sdkpc32.exe] C:\WINDOWS\system32\sdkpc32.exe
O4 - HKLM\..\RunOnce: [sysiz.exe] C:\WINDOWS\system32\sysiz.exe
O4 - HKLM\..\RunOnce: [sdkbg32.exe] C:\WINDOWS\system32\sdkbg32.exe
O4 - HKLM\..\RunOnce: [addvl.exe] C:\WINDOWS\system32\addvl.exe
O4 - HKLM\..\RunOnce: [apian.exe] C:\WINDOWS\apian.exe
O4 - HKLM\..\RunOnce: [sdkah.exe] C:\WINDOWS\system32\sdkah.exe
O4 - HKLM\..\RunOnce: [mfcfb32.exe] C:\WINDOWS\mfcfb32.exe
O4 - HKLM\..\RunOnce: [netdl.exe] C:\WINDOWS\netdl.exe
O4 - HKLM\..\RunOnce: [javarb.exe] C:\WINDOWS\javarb.exe
O4 - HKLM\..\RunOnce: [javanw32.exe] C:\WINDOWS\javanw32.exe
O4 - HKLM\..\RunOnce: [sysgs.exe] C:\WINDOWS\system32\sysgs.exe
O4 - HKLM\..\RunOnce: [apivj32.exe] C:\WINDOWS\apivj32.exe
O4 - HKLM\..\RunOnce: [sysgc32.exe] C:\WINDOWS\system32\sysgc32.exe
O4 - HKLM\..\RunOnce: [mfczz.exe] C:\WINDOWS\mfczz.exe
O4 - HKLM\..\RunOnce: [ieyg.exe] C:\WINDOWS\ieyg.exe
O4 - HKLM\..\RunOnce: [sdkdr.exe] C:\WINDOWS\sdkdr.exe
O4 - HKLM\..\RunOnce: [msvk.exe] C:\WINDOWS\msvk.exe
O4 - HKLM\..\RunOnce: [d3yv.exe] C:\WINDOWS\system32\d3yv.exe
O4 - HKLM\..\RunOnce: [winho.exe] C:\WINDOWS\winho.exe
O4 - HKLM\..\RunOnce: [crnq32.exe] C:\WINDOWS\system32\crnq32.exe
O4 - HKLM\..\RunOnce: [d3sh32.exe] C:\WINDOWS\system32\d3sh32.exe
O4 - HKLM\..\RunOnce: [netxj.exe] C:\WINDOWS\system32\netxj.exe
O4 - HKLM\..\RunOnce: [atlqi.exe] C:\WINDOWS\atlqi.exe
O4 - HKLM\..\RunOnce: [ievc32.exe] C:\WINDOWS\system32\ievc32.exe
O4 - HKLM\..\RunOnce: [mskx32.exe] C:\WINDOWS\mskx32.exe
O4 - HKLM\..\RunOnce: [apptz32.exe] C:\WINDOWS\system32\apptz32.exe
O4 - HKLM\..\RunOnce: [d3zu.exe] C:\WINDOWS\system32\d3zu.exe
O4 - HKLM\..\RunOnce: [apikh.exe] C:\WINDOWS\system32\apikh.exe
O4 - HKLM\..\RunOnce: [crud32.exe] C:\WINDOWS\crud32.exe
O4 - HKLM\..\RunOnce: [crzu32.exe] C:\WINDOWS\crzu32.exe
O4 - HKLM\..\RunOnce: [mstn32.exe] C:\WINDOWS\system32\mstn32.exe
O4 - HKLM\..\RunOnce: [ipyj32.exe] C:\WINDOWS\system32\ipyj32.exe
O4 - HKLM\..\RunOnce: [mstv.exe] C:\WINDOWS\mstv.exe
O4 - HKLM\..\RunOnce: [apprq32.exe] C:\WINDOWS\apprq32.exe
O4 - HKLM\..\RunOnce: [msaa.exe] C:\WINDOWS\msaa.exe
O4 - HKLM\..\RunOnce: [addee.exe] C:\WINDOWS\system32\addee.exe
O4 - HKLM\..\RunOnce: [addtw32.exe] C:\WINDOWS\addtw32.exe
O4 - HKLM\..\RunOnce: [sysrr32.exe] C:\WINDOWS\sysrr32.exe
O4 - HKLM\..\RunOnce: [winrh32.exe] C:\WINDOWS\winrh32.exe
O4 - HKLM\..\RunOnce: [apiaa32.exe] C:\WINDOWS\apiaa32.exe
O4 - HKLM\..\RunOnce: [apidr32.exe] C:\WINDOWS\apidr32.exe
O4 - HKLM\..\RunOnce: [nttz32.exe] C:\WINDOWS\nttz32.exe
O4 - HKLM\..\RunOnce: [netoc.exe] C:\WINDOWS\system32\netoc.exe
O4 - HKLM\..\RunOnce: [addns32.exe] C:\WINDOWS\addns32.exe
O4 - HKLM\..\RunOnce: [iprk32.exe] C:\WINDOWS\iprk32.exe
O4 - HKLM\..\RunOnce: [crhr.exe] C:\WINDOWS\crhr.exe
O4 - HKLM\..\RunOnce: [ipge.exe] C:\WINDOWS\system32\ipge.exe
O4 - HKLM\..\RunOnce: [mfcwt.exe] C:\WINDOWS\mfcwt.exe
O4 - HKLM\..\RunOnce: [javarl.exe] C:\WINDOWS\system32\javarl.exe
O4 - HKLM\..\RunOnce: [apiqb32.exe] C:\WINDOWS\system32\apiqb32.exe
O4 - HKLM\..\RunOnce: [addpi32.exe] C:\WINDOWS\addpi32.exe
O4 - HKLM\..\RunOnce: [appoy32.exe] C:\WINDOWS\appoy32.exe
O4 - HKLM\..\RunOnce: [ipyr32.exe] C:\WINDOWS\system32\ipyr32.exe
O4 - HKLM\..\RunOnce: [sysyz32.exe] C:\WINDOWS\sysyz32.exe
O4 - HKLM\..\RunOnce: [apibl32.exe] C:\WINDOWS\system32\apibl32.exe
O4 - HKLM\..\RunOnce: [winby32.exe] C:\WINDOWS\system32\winby32.exe
O4 - HKLM\..\RunOnce: [javaur32.exe] C:\WINDOWS\javaur32.exe
O4 - HKLM\..\RunOnce: [cruh32.exe] C:\WINDOWS\cruh32.exe
O4 - HKLM\..\RunOnce: [winda32.exe] C:\WINDOWS\system32\winda32.exe
O4 - HKLM\..\RunOnce: [atlrc.exe] C:\WINDOWS\atlrc.exe
O4 - HKLM\..\RunOnce: [netbd.exe] C:\WINDOWS\netbd.exe
O4 - HKLM\..\RunOnce: [winal32.exe] C:\WINDOWS\winal32.exe
O4 - HKLM\..\RunOnce: [iphz32.exe] C:\WINDOWS\iphz32.exe
O4 - HKLM\..\RunOnce: [winhz32.exe] C:\WINDOWS\system32\winhz32.exe
O4 - HKLM\..\RunOnce: [netkl32.exe] C:\WINDOWS\system32\netkl32.exe
O4 - HKLM\..\RunOnce: [crtm32.exe] C:\WINDOWS\system32\crtm32.exe
O4 - HKLM\..\RunOnce: [atltu.exe] C:\WINDOWS\atltu.exe
O4 - HKLM\..\RunOnce: [msis32.exe] C:\WINDOWS\system32\msis32.exe
O4 - HKLM\..\RunOnce: [mfcxh32.exe] C:\WINDOWS\mfcxh32.exe
O4 - HKLM\..\RunOnce: [ipdr.exe] C:\WINDOWS\ipdr.exe
O4 - HKLM\..\RunOnce: [ipxk32.exe] C:\WINDOWS\system32\ipxk32.exe
O4 - HKLM\..\RunOnce: [addqd32.exe] C:\WINDOWS\system32\addqd32.exe
O4 - HKLM\..\RunOnce: [addql32.exe] C:\WINDOWS\system32\addql32.exe
O4 - HKLM\..\RunOnce: [netam32.exe] C:\WINDOWS\system32\netam32.exe
O4 - HKLM\..\RunOnce: [sysam.exe] C:\WINDOWS\sysam.exe
O4 - HKLM\..\RunOnce: [crdy.exe] C:\WINDOWS\crdy.exe
O4 - HKLM\..\RunOnce: [sdknx.exe] C:\WINDOWS\system32\sdknx.exe
O4 - HKLM\..\RunOnce: [addlx.exe] C:\WINDOWS\system32\addlx.exe
O4 - HKLM\..\RunOnce: [msbn.exe] C:\WINDOWS\msbn.exe
O4 - HKLM\..\RunOnce: [wintn32.exe] C:\WINDOWS\wintn32.exe
O4 - HKLM\..\RunOnce: [mfckv.exe] C:\WINDOWS\mfckv.exe
O4 - HKLM\..\RunOnce: [winii.exe] C:\WINDOWS\system32\winii.exe
O4 - HKLM\..\RunOnce: [mfcem.exe] C:\WINDOWS\mfcem.exe
O4 - HKLM\..\RunOnce: [ntxf32.exe] C:\WINDOWS\system32\ntxf32.exe
O4 - HKLM\..\RunOnce: [crnn.exe] C:\WINDOWS\system32\crnn.exe
O4 - HKLM\..\RunOnce: [msbz.exe] C:\WINDOWS\system32\msbz.exe
O4 - HKLM\..\RunOnce: [iego32.exe] C:\WINDOWS\iego32.exe
O4 - HKLM\..\RunOnce: [ipan.exe] C:\WINDOWS\system32\ipan.exe
O4 - HKLM\..\RunOnce: [sysuy.exe] C:\WINDOWS\sysuy.exe
O4 - HKLM\..\RunOnce: [ipfi.exe] C:\WINDOWS\ipfi.exe
O4 - HKLM\..\RunOnce: [ntco.exe] C:\WINDOWS\ntco.exe
O4 - HKLM\..\RunOnce: [mfchq32.exe] C:\WINDOWS\system32\mfchq32.exe
O4 - HKLM\..\RunOnce: [sdkrr32.exe] C:\WINDOWS\system32\sdkrr32.exe
O4 - HKLM\..\RunOnce: [addrz.exe] C:\WINDOWS\addrz.exe
O4 - HKLM\..\RunOnce: [ievd.exe] C:\WINDOWS\ievd.exe
O4 - HKLM\..\RunOnce: [atlks32.exe] C:\WINDOWS\system32\atlks32.exe
O4 - HKLM\..\RunOnce: [ipih.exe] C:\WINDOWS\system32\ipih.exe
O4 - HKLM\..\RunOnce: [cred32.exe] C:\WINDOWS\system32\cred32.exe
O4 - HKLM\..\RunOnce: [sdkom.exe] C:\WINDOWS\system32\sdkom.exe
O4 - HKLM\..\RunOnce: [addwk32.exe] C:\WINDOWS\addwk32.exe
O4 - HKLM\..\RunOnce: [ntou.exe] C:\WINDOWS\ntou.exe
O4 - HKLM\..\RunOnce: [neteb.exe] C:\WINDOWS\neteb.exe
O4 - HKLM\..\RunOnce: [appil32.exe] C:\WINDOWS\system32\appil32.exe
O4 - HKLM\..\RunOnce: [d3ue32.exe] C:\WINDOWS\system32\d3ue32.exe
O4 - HKLM\..\RunOnce: [msbu.exe] C:\WINDOWS\system32\msbu.exe
O4 - HKLM\..\RunOnce: [d3cu.exe] C:\WINDOWS\system32\d3cu.exe
O4 - HKLM\..\RunOnce: [addrk32.exe] C:\WINDOWS\system32\addrk32.exe
O4 - HKLM\..\RunOnce: [mska.exe] C:\WINDOWS\system32\mska.exe
O4 - HKLM\..\RunOnce: [netyf.exe] C:\WINDOWS\netyf.exe
O4 - HKLM\..\RunOnce: [iekq.exe] C:\WINDOWS\system32\iekq.exe
O4 - HKLM\..\RunOnce: [crax.exe] C:\WINDOWS\system32\crax.exe
O4 - HKLM\..\RunOnce: [netsq32.exe] C:\WINDOWS\netsq32.exe
O4 - HKLM\..\RunOnce: [sdkys.exe] C:\WINDOWS\system32\sdkys.exe
O4 - HKLM\..\RunOnce: [appvr.exe] C:\WINDOWS\appvr.exe
O4 - HKLM\..\RunOnce: [wincg.exe] C:\WINDOWS\system32\wincg.exe
O4 - HKLM\..\RunOnce: [crvz32.exe] C:\WINDOWS\system32\crvz32.exe
O4 - HKLM\..\RunOnce: [ipmu32.exe] C:\WINDOWS\system32\ipmu32.exe
O4 - HKLM\..\RunOnce: [apihy32.exe] C:\WINDOWS\apihy32.exe
O4 - HKLM\..\RunOnce: [sdkfv.exe] C:\WINDOWS\sdkfv.exe
O4 - HKLM\..\RunOnce: [appls32.exe] C:\WINDOWS\system32\appls32.exe
O4 - HKLM\..\RunOnce: [mfcel32.exe] C:\WINDOWS\system32\mfcel32.exe
O4 - HKLM\..\RunOnce: [iebp32.exe] C:\WINDOWS\system32\iebp32.exe
O4 - HKLM\..\RunOnce: [atlak.exe] C:\WINDOWS\atlak.exe
O4 - HKLM\..\RunOnce: [apidd32.exe] C:\WINDOWS\system32\apidd32.exe
O4 - HKLM\..\RunOnce: [apisa32.exe] C:\WINDOWS\apisa32.exe
O4 - HKLM\..\RunOnce: [syswe.exe] C:\WINDOWS\system32\syswe.exe
O4 - HKLM\..\RunOnce: [d3ai.exe] C:\WINDOWS\d3ai.exe
O4 - HKLM\..\RunOnce: [sdkkg32.exe] C:\WINDOWS\sdkkg32.exe
O4 - HKLM\..\RunOnce: [appkp.exe] C:\WINDOWS\appkp.exe
O4 - HKLM\..\RunOnce: [ieob.exe] C:\WINDOWS\ieob.exe
O4 - HKLM\..\RunOnce: [netim32.exe] C:\WINDOWS\netim32.exe
O4 - HKLM\..\RunOnce: [sdkzt32.exe] C:\WINDOWS\sdkzt32.exe
O4 - HKLM\..\RunOnce: [ipcx.exe] C:\WINDOWS\system32\ipcx.exe
O4 - HKLM\..\RunOnce: [appbn32.exe] C:\WINDOWS\system32\appbn32.exe
O4 - HKLM\..\RunOnce: [netmm32.exe] C:\WINDOWS\netmm32.exe
O4 - HKLM\..\RunOnce: [ipfx32.exe] C:\WINDOWS\system32\ipfx32.exe
O4 - HKLM\..\RunOnce: [syscq32.exe] C:\WINDOWS\syscq32.exe
O4 - HKLM\..\RunOnce: [msft.exe] C:\WINDOWS\system32\msft.exe
O4 - HKLM\..\RunOnce: [ntej32.exe] C:\WINDOWS\system32\ntej32.exe
O4 - HKLM\..\RunOnce: [ieab32.exe] C:\WINDOWS\ieab32.exe
O4 - HKLM\..\RunOnce: [appyi.exe] C:\WINDOWS\appyi.exe
O4 - HKLM\..\RunOnce: [netum32.exe] C:\WINDOWS\system32\netum32.exe
O4 - HKLM\..\RunOnce: [atldn.exe] C:\WINDOWS\system32\atldn.exe
O4 - HKLM\..\RunOnce: [mfcrj32.exe] C:\WINDOWS\system32\mfcrj32.exe
O4 - HKLM\..\RunOnce: [atlxy32.exe] C:\WINDOWS\atlxy32.exe
O4 - HKLM\..\RunOnce: [iecc32.exe] C:\WINDOWS\iecc32.exe
O4 - HKLM\..\RunOnce: [d3ax.exe] C:\WINDOWS\d3ax.exe
O4 - HKLM\..\RunOnce: [netzx32.exe] C:\WINDOWS\netzx32.exe
O4 - HKLM\..\RunOnce: [msgu.exe] C:\WINDOWS\system32\msgu.exe
O4 - HKLM\..\RunOnce: [sysfc.exe] C:\WINDOWS\sysfc.exe
O4 - HKLM\..\RunOnce: [atlxu.exe] C:\WINDOWS\system32\atlxu.exe
O4 - HKLM\..\RunOnce: [d3oc32.exe] C:\WINDOWS\system32\d3oc32.exe
O4 - HKLM\..\RunOnce: [atldr32.exe] C:\WINDOWS\atldr32.exe
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: VirtuaGirl2.lnk = C:\Program Files\vg\VirtuaGirl2.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global User Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global User Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Java Client 2.1.0.91L - http://207.29.194.123:8000/Java/cs4msl091.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: Yahoo! NFL StatTracker - http://aud10.sports.yahoo.com/java/y/nflst8219_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Trivia - http://download.games.yahoo.com/games/clients/y/tvt0_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\winiw.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\JDG\Local Settings\Temporary Internet Files\Content.IE5\EJYP4R78\SFUninstaller[1].exe" service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: XtreamLok License Manager - Unknown owner - C:\WINDOWS\System32\xl.exe

SpSeHjFix Log File:

(7/13/05 4:54:24 PM) SPSeHjFix started v1.1.2
(7/13/05 4:54:24 PM) OS: WinXP Service Pack 2 (5.1.2600)
(7/13/05 4:54:24 PM) Language: english
(7/13/05 4:54:24 PM) Win-Path: C:\WINDOWS
(7/13/05 4:54:24 PM) System-Path: C:\WINDOWS\system32
(7/13/05 4:54:24 PM) Temp-Path: C:\DOCUME~1\JDG\LOCALS~1\Temp\
(7/13/05 4:54:36 PM) Disinfection started
(7/13/05 4:54:36 PM) Bad-Dll(IEP): c:\windows\xktsb.dll
(7/13/05 4:54:36 PM) UBF: 4 - UBB: 1 - UBR: 26
(7/13/05 4:54:36 PM) UBF: 4 - UBB: 1 - UBR: 26
(7/13/05 4:54:36 PM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: res://c:\windows\xktsb.dll/sp.html#12047
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: res://c:\windows\xktsb.dll/sp.html#12047
(7/13/05 4:54:36 PM) Stealth-String not found
(7/13/05 4:54:36 PM) No locked Files to delete. End without Reboot
(7/13/05 4:54:41 PM) Disinfection started
(7/13/05 4:54:41 PM) Bad-Dll(IEP): c:\windows\xktsb.dll
(7/13/05 4:54:41 PM) UBF: 4 - UBB: 1 - UBR: 26
(7/13/05 4:54:41 PM) UBF: 4 - UBB: 1 - UBR: 26
(7/13/05 4:54:41 PM) Bad IE-pages: (none)
(7/13/05 4:54:41 PM) Stealth-String not found
(7/13/05 4:54:41 PM) No locked Files to delete. End without Reboot
(7/13/05 4:55:03 PM) Disinfection started
(7/13/05 4:55:03 PM) Bad-Dll(IEP): c:\windows\xktsb.dll
(7/13/05 4:55:03 PM) UBF: 4 - UBB: 1 - UBR: 26
(7/13/05 4:55:03 PM) UBF: 4 - UBB: 1 - UBR: 26
(7/13/05 4:55:03 PM) Bad IE-pages: (none)
(7/13/05 4:55:03 PM) Stealth-String not found
(7/13/05 4:55:03 PM) No locked Files to delete. End without Reboot

(7/13/05 4:55:26 PM) SPSeHjFix started v1.1.2
(7/13/05 4:55:26 PM) OS: WinXP Service Pack 2 (5.1.2600)
(7/13/05 4:55:26 PM) Language: english
(7/13/05 4:55:26 PM) Win-Path: C:\WINDOWS
(7/13/05 4:55:26 PM) System-Path: C:\WINDOWS\system32
(7/13/05 4:55:26 PM) Temp-Path: C:\DOCUME~1\JDG\LOCALS~1\Temp\
(7/13/05 4:55:32 PM) Disinfection started
(7/13/05 4:55:32 PM) Bad-Dll(IEP): (not found)
(7/13/05 4:55:32 PM) Bad-Dll(IEP) in BHO: (not found)
(7/13/05 4:55:32 PM) UBF: 4 - UBB: 1 - UBR: 26
(7/13/05 4:55:32 PM) UBF: 4 - UBB: 1 - UBR: 26
(7/13/05 4:55:32 PM) Bad IE-pages: (none)
(7/13/05 4:55:32 PM) Stealth-String not found
(7/13/05 4:55:32 PM) Not infected->END

Panda Scan Log:

Incident Status Location

Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\cdmxtras
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\system32\NLNupgradeV4_5P13.exe
Adware:Adware/MyWay No disinfected C:\WINDOWS\system32\Xcite.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\system32\FLEOK
Adware:Adware/BrilliantDigitalNo disinfected Windows Registry
Adware:Adware/DownloadWare No disinfected C:\Program Files\MediaLoads*
Spyware:Spyware/ISTbar No disinfected C:\Program Files\Common Files\Totem Shared
Spyware:Spyware/ClearSearch No disinfected C:\WINDOWS\system32\ClrSchP0??.dll
Adware:Adware/TalkStocks No disinfected C:\WINDOWS\system32\mstbl.ocx
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\system32\sahagent*.exe
Adware:Adware/SearchAid No disinfected Windows Registry
Adware:Adware/SideSearch No disinfected C:\Documents and Settings\JDG\Application Data\Lycos
Adware:Adware/BlazeFind No disinfected Windows Registry
Adware:Adware/MSView No disinfected C:\WINDOWS\system32\nostalgia.dll
Spyware:Spyware/Altnet No disinfected Windows Registry
Spyware:Spyware/Whazit No disinfected C:\WINDOWS\system32\fiz1
Adware:Adware/CWS.Aboutblank No disinfected Windows Registry
Adware:Adware/Antivirus-gold No disinfected C:\Documents and Settings\JDG\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusGold 2.0.lnk
Adware:Adware/Gator No disinfected C:\Program Files\Common Files\ppetpper\nfhpeent\htjlnejn.exe.tcf
Adware:Adware/Gator No disinfected C:\Program Files\Common Files\ppetpper\peppcnapah\pnjnnflbl.exe.tcf
Adware:Adware/VirtualBouncer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\09249232-8AB0-4C82-B484-B259DB\22855475-A4FE-46F8-ACC9-89FC84
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\07962896-0F3D-45EC-BB74-B30C02
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\07A96FF7-8F51-47F4-8FA9-AE7642
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\2245E673-988A-4C21-9F36-E3E580
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\24C304DE-0A64-447A-88C3-D352C3
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\2EB8B370-9440-4473-9921-14C9E5
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\320DFE9A-65E1-413D-B7A4-0BBE1B
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\320DFE9A-65E1-413D-B7A4-0BBE1B[sysdetect.dll]
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\3213AA3A-2D4C-4302-93DA-DA63CC
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\5274E52D-0192-4F30-AA3A-38D60D
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\5C0B0532-168E-47BA-99F9-A4545F
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\617E34AB-6E8E-4F78-8197-58F77E
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\6A95E07C-9AB3-44DE-B40D-33AECD
Adware:Adware/MyWay No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\71FE6599-60FD-4072-A1C6-202C3F
Adware:Adware/MyWay No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\71FE6599-60FD-4072-A1C6-202C3F[mySetp.exe]
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\88D3F65E-BE0E-424E-A950-EDE339
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\8D73D7F8-0DBD-4A71-A9AB-E06F24
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\9085447E-E893-445C-BE65-7935F3
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\9085447E-E893-445C-BE65-7935F3[Points Manager.exe]
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\960CD96A-23F0-457C-B15D-E8DC0F
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\A0BA2442-C030-4A25-AB58-D5DE08
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\AB3C410E-83A7-4F3B-8CF3-D14313
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\B6582C33-8486-4BE1-B256-611871
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\C869D74A-EB7C-4170-8974-A9A6D7
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\CB7FF7D8-6856-41BD-B2C5-305FCB
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\CCFF6568-F7EE-4861-B31E-37BCCE
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\E326382D-1627-48A2-82FF-8F7561
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\F850E8C2-6523-4996-BAA9-4266FD
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\F850E8C2-6523-4996-BAA9-4266FD[AltnetUninstall.exe]
Spyware:Spyware/Altnet No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1364BF81-B3DA-4CDA-8935-0D3B6A\F850E8C2-6523-4996-BAA9-4266FD[asmend.exe]
Adware:Adware/MSView No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\26E39A8E-5679-47A3-967F-2B6D3B\B44B9D1C-F27F-4474-9254-914057
Adware:Adware/InstaFinder No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\38A88E24-F777-4B77-B011-3B5F45\37E8D4B2-0F05-4B5D-846B-8E8A56
Adware:Adware/MyWay No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\62D851C8-6263-4F33-B43B-CCE57E\A957F6ED-365B-4510-B742-664F87
Adware:Adware/MyWay No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\79DB9F22-1B5E-44EF-8560-27517F\6DFBF217-D82A-484C-B47E-355989
Adware:Adware/P2PNetworking No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8061A45F-594A-4531-BE21-DACB02\0FCC5CFB-E7F4-4E44-A4B7-0533C7
Adware:Adware/P2PNetworking No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8061A45F-594A-4531-BE21-DACB02\2363F935-D070-445D-85A9-FB7418
Adware:Adware/P2PNetworking No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8061A45F-594A-4531-BE21-DACB02\2E408893-9621-427E-A2B2-03B33A
Adware:Adware/P2PNetworking No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8061A45F-594A-4531-BE21-DACB02\4EF4204A-F472-406F-AC07-263679
Adware:Adware/Medload No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8061A45F-594A-4531-BE21-DACB02\5D53FC52-0EFB-4EC7-BEE8-3218CF
Adware:Adware/P2PNetworking No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8061A45F-594A-4531-BE21-DACB02\68A0BA8D-D254-4E75-8B2F-528608
Adware:Adware/P2PNetworking No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8061A45F-594A-4531-BE21-DACB02\74C8DE8D-258D-479F-97F4-9C725F
Adware:Adware/P2PNetworking No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8061A45F-594A-4531-BE21-DACB02\9377129E-73F3-48C8-90C2-6D998C
Adware:Adware/P2PNetworking No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8061A45F-594A-4531-BE21-DACB02\E48842EB-41A6-4756-9225-CD6A7E
Adware:Adware/P2PNetworking No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8061A45F-594A-4531-BE21-DACB02\EF82B114-25AB-47A7-9D15-7447EB
Adware:Adware/MyWay No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\9D2688BD-AE77-4233-A938-B71A8B\51D02FAD-C9A4-4673-AF10-10236D
Adware:Adware/MyWay No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\9D2688BD-AE77-4233-A938-B71A8B\CCDC6BFC-FCDE-4282-942A-F5DC20
Adware:Adware/Medload No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\C34FC78C-A7FF-43B4-A6B0-2216AF\B5B9628E-BCC0-4161-A9CE-EBA1FF
Adware:Adware/VirtualBouncer No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\E06A5280-F03D-4F7A-B49A-255E28\EE808BEB-58D2-477B-9EF3-C1026F
Adware:Adware/Antivirus-gold No disinfected C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\82F65484-5FEC-439C-8B2F-E1593D\9B332885-A7CB-488B-9F5C-60090B
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3ub.exe
Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.dll
Adware:Adware/PopCapLoader No disinfected C:\WINDOWS\Downloaded Program Files\popcaploader.inf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\fahic.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\gqisx.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\hdaeo.dll.tcf
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\INF\biini.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\polmx2.inf
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipmo.exe
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\jvhqb.dll.tcf
Adware:Adware/WinTools No disinfected C:\WINDOWS\Key2.txt
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\likqa.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\nbntv.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\rvqak.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\sedgh.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\SYSTEM32\akuda.dll.tcf
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\appxd32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\atlxd.exe
Spyware:Spyware/ClearSearch No disinfected C:\WINDOWS\SYSTEM32\ClrSchP012.dll
Spyware:Spyware/ClearSearch No disinfected C:\WINDOWS\SYSTEM32\ClrSchP0121.dll
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\cm1.dll
Spyware:Spyware/Whazit No disinfected C:\WINDOWS\SYSTEM32\fiz1
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\fly.dll
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\SYSTEM32\gchui.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\SYSTEM32\hbpif.dll.tcf
Adware:Adware/Specofer No disinfected C:\WINDOWS\SYSTEM32\httppost.exe
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\SYSTEM32\hwgei.dll.tcf
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\ignet.dll
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\ignet2.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\ipbh.exe
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\SYSTEM32\kcdsy.dll.tcf
Spyware:Spyware/Whazit No disinfected C:\WINDOWS\SYSTEM32\kyf.dat
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\SYSTEM32\kzxjg.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\SYSTEM32\maaxt.dll.tcf
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\mfcbz.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\msss.exe
Adware:Adware/TalkStocks No disinfected C:\WINDOWS\SYSTEM32\mstbl.ocx
Spyware:Spyware/BetterInet No disinfected C:\WINDOWS\SYSTEM32\MSView.exe
Adware:Adware/nCase No disinfected C:\WINDOWS\SYSTEM32\ncase.dll
Adware:Adware/nCase No disinfected C:\WINDOWS\SYSTEM32\ncase2.dll
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\NLNupgradeV4_5P13.exe
Adware:Adware/MSView No disinfected C:\WINDOWS\SYSTEM32\nostalgia.dll
Spyware:Spyware/BargainBuddy No disinfected C:\WINDOWS\SYSTEM32\OMsetup.exe
Adware:Adware/RCSync No disinfected C:\WINDOWS\SYSTEM32\pr1ze5.dll.tcf
Adware:Adware/RCSync No disinfected C:\WINDOWS\SYSTEM32\pr1ze5.dlltmp
Adware:Adware/RCSync No disinfected C:\WINDOWS\SYSTEM32\prizesurfer_setup.exe
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\SYSTEM32\qgcok.dll.tcf
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM32\sahagent1003.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM32\SHAgent.dll
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\SYSTEM32\SHAgent1007.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\SYSTEM32\vkhzp.dll.tcf
Adware:Adware/MyWay No disinfected C:\WINDOWS\SYSTEM32\Xcite.dll
Adware:Adware/MyWay No disinfected C:\WINDOWS\SYSTEM32\Xcite.exe
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\SYSTEM32\xexaf.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\SYSTEM32\ytrgd.dll
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\ucval.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\xjjgm.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\xktsb.dll.tcf
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\yvmot.dll.tcf

RPeeteRules 0 Newbie Poster · Answer 2 · 2005-07-15T07:02:04+00:00

RPeeteRules 0 Newbie Poster

18 Years Ago

Where do I go from here?

RPeeteRules 0 Newbie Poster · Answer 3 · 2005-07-15T20:58:39+00:00

RPeeteRules 0 Newbie Poster

18 Years Ago

What should I do with those logs? Anyone?

RPeeteRules 0 Newbie Poster · Answer 4 · 2005-07-16T10:21:49+00:00

Thanks so far for all the help so far. Here are the two logs, I'll do them on two seperate replies.

HighJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:16:54 AM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\xl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ieqg32.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\HP Share-to-Web\hpgs2wnd.exe
C:\Digital Imaging\Unload\hpqcmon.exe
C:\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HighJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\bcdzj.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bcdzj.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\bcdzj.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\bcdzj.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bcdzj.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\bcdzj.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\bcdzj.dll/sp.html#12047
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {038102A8-6BBF-3523-E9F7-013C8EC35F4A} - C:\WINDOWS\system32\atlku32.dll
O2 - BHO: Class - {19C147DB-0AAE-4BC9-7FA4-0291F21C5F33} - C:\WINDOWS\atlex.dll
O2 - BHO: Class - {1C72FEB7-4D6C-FAF3-195A-D51516EDCC77} - C:\WINDOWS\apihw32.dll
O2 - BHO: Class - {29E7FFD8-E6A5-9FCB-ED6E-4AAE63F4CAE9} - C:\WINDOWS\system32\sysyx32.dll
O2 - BHO: Class - {4197FF54-5C18-A7E5-9CC3-32130092E2A4} - C:\WINDOWS\crms32.dll
O2 - BHO: Class - {52CA0E68-18D4-4EE7-27A9-12262907D778} - C:\WINDOWS\system32\addcm32.dll
O2 - BHO: Class - {5FED6D45-2D6E-9D60-4B64-A4543F387F99} - C:\WINDOWS\system32\javaia32.dll
O2 - BHO: Class - {605BB929-10FB-81EB-196F-7822E1EA2567} - C:\WINDOWS\ipwg32.dll
O2 - BHO: Class - {789FEB82-8DED-7AC4-9DDA-995AC51398B1} - C:\WINDOWS\system32\atlnk.dll
O2 - BHO: Class - {8C4F8213-4CBA-4C70-31C9-B2D727A270F1} - C:\WINDOWS\ipoh.dll
O2 - BHO: Class - {92935E29-CDC5-7406-9FD4-6550E38F847C} - C:\WINDOWS\sdkdt.dll
O2 - BHO: Class - {991DF816-06EC-05DF-D306-F828A69AEF22} - C:\WINDOWS\netwy32.dll
O2 - BHO: Class - {9A65FF84-5F62-35FE-18D6-0C43F27B7AEB} - C:\WINDOWS\system32\netxj.dll
O2 - BHO: Class - {A5F02AA1-E33B-02E2-EE38-6C66F5363B53} - C:\WINDOWS\winaw.dll
O2 - BHO: Class - {B784881A-C236-6F52-D86B-285DC0FC4011} - C:\WINDOWS\syskb32.dll
O2 - BHO: Class - {B7C25C68-FA17-FA9D-AF0F-BB29B5B9B64C} - C:\WINDOWS\apicj.dll
O2 - BHO: Class - {BC88BD6A-B85D-124E-8F1A-F26233A0C485} - C:\WINDOWS\javatg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {BF8E8A3B-3B07-92AF-7CDE-94E44B1AB52C} - C:\WINDOWS\system32\javang32.dll
O2 - BHO: Class - {C0146C97-9E45-541E-2BF9-8DEC38F21C73} - C:\WINDOWS\javaif.dll
O2 - BHO: Class - {C57C0B7D-AA25-C69F-541D-8DFCEADF8E7E} - C:\WINDOWS\system32\ieak.dll
O2 - BHO: Class - {FA224A3B-80E3-FC4E-47BB-C7027C3BE4E9} - C:\WINDOWS\system32\javauq32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Microsoft Tray] C:\Documents and Settings\JDG\Desktop\Josh\My Shared Folder\Video Strip Poker 2002.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IEXPLORE.EXE] c:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [javakf32.exe] C:\WINDOWS\system32\javakf32.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [ieqg32.exe] C:\WINDOWS\system32\ieqg32.exe
O4 - HKLM\..\RunOnce: [iect.exe] C:\WINDOWS\iect.exe
O4 - HKLM\..\RunOnce: [sdkns32.exe] C:\WINDOWS\system32\sdkns32.exe
O4 - HKLM\..\RunOnce: [ipru.exe] C:\WINDOWS\system32\ipru.exe
O4 - HKLM\..\RunOnce: [sdknu.exe] C:\WINDOWS\system32\sdknu.exe
O4 - HKLM\..\RunOnce: [apiry.exe] C:\WINDOWS\apiry.exe
O4 - HKLM\..\RunOnce: [winvl.exe] C:\WINDOWS\winvl.exe
O4 - HKLM\..\RunOnce: [d3uy.exe] C:\WINDOWS\system32\d3uy.exe
O4 - HKLM\..\RunOnce: [addyc.exe] C:\WINDOWS\system32\addyc.exe
O4 - HKLM\..\RunOnce: [mfcjv32.exe] C:\WINDOWS\system32\mfcjv32.exe
O4 - HKLM\..\RunOnce: [sdkgn32.exe] C:\WINDOWS\sdkgn32.exe
O4 - HKLM\..\RunOnce: [javaob32.exe] C:\WINDOWS\system32\javaob32.exe
O4 - HKLM\..\RunOnce: [ntwx32.exe] C:\WINDOWS\system32\ntwx32.exe
O4 - HKLM\..\RunOnce: [apipo32.exe] C:\WINDOWS\apipo32.exe
O4 - HKLM\..\RunOnce: [msem.exe] C:\WINDOWS\system32\msem.exe
O4 - HKLM\..\RunOnce: [appie32.exe] C:\WINDOWS\system32\appie32.exe
O4 - HKLM\..\RunOnce: [mswy.exe] C:\WINDOWS\system32\mswy.exe
O4 - HKLM\..\RunOnce: [netzt.exe] C:\WINDOWS\netzt.exe
O4 - HKLM\..\RunOnce: [sdklp32.exe] C:\WINDOWS\sdklp32.exe
O4 - HKLM\..\RunOnce: [netle.exe] C:\WINDOWS\netle.exe
O4 - HKLM\..\RunOnce: [d3im32.exe] C:\WINDOWS\d3im32.exe
O4 - HKLM\..\RunOnce: [wingl.exe] C:\WINDOWS\system32\wingl.exe
O4 - HKLM\..\RunOnce: [winpc32.exe] C:\WINDOWS\winpc32.exe
O4 - HKLM\..\RunOnce: [apich.exe] C:\WINDOWS\apich.exe
O4 - HKLM\..\RunOnce: [sdkah.exe] C:\WINDOWS\system32\sdkah.exe
O4 - HKLM\..\RunOnce: [mfcfb32.exe] C:\WINDOWS\mfcfb32.exe
O4 - HKLM\..\RunOnce: [netdl.exe] C:\WINDOWS\netdl.exe
O4 - HKLM\..\RunOnce: [javarb.exe] C:\WINDOWS\javarb.exe
O4 - HKLM\..\RunOnce: [javanw32.exe] C:\WINDOWS\javanw32.exe
O4 - HKLM\..\RunOnce: [sysgs.exe] C:\WINDOWS\system32\sysgs.exe
O4 - HKLM\..\RunOnce: [ieyg.exe] C:\WINDOWS\ieyg.exe
O4 - HKLM\..\RunOnce: [sdkdr.exe] C:\WINDOWS\sdkdr.exe
O4 - HKLM\..\RunOnce: [msvk.exe] C:\WINDOWS\msvk.exe
O4 - HKLM\..\RunOnce: [d3yv.exe] C:\WINDOWS\system32\d3yv.exe
O4 - HKLM\..\RunOnce: [crnq32.exe] C:\WINDOWS\system32\crnq32.exe
O4 - HKLM\..\RunOnce: [d3sh32.exe] C:\WINDOWS\system32\d3sh32.exe
O4 - HKLM\..\RunOnce: [atlqi.exe] C:\WINDOWS\atlqi.exe
O4 - HKLM\..\RunOnce: [mskx32.exe] C:\WINDOWS\mskx32.exe
O4 - HKLM\..\RunOnce: [d3zu.exe] C:\WINDOWS\system32\d3zu.exe
O4 - HKLM\..\RunOnce: [apikh.exe] C:\WINDOWS\system32\apikh.exe
O4 - HKLM\..\RunOnce: [crud32.exe] C:\WINDOWS\crud32.exe
O4 - HKLM\..\RunOnce: [crzu32.exe] C:\WINDOWS\crzu32.exe
O4 - HKLM\..\RunOnce: [ipyj32.exe] C:\WINDOWS\system32\ipyj32.exe
O4 - HKLM\..\RunOnce: [apprq32.exe] C:\WINDOWS\apprq32.exe
O4 - HKLM\..\RunOnce: [addtw32.exe] C:\WINDOWS\addtw32.exe
O4 - HKLM\..\RunOnce: [ipge.exe] C:\WINDOWS\system32\ipge.exe
O4 - HKLM\..\RunOnce: [javarl.exe] C:\WINDOWS\system32\javarl.exe
O4 - HKLM\..\RunOnce: [addpi32.exe] C:\WINDOWS\addpi32.exe
O4 - HKLM\..\RunOnce: [appoy32.exe] C:\WINDOWS\appoy32.exe
O4 - HKLM\..\RunOnce: [ipyr32.exe] C:\WINDOWS\system32\ipyr32.exe
O4 - HKLM\..\RunOnce: [sysyz32.exe] C:\WINDOWS\sysyz32.exe
O4 - HKLM\..\RunOnce: [apibl32.exe] C:\WINDOWS\system32\apibl32.exe
O4 - HKLM\..\RunOnce: [javaur32.exe] C:\WINDOWS\javaur32.exe
O4 - HKLM\..\RunOnce: [cruh32.exe] C:\WINDOWS\cruh32.exe
O4 - HKLM\..\RunOnce: [winda32.exe] C:\WINDOWS\system32\winda32.exe
O4 - HKLM\..\RunOnce: [atlrc.exe] C:\WINDOWS\atlrc.exe
O4 - HKLM\..\RunOnce: [netbd.exe] C:\WINDOWS\netbd.exe
O4 - HKLM\..\RunOnce: [winal32.exe] C:\WINDOWS\winal32.exe
O4 - HKLM\..\RunOnce: [mfckv.exe] C:\WINDOWS\mfckv.exe
O4 - HKLM\..\RunOnce: [winii.exe] C:\WINDOWS\system32\winii.exe
O4 - HKLM\..\RunOnce: [mfcem.exe] C:\WINDOWS\mfcem.exe
O4 - HKLM\..\RunOnce: [ntxf32.exe] C:\WINDOWS\system32\ntxf32.exe
O4 - HKLM\..\RunOnce: [msbz.exe] C:\WINDOWS\system32\msbz.exe
O4 - HKLM\..\RunOnce: [iego32.exe] C:\WINDOWS\iego32.exe
O4 - HKLM\..\RunOnce: [sysuy.exe] C:\WINDOWS\sysuy.exe
O4 - HKLM\..\RunOnce: [ipfi.exe] C:\WINDOWS\ipfi.exe
O4 - HKLM\..\RunOnce: [ntco.exe] C:\WINDOWS\ntco.exe
O4 - HKLM\..\RunOnce: [mfchq32.exe] C:\WINDOWS\system32\mfchq32.exe
O4 - HKLM\..\RunOnce: [sdkrr32.exe] C:\WINDOWS\system32\sdkrr32.exe
O4 - HKLM\..\RunOnce: [addrz.exe] C:\WINDOWS\addrz.exe
O4 - HKLM\..\RunOnce: [ievd.exe] C:\WINDOWS\ievd.exe
O4 - HKLM\..\RunOnce: [ipih.exe] C:\WINDOWS\system32\ipih.exe
O4 - HKLM\..\RunOnce: [addte32.exe] C:\WINDOWS\system32\addte32.exe
O4 - HKLM\..\RunOnce: [sdkom.exe] C:\WINDOWS\system32\sdkom.exe
O4 - HKLM\..\RunOnce: [ntou.exe] C:\WINDOWS\ntou.exe
O4 - HKLM\..\RunOnce: [appil32.exe] C:\WINDOWS\system32\appil32.exe
O4 - HKLM\..\RunOnce: [msbu.exe] C:\WINDOWS\system32\msbu.exe
O4 - HKLM\..\RunOnce: [d3cu.exe] C:\WINDOWS\system32\d3cu.exe
O4 - HKLM\..\RunOnce: [mska.exe] C:\WINDOWS\system32\mska.exe
O4 - HKLM\..\RunOnce: [netyf.exe] C:\WINDOWS\netyf.exe
O4 - HKLM\..\RunOnce: [iekq.exe] C:\WINDOWS\system32\iekq.exe
O4 - HKLM\..\RunOnce: [netsq32.exe] C:\WINDOWS\system32\netsq32.exe
O4 - HKLM\..\RunOnce: [sdkys.exe] C:\WINDOWS\system32\sdkys.exe
O4 - HKLM\..\RunOnce: [appvr.exe] C:\WINDOWS\appvr.exe
O4 - HKLM\..\RunOnce: [crvz32.exe] C:\WINDOWS\system32\crvz32.exe
O4 - HKLM\..\RunOnce: [ieob.exe] C:\WINDOWS\ieob.exe
O4 - HKLM\..\RunOnce: [netim32.exe] C:\WINDOWS\netim32.exe
O4 - HKLM\..\RunOnce: [sdkzt32.exe] C:\WINDOWS\sdkzt32.exe
O4 - HKLM\..\RunOnce: [ipcx.exe] C:\WINDOWS\system32\ipcx.exe
O4 - HKLM\..\RunOnce: [appbn32.exe] C:\WINDOWS\system32\appbn32.exe
O4 - HKLM\..\RunOnce: [ipfx32.exe] C:\WINDOWS\system32\ipfx32.exe
O4 - HKLM\..\RunOnce: [syscq32.exe] C:\WINDOWS\syscq32.exe
O4 - HKLM\..\RunOnce: [ntej32.exe] C:\WINDOWS\system32\ntej32.exe
O4 - HKLM\..\RunOnce: [msgu.exe] C:\WINDOWS\system32\msgu.exe
O4 - HKLM\..\RunOnce: [atlxu.exe] C:\WINDOWS\system32\atlxu.exe
O4 - HKLM\..\RunOnce: [d3oc32.exe] C:\WINDOWS\system32\d3oc32.exe
O4 - HKLM\..\RunOnce: [nthd.exe] C:\WINDOWS\nthd.exe
O4 - HKLM\..\RunOnce: [iewa32.exe] C:\WINDOWS\system32\iewa32.exe
O4 - HKLM\..\RunOnce: [sdkjk32.exe] C:\WINDOWS\system32\sdkjk32.exe
O4 - HKLM\..\RunOnce: [crpp32.exe] C:\WINDOWS\system32\crpp32.exe
O4 - HKLM\..\RunOnce: [crja.exe] C:\WINDOWS\system32\crja.exe
O4 - HKLM\..\RunOnce: [sdkgy.exe] C:\WINDOWS\system32\sdkgy.exe
O4 - HKLM\..\RunOnce: [ieft32.exe] C:\WINDOWS\system32\ieft32.exe
O4 - HKLM\..\RunOnce: [atlxw.exe] C:\WINDOWS\system32\atlxw.exe
O4 - HKLM\..\RunOnce: [crww32.exe] C:\WINDOWS\crww32.exe
O4 - HKLM\..\RunOnce: [msqx.exe] C:\WINDOWS\msqx.exe
O4 - HKLM\..\RunOnce: [mfcna32.exe] C:\WINDOWS\system32\mfcna32.exe
O4 - HKLM\..\RunOnce: [sdkyj32.exe] C:\WINDOWS\sdkyj32.exe
O4 - HKLM\..\RunOnce: [ntfw.exe] C:\WINDOWS\system32\ntfw.exe
O4 - HKLM\..\RunOnce: [mfcbn32.exe] C:\WINDOWS\system32\mfcbn32.exe
O4 - HKLM\..\RunOnce: [netvo32.exe] C:\WINDOWS\system32\netvo32.exe
O4 - HKLM\..\RunOnce: [sdkov.exe] C:\WINDOWS\system32\sdkov.exe
O4 - HKLM\..\RunOnce: [crcx32.exe] C:\WINDOWS\system32\crcx32.exe
O4 - HKLM\..\RunOnce: [javaru32.exe] C:\WINDOWS\system32\javaru32.exe
O4 - HKLM\..\RunOnce: [crzc32.exe] C:\WINDOWS\crzc32.exe
O4 - HKLM\..\RunOnce: [msep32.exe] C:\WINDOWS\system32\msep32.exe
O4 - HKLM\..\RunOnce: [javadk32.exe] C:\WINDOWS\system32\javadk32.exe
O4 - HKLM\..\RunOnce: [netsu32.exe] C:\WINDOWS\system32\netsu32.exe
O4 - HKLM\..\RunOnce: [mfcxm32.exe] C:\WINDOWS\mfcxm32.exe
O4 - HKLM\..\RunOnce: [iequ32.exe] C:\WINDOWS\iequ32.exe
O4 - HKLM\..\RunOnce: [ntsj32.exe] C:\WINDOWS\ntsj32.exe
O4 - HKLM\..\RunOnce: [crfn.exe] C:\WINDOWS\crfn.exe
O4 - HKLM\..\RunOnce: [javagn32.exe] C:\WINDOWS\system32\javagn32.exe
O4 - HKLM\..\RunOnce: [windt.exe] C:\WINDOWS\system32\windt.exe
O4 - HKLM\..\RunOnce: [addyk32.exe] C:\WINDOWS\system32\addyk32.exe
O4 - HKLM\..\RunOnce: [crcg32.exe] C:\WINDOWS\system32\crcg32.exe
O4 - HKLM\..\RunOnce: [mfcjt32.exe] C:\WINDOWS\mfcjt32.exe
O4 - HKLM\..\RunOnce: [iedm32.exe] C:\WINDOWS\iedm32.exe
O4 - HKLM\..\RunOnce: [crvb.exe] C:\WINDOWS\crvb.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\system32\ieqi32.exe
O4 - HKLM\..\RunOnce: [sysbb32.exe] C:\WINDOWS\sysbb32.exe
O4 - HKLM\..\RunOnce: [sysye32.exe] C:\WINDOWS\system32\sysye32.exe
O4 - HKLM\..\RunOnce: [mshm.exe] C:\WINDOWS\system32\mshm.exe
O4 - HKLM\..\RunOnce: [sdkfc32.exe] C:\WINDOWS\system32\sdkfc32.exe
O4 - HKLM\..\RunOnce: [wintr32.exe] C:\WINDOWS\system32\wintr32.exe
O4 - HKLM\..\RunOnce: [sdktr.exe] C:\WINDOWS\sdktr.exe
O4 - HKLM\..\RunOnce: [crms32.exe] C:\WINDOWS\crms32.exe
O4 - HKLM\..\RunOnce: [msgl.exe] C:\WINDOWS\system32\msgl.exe
O4 - HKLM\..\RunOnce: [crqz32.exe] C:\WINDOWS\crqz32.exe
O4 - HKLM\..\RunOnce: [d3jl32.exe] C:\WINDOWS\system32\d3jl32.exe
O4 - HKLM\..\RunOnce: [ipoh32.exe] C:\WINDOWS\system32\ipoh32.exe
O4 - HKLM\..\RunOnce: [mssj.exe] C:\WINDOWS\system32\mssj.exe
O4 - HKLM\..\RunOnce: [systi32.exe] C:\WINDOWS\systi32.exe
O4 - HKLM\..\RunOnce: [sdkwa.exe] C:\WINDOWS\sdkwa.exe
O4 - HKLM\..\RunOnce: [apism32.exe] C:\WINDOWS\system32\apism32.exe
O4 - HKLM\..\RunOnce: [addqt.exe] C:\WINDOWS\system32\addqt.exe
O4 - HKLM\..\RunOnce: [d3pj32.exe] C:\WINDOWS\d3pj32.exe
O4 - HKLM\..\RunOnce: [ntgz32.exe] C:\WINDOWS\system32\ntgz32.exe
O4 - HKLM\..\RunOnce: [sysry32.exe] C:\WINDOWS\system32\sysry32.exe
O4 - HKLM\..\RunOnce: [iprr.exe] C:\WINDOWS\iprr.exe
O4 - HKLM\..\RunOnce: [croc32.exe] C:\WINDOWS\system32\croc32.exe
O4 - HKLM\..\RunOnce: [apihw32.exe] C:\WINDOWS\system32\apihw32.exe
O4 - HKLM\..\RunOnce: [apiwy.exe] C:\WINDOWS\apiwy.exe
O4 - HKLM\..\RunOnce: [crtn32.exe] C:\WINDOWS\system32\crtn32.exe
O4 - HKLM\..\RunOnce: [d3eh.exe] C:\WINDOWS\system32\d3eh.exe
O4 - HKLM\..\RunOnce: [atlcm32.exe] C:\WINDOWS\atlcm32.exe
O4 - HKLM\..\RunOnce: [apiet32.exe] C:\WINDOWS\system32\apiet32.exe
O4 - HKLM\..\RunOnce: [msln.exe] C:\WINDOWS\msln.exe
O4 - HKLM\..\RunOnce: [javaif.exe] C:\WINDOWS\javaif.exe
O4 - HKLM\..\RunOnce: [atlnk.exe] C:\WINDOWS\system32\atlnk.exe
O4 - HKLM\..\RunOnce: [atlnh32.exe] C:\WINDOWS\atlnh32.exe
O4 - HKLM\..\RunOnce: [apisw32.exe] C:\WINDOWS\apisw32.exe
O4 - HKLM\..\RunOnce: [atlhj32.exe] C:\WINDOWS\atlhj32.exe
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: VirtuaGirl2.lnk = C:\Program Files\vg\VirtuaGirl2.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global User Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global User Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Java Client 2.1.0.91L - http://207.29.194.123:8000/Java/cs4msl091.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: Yahoo! NFL StatTracker - http://aud10.sports.yahoo.com/java/y/nflst8219_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Trivia - http://download.games.yahoo.com/games/clients/y/tvt0_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\winiw.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\JDG\Local Settings\Temporary Internet Files\Content.IE5\EJYP4R78\SFUninstaller[1].exe" service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: XtreamLok License Manager - Unknown owner - C:\WINDOWS\System32\xl.exe

RPeeteRules 0 Newbie Poster · Answer 5 · 2005-07-16T10:22:38+00:00

SysClean Log:

2005-07-15, 15:59:27, Auto-clean mode specified.
2005-07-15, 15:59:27, Running scanner "C:\Documents and Settings\JDG\Desktop\SysClean\TSC.BIN"...
2005-07-15, 16:04:00, Scanner "C:\Documents and Settings\JDG\Desktop\SysClean\TSC.BIN" has finished running.
2005-07-15, 16:04:00, TSC Log:

Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: Service Pack 2)

Start time : Fri Jul 15 2005 15:59:28

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\JDG\Desktop\SysClean\tsc.ptn" (version 627) [success]

Complete time : Fri Jul 15 2005 16:03:59
Execute pattern count(4102), Virus found count(0), Virus clean count(0), Clean failed count(0)

2005-07-15, 17:31:56, An error occurred while scanning file "C:\Documents and Settings\JDG\NTUSER.DAT": Access is denied.
2005-07-15, 17:31:56, An error occurred while scanning file "C:\Documents and Settings\JDG\ntuser.dat.LOG": Access is denied.
2005-07-15, 18:37:10, An error occurred while scanning file "C:\Documents and Settings\JDG\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-07-15, 18:37:10, An error occurred while scanning file "C:\Documents and Settings\JDG\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-07-15, 20:15:41, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Access is denied.
2005-07-15, 20:15:41, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Access is denied.
2005-07-15, 20:15:41, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-07-15, 20:15:41, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-07-15, 21:30:02, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB824141$\user32.dll": Access is denied.
2005-07-15, 21:30:02, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB824141$\win32k.sys": Access is denied.
2005-07-15, 21:30:03, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll": Access is denied.
2005-07-15, 21:30:03, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll": Access is denied.
2005-07-15, 21:30:18, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll": Access is denied.
2005-07-15, 21:30:18, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB839645$\shell32.dll": Access is denied.
2005-07-15, 21:30:18, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll": Access is denied.
2005-07-15, 21:30:18, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB839645$\sxs.dll": Access is denied.
2005-07-15, 21:30:18, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll": Access is denied.
2005-07-15, 21:31:10, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx": Access is denied.
2005-07-15, 21:31:10, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ828026$\wmp.dll": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ADDAS32.EXE-21CF3701.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ADDGJ32.EXE-0A6A0DEA.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ADDQT.EXE-197EDD06.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ADDVA.EXE-228442E1.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ADDYK32.EXE-25D0085A.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APIAA32.EXE-311D3D98.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APICR32.EXE-24B4CC71.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APIET32.EXE-08FD6745.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APIHW32.EXE-23CF857C.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APISM32.EXE-17121EB4.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APIWY.EXE-0004285F.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APIXD.EXE-07F4FE6C.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APIZC.EXE-1E88034B.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APIZN.EXE-29EDCE58.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APPIU32.EXE-10EAFCD3.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APPLP32.EXE-385CE062.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APPOP32.EXE-0D5A2F9F.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APPTO32.EXE-29791B83.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ATLCM32.EXE-2A5B9865.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ATLJQ.EXE-30200EE2.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ATLNH32.EXE-2A5F1963.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ATLNK.EXE-15176429.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRCG32.EXE-24886C68.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRCM32.EXE-0AF675F0.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRFN.EXE-33CB6BB0.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRIV.EXE-367AF4C2.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRKV32.EXE-2E18D4F9.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRLD.EXE-06C2EEB3.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRMS32.EXE-0B092E77.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CROC32.EXE-120497F9.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRQZ32.EXE-170DC154.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRTN32.EXE-20D6ABF8.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRVB.EXE-14AEE1E5.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3BU.EXE-1DBC073B.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3EH.EXE-0271AC48.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3JL32.EXE-0CD7CACF.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3KC.EXE-2F488364.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3PJ32.EXE-08A93985.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3TI.EXE-17FA0A29.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3VB32.EXE-15174E3D.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3WL.EXE-138A8A17.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3ZE.EXE-0BBEF52B.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\FIREFOX.EXE-06188867.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IEDM32.EXE-1148C755.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IEJD32.EXE-003F93C2.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IEQI32.EXE-01CD0FD2.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IETB32.EXE-3A251A01.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IPDW32.EXE-029D81A3.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IPEZ.EXE-0803F2BA.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IPFB32.EXE-1D9C8674.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IPMG.EXE-0F76CCF4.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IPOH32.EXE-3113D1BA.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IPRR.EXE-2C62FA6C.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IPXI32.EXE-05784344.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\JAVAFD.EXE-038C8B23.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\JAVAIF.EXE-1C8F9671.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCBU.EXE-0E636635.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCCL.EXE-064CD694.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCJT32.EXE-2B61F658.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCLZ32.EXE-3925430B.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCMP32.EXE-2299558E.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCPW.EXE-2B55419D.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCSZ32.EXE-17EAAB12.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCZH.EXE-24E272F7.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSCONFIG.EXE-1EF1EA0F.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSGL.EXE-28877D59.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSHM.EXE-1A8E82A3.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSJI.EXE-30BF360A.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSJT.EXE-088B274D.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSLN.EXE-09888B42.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSN6.EXE-04E65C15.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSOM.EXE-0E04A87C.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSSJ.EXE-0163B8FF.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\NDETECT.EXE-2DABC14D.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\NETAF32.EXE-3423DBF0.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NETGD.EXE-39F8B1C8.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NETGM.EXE-1D82655E.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NETHE32.EXE-20A3EF72.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NETPE.EXE-16F6C398.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NETVX.EXE-21E08DA5.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NTGZ32.EXE-0133B0DF.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NTPS32.EXE-1B46E892.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NTRX32.EXE-208E3893.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NTSJ32.EXE-005A4315.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NTXS.EXE-1BC638DD.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-5645E36A.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKCR.EXE-2BFE0FED.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKDT.EXE-3A014F09.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKFC32.EXE-1226F755.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKNH.EXE-0A3D7435.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKNZ.EXE-36F4C0C9.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKTR.EXE-1FECC4A7.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKUI32.EXE-046E1013.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKVG32.EXE-02077BE9.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKWA.EXE-0398D243.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSAG.EXE-0FF1AAFD.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSBB32.EXE-2D11B6D9.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSBP32.EXE-35FEFB33.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCC.EXE-3B593405.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.COM-154CC31B.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.EXE-02908E51.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.EXE-080D21C0.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSDZ32.EXE-0A68DA7F.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSER32.EXE-1A833386.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSRY32.EXE-0D095A4C.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSSJ32.EXE-06598C80.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSTI32.EXE-3A4B99D8.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSXQ.EXE-2BD58976.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSYE32.EXE-392C65B2.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\WINRG.EXE-147391CA.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\WINSM32.EXE-3A2018A7.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\WINTR32.EXE-313D46D2.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\WINZIP32.EXE-2491095F.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf": Access is denied.
2005-07-15, 21:42:37, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT": Access is denied.
2005-07-15, 21:42:37, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG": Access is denied.
2005-07-15, 21:42:37, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SAM": Access is denied.
2005-07-15, 21:42:37, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG": Access is denied.
2005-07-15, 21:42:37, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SECURITY": Access is denied.
2005-07-15, 21:42:37, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG": Access is denied.
2005-07-15, 21:42:37, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE": Access is denied.
2005-07-15, 21:42:37, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG": Access is denied.
2005-07-15, 21:42:38, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM": Access is denied.
2005-07-15, 21:42:38, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG": Access is denied.
2005-07-15, 21:44:50, Running scanner "C:\Documents and Settings\JDG\Desktop\SysClean\VSCANTM.BIN"...
2005-07-15, 23:23:56, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 7/15/2005 21:44:52
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 731 (104621 Patterns) (2005/07/14) (273100)
Command Line: C:\Documents and Settings\JDG\Desktop\SysClean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\JDG\Desktop\SysClean

C:\Documents and Settings\JDG\Desktop\Josh\backups\backup-20050711-192527-698.dll [TROJ_DLOADER.UQ]
C:\Program Files\Microsoft AntiSpyware\Quarantine\26E39A8E-5679-47A3-967F-2B6D3B\B44B9D1C-F27F-4474-9254-914057 [TROJ_KEYHOST.E]
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\82F65484-5FEC-439C-8B2F-E1593D\9B332885-A7CB-488B-9F5C-60090B [TROJ_SMALL.AMW]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1088\A0091021.exe [TROJ_SDBOT.GEN]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1111\A0093485.exe [TROJ_DLOADER.UR]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1111\A0093486.dll [TROJ_DLOADER.UQ]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094428.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094430.dll [TROJ_DLOADER.UQ]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094463.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094464.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094465.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094466.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094467.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094468.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094469.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094470.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094471.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094472.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094473.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094474.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094475.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094476.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094477.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0095620.dll.tcf [TROJ_SMALL.AZF]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096160.dll [TROJ_DLOADER.UQ]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096163.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096164.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096165.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096166.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096167.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096168.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096169.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096170.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096171.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096173.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096174.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096175.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096176.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096177.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096178.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096179.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096180.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096181.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096183.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096184.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096185.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096186.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096187.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096188.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096300.exe [TROJ_DATER.A]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096304.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096305.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096306.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096307.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096308.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096492.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096494.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096495.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096496.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096498.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096499.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096500.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096501.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096502.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096503.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096505.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096507.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096508.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096509.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096510.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096511.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096512.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096761.exe [TROJ_SMALL.AMW]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096864.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096865.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096895.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096896.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096897.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096898.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096899.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096900.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096901.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096902.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096903.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096904.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096905.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096906.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096907.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096908.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096909.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096910.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096911.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096912.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096913.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096914.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096915.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096916.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096917.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096922.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096923.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096924.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096925.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096928.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096929.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096930.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096931.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096932.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096933.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096934.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096935.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096936.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096937.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096938.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096939.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096940.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096941.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096942.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096944.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096945.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096946.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096947.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096948.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096949.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096950.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096951.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096952.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096953.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096954.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096955.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096956.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096957.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096958.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096959.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096960.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096961.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096962.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096963.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096964.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096965.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096966.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096967.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096968.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096969.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096970.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096971.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096972.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096973.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096974.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096975.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096976.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096977.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096978.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096980.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096981.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096982.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096983.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096984.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096985.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096986.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096987.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096988.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096989.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096990.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096991.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096992.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096993.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096994.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096995.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096996.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096997.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096998.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096999.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097000.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097001.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097002.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097003.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097004.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097005.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097006.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097007.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097008.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097009.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097010.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097011.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097012.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097013.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097014.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097015.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097016.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097017.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097018.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097019.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097020.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097021.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097022.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097023.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097024.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097025.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097026.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097027.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097028.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097029.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097030.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097031.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097032.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1120\A0097195.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\apinj32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\apirr.exe [TROJ_AGENT.GAJ]
C:\WINDOWS\appku32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\appzo32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\atlcr32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\atlim32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\d3ub.exe [TROJ_DLOADER.UR]
C:\WINDOWS\fahic.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\gqisx.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\hdaeo.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\ietw32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\iphb.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\ipmo.exe [TROJ_DLOADER.UR]
C:\WINDOWS\javaae.exe [TROJ_AGENT.GAJ]
C:\WINDOWS\javadc.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\javaqo.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\jvhqb.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\likqa.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\msej32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\mshl32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\nbntv.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\netbh32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\rvqak.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\sdkcj32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\sdkhx32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\sdkxk.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\sedgh.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\akuda.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\apipz.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\atlgc.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\atlms.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\atlxd.exe [TROJ_DLOADER.UR]
C:\WINDOWS\SYSTEM32\atlxd32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\atlxl.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\d3ax.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\d3md32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\gchui.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\hbpif.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\hwgei.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\ievo.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\ipbh.exe [TROJ_DLOADER.UR]
C:\WINDOWS\SYSTEM32\ipdq32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\ipid.exe [TROJ_AGENT.GAJ]
C:\WINDOWS\SYSTEM32\javakf32.exe [TROJ_AGENT.GAJ]
C:\WINDOWS\SYSTEM32\kcdsy.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\kzxjg.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\maaxt.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\mfcsx32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\msru32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\ntmx32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\qgcok.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\sdkom.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\vkhzp.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\winjt32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\winta32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\winzx32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\xexaf.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\ytrgd.dll [TROJ_STARTPAG.RE]
C:\WINDOWS\ucval.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\winuz.exe [TROJ_DLOADER.UQ]
C:\WINDOWS\xjjgm.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\xktsb.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\yvmot.dll.tcf [TROJ_STARTPAG.RE]
70721 files have been read.
70721 files have been checked.
52801 files have been scanned.
120467 files have been scanned. (including files in archived)
269 files containing viruses.
Found 269 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/15/2005 23:23:55
---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-15, 23:23:56, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 7/15/2005 21:44:52
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 731 (104621 Patterns) (2005/07/14) (273100)
Command Line: C:\Documents and Settings\JDG\Desktop\SysClean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\JDG\Desktop\SysClean

Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\Documents and Settings\JDG\Desktop\Josh\backups\backup-20050711-192527-698.dll
Success Clean [ TROJ_KEYHOST.E]( 1) from C:\Program Files\Microsoft AntiSpyware\Quarantine\26E39A8E-5679-47A3-967F-2B6D3B\B44B9D1C-F27F-4474-9254-914057
Success Clean [ TROJ_SMALL.AMW]( 1) from C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\82F65484-5FEC-439C-8B2F-E1593D\9B332885-A7CB-488B-9F5C-60090B
Success Clean [ TROJ_SDBOT.GEN]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1088\A0091021.exe
Success Clean [ TROJ_DLOADER.UR]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1111\A0093485.exe
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1111\A0093486.dll
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094428.exe
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094430.dll
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094463.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094464.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094465.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094466.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094467.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094468.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094469.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094470.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094471.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094472.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094473.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094474.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094475.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094476.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094477.exe
Success Clean [ TROJ_SMALL.AZF]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0095620.dll.tcf
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096160.dll
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096163.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096164.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096165.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096166.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096167.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096168.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096169.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096170.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096171.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096173.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096174.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096175.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096176.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096177.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096178.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096179.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096180.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096181.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096183.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096184.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096185.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096186.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096187.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096188.exe
Success Clean [ TROJ_DATER.A]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096300.exe
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096304.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096305.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096306.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096307.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096308.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096492.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096494.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096495.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096496.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096498.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096499.dll
Succes

JorgePerez 0 Newbie Poster · Answer 6 · 2005-07-16T14:18:12+00:00

hi, im new and i've been looking for a solution for a problem i have....I've tried the fixes that dougknox.com has and they work but when i reboot my computer for the 2nd time, everythiing goes back to .lnk (ex. mixcraft.lnk)
then i found on some website that hijackthis could help me fix my problem but it said i need someone to help me with the log file...it is this:

Logfile of HijackThis v1.99.1
Scan saved at 3:51:36 AM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Aware.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Rar$EX00.860\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=6.1&bm=ho_search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/info/hho-hp-music-hpdesktop-icon
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O4 - Startup: Ad-Watch SE Professional (2).lnk = C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Software Jukebox v2.0 Service - Unknown owner - C:\Program Files\Common Files\MSJB NA01D Shared\Service\Software Jukebox v2.0 Service File.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Can someone help me please?? :sad:

RPeeteRules 0 Newbie Poster · Answer 7 · 2005-07-17T00:01:52+00:00

I'd recommend making your own thread. From there, someone should be able to look at it. Hopefully mine is almost done. Swatkat is doing a great job with mine so far, so hopefully those two logs that I posted recently helps get to the end.

RPeeteRules 0 Newbie Poster · Answer 8 · 2005-07-17T03:15:40+00:00

I'm going to repost the logs so that it doesn't seem like the problem has been solved.

HighJackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:16:54 AM, on 7/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\xl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ieqg32.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\HP Share-to-Web\hpgs2wnd.exe
C:\Digital Imaging\Unload\hpqcmon.exe
C:\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\HighJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\bcdzj.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bcdzj.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\bcdzj.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\bcdzj.dll/sp.html#12047
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\bcdzj.dll/sp.html#12047
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\bcdzj.dll/sp.html#12047
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\bcdzj.dll/sp.html#12047
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {038102A8-6BBF-3523-E9F7-013C8EC35F4A} - C:\WINDOWS\system32\atlku32.dll
O2 - BHO: Class - {19C147DB-0AAE-4BC9-7FA4-0291F21C5F33} - C:\WINDOWS\atlex.dll
O2 - BHO: Class - {1C72FEB7-4D6C-FAF3-195A-D51516EDCC77} - C:\WINDOWS\apihw32.dll
O2 - BHO: Class - {29E7FFD8-E6A5-9FCB-ED6E-4AAE63F4CAE9} - C:\WINDOWS\system32\sysyx32.dll
O2 - BHO: Class - {4197FF54-5C18-A7E5-9CC3-32130092E2A4} - C:\WINDOWS\crms32.dll
O2 - BHO: Class - {52CA0E68-18D4-4EE7-27A9-12262907D778} - C:\WINDOWS\system32\addcm32.dll
O2 - BHO: Class - {5FED6D45-2D6E-9D60-4B64-A4543F387F99} - C:\WINDOWS\system32\javaia32.dll
O2 - BHO: Class - {605BB929-10FB-81EB-196F-7822E1EA2567} - C:\WINDOWS\ipwg32.dll
O2 - BHO: Class - {789FEB82-8DED-7AC4-9DDA-995AC51398B1} - C:\WINDOWS\system32\atlnk.dll
O2 - BHO: Class - {8C4F8213-4CBA-4C70-31C9-B2D727A270F1} - C:\WINDOWS\ipoh.dll
O2 - BHO: Class - {92935E29-CDC5-7406-9FD4-6550E38F847C} - C:\WINDOWS\sdkdt.dll
O2 - BHO: Class - {991DF816-06EC-05DF-D306-F828A69AEF22} - C:\WINDOWS\netwy32.dll
O2 - BHO: Class - {9A65FF84-5F62-35FE-18D6-0C43F27B7AEB} - C:\WINDOWS\system32\netxj.dll
O2 - BHO: Class - {A5F02AA1-E33B-02E2-EE38-6C66F5363B53} - C:\WINDOWS\winaw.dll
O2 - BHO: Class - {B784881A-C236-6F52-D86B-285DC0FC4011} - C:\WINDOWS\syskb32.dll
O2 - BHO: Class - {B7C25C68-FA17-FA9D-AF0F-BB29B5B9B64C} - C:\WINDOWS\apicj.dll
O2 - BHO: Class - {BC88BD6A-B85D-124E-8F1A-F26233A0C485} - C:\WINDOWS\javatg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {BF8E8A3B-3B07-92AF-7CDE-94E44B1AB52C} - C:\WINDOWS\system32\javang32.dll
O2 - BHO: Class - {C0146C97-9E45-541E-2BF9-8DEC38F21C73} - C:\WINDOWS\javaif.dll
O2 - BHO: Class - {C57C0B7D-AA25-C69F-541D-8DFCEADF8E7E} - C:\WINDOWS\system32\ieak.dll
O2 - BHO: Class - {FA224A3B-80E3-FC4E-47BB-C7027C3BE4E9} - C:\WINDOWS\system32\javauq32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Microsoft Tray] C:\Documents and Settings\JDG\Desktop\Josh\My Shared Folder\Video Strip Poker 2002.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IEXPLORE.EXE] c:\Program Files\Internet Explorer\IEXPLORE.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [javakf32.exe] C:\WINDOWS\system32\javakf32.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [ieqg32.exe] C:\WINDOWS\system32\ieqg32.exe
O4 - HKLM\..\RunOnce: [iect.exe] C:\WINDOWS\iect.exe
O4 - HKLM\..\RunOnce: [sdkns32.exe] C:\WINDOWS\system32\sdkns32.exe
O4 - HKLM\..\RunOnce: [ipru.exe] C:\WINDOWS\system32\ipru.exe
O4 - HKLM\..\RunOnce: [sdknu.exe] C:\WINDOWS\system32\sdknu.exe
O4 - HKLM\..\RunOnce: [apiry.exe] C:\WINDOWS\apiry.exe
O4 - HKLM\..\RunOnce: [winvl.exe] C:\WINDOWS\winvl.exe
O4 - HKLM\..\RunOnce: [d3uy.exe] C:\WINDOWS\system32\d3uy.exe
O4 - HKLM\..\RunOnce: [addyc.exe] C:\WINDOWS\system32\addyc.exe
O4 - HKLM\..\RunOnce: [mfcjv32.exe] C:\WINDOWS\system32\mfcjv32.exe
O4 - HKLM\..\RunOnce: [sdkgn32.exe] C:\WINDOWS\sdkgn32.exe
O4 - HKLM\..\RunOnce: [javaob32.exe] C:\WINDOWS\system32\javaob32.exe
O4 - HKLM\..\RunOnce: [ntwx32.exe] C:\WINDOWS\system32\ntwx32.exe
O4 - HKLM\..\RunOnce: [apipo32.exe] C:\WINDOWS\apipo32.exe
O4 - HKLM\..\RunOnce: [msem.exe] C:\WINDOWS\system32\msem.exe
O4 - HKLM\..\RunOnce: [appie32.exe] C:\WINDOWS\system32\appie32.exe
O4 - HKLM\..\RunOnce: [mswy.exe] C:\WINDOWS\system32\mswy.exe
O4 - HKLM\..\RunOnce: [netzt.exe] C:\WINDOWS\netzt.exe
O4 - HKLM\..\RunOnce: [sdklp32.exe] C:\WINDOWS\sdklp32.exe
O4 - HKLM\..\RunOnce: [netle.exe] C:\WINDOWS\netle.exe
O4 - HKLM\..\RunOnce: [d3im32.exe] C:\WINDOWS\d3im32.exe
O4 - HKLM\..\RunOnce: [wingl.exe] C:\WINDOWS\system32\wingl.exe
O4 - HKLM\..\RunOnce: [winpc32.exe] C:\WINDOWS\winpc32.exe
O4 - HKLM\..\RunOnce: [apich.exe] C:\WINDOWS\apich.exe
O4 - HKLM\..\RunOnce: [sdkah.exe] C:\WINDOWS\system32\sdkah.exe
O4 - HKLM\..\RunOnce: [mfcfb32.exe] C:\WINDOWS\mfcfb32.exe
O4 - HKLM\..\RunOnce: [netdl.exe] C:\WINDOWS\netdl.exe
O4 - HKLM\..\RunOnce: [javarb.exe] C:\WINDOWS\javarb.exe
O4 - HKLM\..\RunOnce: [javanw32.exe] C:\WINDOWS\javanw32.exe
O4 - HKLM\..\RunOnce: [sysgs.exe] C:\WINDOWS\system32\sysgs.exe
O4 - HKLM\..\RunOnce: [ieyg.exe] C:\WINDOWS\ieyg.exe
O4 - HKLM\..\RunOnce: [sdkdr.exe] C:\WINDOWS\sdkdr.exe
O4 - HKLM\..\RunOnce: [msvk.exe] C:\WINDOWS\msvk.exe
O4 - HKLM\..\RunOnce: [d3yv.exe] C:\WINDOWS\system32\d3yv.exe
O4 - HKLM\..\RunOnce: [crnq32.exe] C:\WINDOWS\system32\crnq32.exe
O4 - HKLM\..\RunOnce: [d3sh32.exe] C:\WINDOWS\system32\d3sh32.exe
O4 - HKLM\..\RunOnce: [atlqi.exe] C:\WINDOWS\atlqi.exe
O4 - HKLM\..\RunOnce: [mskx32.exe] C:\WINDOWS\mskx32.exe
O4 - HKLM\..\RunOnce: [d3zu.exe] C:\WINDOWS\system32\d3zu.exe
O4 - HKLM\..\RunOnce: [apikh.exe] C:\WINDOWS\system32\apikh.exe
O4 - HKLM\..\RunOnce: [crud32.exe] C:\WINDOWS\crud32.exe
O4 - HKLM\..\RunOnce: [crzu32.exe] C:\WINDOWS\crzu32.exe
O4 - HKLM\..\RunOnce: [ipyj32.exe] C:\WINDOWS\system32\ipyj32.exe
O4 - HKLM\..\RunOnce: [apprq32.exe] C:\WINDOWS\apprq32.exe
O4 - HKLM\..\RunOnce: [addtw32.exe] C:\WINDOWS\addtw32.exe
O4 - HKLM\..\RunOnce: [ipge.exe] C:\WINDOWS\system32\ipge.exe
O4 - HKLM\..\RunOnce: [javarl.exe] C:\WINDOWS\system32\javarl.exe
O4 - HKLM\..\RunOnce: [addpi32.exe] C:\WINDOWS\addpi32.exe
O4 - HKLM\..\RunOnce: [appoy32.exe] C:\WINDOWS\appoy32.exe
O4 - HKLM\..\RunOnce: [ipyr32.exe] C:\WINDOWS\system32\ipyr32.exe
O4 - HKLM\..\RunOnce: [sysyz32.exe] C:\WINDOWS\sysyz32.exe
O4 - HKLM\..\RunOnce: [apibl32.exe] C:\WINDOWS\system32\apibl32.exe
O4 - HKLM\..\RunOnce: [javaur32.exe] C:\WINDOWS\javaur32.exe
O4 - HKLM\..\RunOnce: [cruh32.exe] C:\WINDOWS\cruh32.exe
O4 - HKLM\..\RunOnce: [winda32.exe] C:\WINDOWS\system32\winda32.exe
O4 - HKLM\..\RunOnce: [atlrc.exe] C:\WINDOWS\atlrc.exe
O4 - HKLM\..\RunOnce: [netbd.exe] C:\WINDOWS\netbd.exe
O4 - HKLM\..\RunOnce: [winal32.exe] C:\WINDOWS\winal32.exe
O4 - HKLM\..\RunOnce: [mfckv.exe] C:\WINDOWS\mfckv.exe
O4 - HKLM\..\RunOnce: [winii.exe] C:\WINDOWS\system32\winii.exe
O4 - HKLM\..\RunOnce: [mfcem.exe] C:\WINDOWS\mfcem.exe
O4 - HKLM\..\RunOnce: [ntxf32.exe] C:\WINDOWS\system32\ntxf32.exe
O4 - HKLM\..\RunOnce: [msbz.exe] C:\WINDOWS\system32\msbz.exe
O4 - HKLM\..\RunOnce: [iego32.exe] C:\WINDOWS\iego32.exe
O4 - HKLM\..\RunOnce: [sysuy.exe] C:\WINDOWS\sysuy.exe
O4 - HKLM\..\RunOnce: [ipfi.exe] C:\WINDOWS\ipfi.exe
O4 - HKLM\..\RunOnce: [ntco.exe] C:\WINDOWS\ntco.exe
O4 - HKLM\..\RunOnce: [mfchq32.exe] C:\WINDOWS\system32\mfchq32.exe
O4 - HKLM\..\RunOnce: [sdkrr32.exe] C:\WINDOWS\system32\sdkrr32.exe
O4 - HKLM\..\RunOnce: [addrz.exe] C:\WINDOWS\addrz.exe
O4 - HKLM\..\RunOnce: [ievd.exe] C:\WINDOWS\ievd.exe
O4 - HKLM\..\RunOnce: [ipih.exe] C:\WINDOWS\system32\ipih.exe
O4 - HKLM\..\RunOnce: [addte32.exe] C:\WINDOWS\system32\addte32.exe
O4 - HKLM\..\RunOnce: [sdkom.exe] C:\WINDOWS\system32\sdkom.exe
O4 - HKLM\..\RunOnce: [ntou.exe] C:\WINDOWS\ntou.exe
O4 - HKLM\..\RunOnce: [appil32.exe] C:\WINDOWS\system32\appil32.exe
O4 - HKLM\..\RunOnce: [msbu.exe] C:\WINDOWS\system32\msbu.exe
O4 - HKLM\..\RunOnce: [d3cu.exe] C:\WINDOWS\system32\d3cu.exe
O4 - HKLM\..\RunOnce: [mska.exe] C:\WINDOWS\system32\mska.exe
O4 - HKLM\..\RunOnce: [netyf.exe] C:\WINDOWS\netyf.exe
O4 - HKLM\..\RunOnce: [iekq.exe] C:\WINDOWS\system32\iekq.exe
O4 - HKLM\..\RunOnce: [netsq32.exe] C:\WINDOWS\system32\netsq32.exe
O4 - HKLM\..\RunOnce: [sdkys.exe] C:\WINDOWS\system32\sdkys.exe
O4 - HKLM\..\RunOnce: [appvr.exe] C:\WINDOWS\appvr.exe
O4 - HKLM\..\RunOnce: [crvz32.exe] C:\WINDOWS\system32\crvz32.exe
O4 - HKLM\..\RunOnce: [ieob.exe] C:\WINDOWS\ieob.exe
O4 - HKLM\..\RunOnce: [netim32.exe] C:\WINDOWS\netim32.exe
O4 - HKLM\..\RunOnce: [sdkzt32.exe] C:\WINDOWS\sdkzt32.exe
O4 - HKLM\..\RunOnce: [ipcx.exe] C:\WINDOWS\system32\ipcx.exe
O4 - HKLM\..\RunOnce: [appbn32.exe] C:\WINDOWS\system32\appbn32.exe
O4 - HKLM\..\RunOnce: [ipfx32.exe] C:\WINDOWS\system32\ipfx32.exe
O4 - HKLM\..\RunOnce: [syscq32.exe] C:\WINDOWS\syscq32.exe
O4 - HKLM\..\RunOnce: [ntej32.exe] C:\WINDOWS\system32\ntej32.exe
O4 - HKLM\..\RunOnce: [msgu.exe] C:\WINDOWS\system32\msgu.exe
O4 - HKLM\..\RunOnce: [atlxu.exe] C:\WINDOWS\system32\atlxu.exe
O4 - HKLM\..\RunOnce: [d3oc32.exe] C:\WINDOWS\system32\d3oc32.exe
O4 - HKLM\..\RunOnce: [nthd.exe] C:\WINDOWS\nthd.exe
O4 - HKLM\..\RunOnce: [iewa32.exe] C:\WINDOWS\system32\iewa32.exe
O4 - HKLM\..\RunOnce: [sdkjk32.exe] C:\WINDOWS\system32\sdkjk32.exe
O4 - HKLM\..\RunOnce: [crpp32.exe] C:\WINDOWS\system32\crpp32.exe
O4 - HKLM\..\RunOnce: [crja.exe] C:\WINDOWS\system32\crja.exe
O4 - HKLM\..\RunOnce: [sdkgy.exe] C:\WINDOWS\system32\sdkgy.exe
O4 - HKLM\..\RunOnce: [ieft32.exe] C:\WINDOWS\system32\ieft32.exe
O4 - HKLM\..\RunOnce: [atlxw.exe] C:\WINDOWS\system32\atlxw.exe
O4 - HKLM\..\RunOnce: [crww32.exe] C:\WINDOWS\crww32.exe
O4 - HKLM\..\RunOnce: [msqx.exe] C:\WINDOWS\msqx.exe
O4 - HKLM\..\RunOnce: [mfcna32.exe] C:\WINDOWS\system32\mfcna32.exe
O4 - HKLM\..\RunOnce: [sdkyj32.exe] C:\WINDOWS\sdkyj32.exe
O4 - HKLM\..\RunOnce: [ntfw.exe] C:\WINDOWS\system32\ntfw.exe
O4 - HKLM\..\RunOnce: [mfcbn32.exe] C:\WINDOWS\system32\mfcbn32.exe
O4 - HKLM\..\RunOnce: [netvo32.exe] C:\WINDOWS\system32\netvo32.exe
O4 - HKLM\..\RunOnce: [sdkov.exe] C:\WINDOWS\system32\sdkov.exe
O4 - HKLM\..\RunOnce: [crcx32.exe] C:\WINDOWS\system32\crcx32.exe
O4 - HKLM\..\RunOnce: [javaru32.exe] C:\WINDOWS\system32\javaru32.exe
O4 - HKLM\..\RunOnce: [crzc32.exe] C:\WINDOWS\crzc32.exe
O4 - HKLM\..\RunOnce: [msep32.exe] C:\WINDOWS\system32\msep32.exe
O4 - HKLM\..\RunOnce: [javadk32.exe] C:\WINDOWS\system32\javadk32.exe
O4 - HKLM\..\RunOnce: [netsu32.exe] C:\WINDOWS\system32\netsu32.exe
O4 - HKLM\..\RunOnce: [mfcxm32.exe] C:\WINDOWS\mfcxm32.exe
O4 - HKLM\..\RunOnce: [iequ32.exe] C:\WINDOWS\iequ32.exe
O4 - HKLM\..\RunOnce: [ntsj32.exe] C:\WINDOWS\ntsj32.exe
O4 - HKLM\..\RunOnce: [crfn.exe] C:\WINDOWS\crfn.exe
O4 - HKLM\..\RunOnce: [javagn32.exe] C:\WINDOWS\system32\javagn32.exe
O4 - HKLM\..\RunOnce: [windt.exe] C:\WINDOWS\system32\windt.exe
O4 - HKLM\..\RunOnce: [addyk32.exe] C:\WINDOWS\system32\addyk32.exe
O4 - HKLM\..\RunOnce: [crcg32.exe] C:\WINDOWS\system32\crcg32.exe
O4 - HKLM\..\RunOnce: [mfcjt32.exe] C:\WINDOWS\mfcjt32.exe
O4 - HKLM\..\RunOnce: [iedm32.exe] C:\WINDOWS\iedm32.exe
O4 - HKLM\..\RunOnce: [crvb.exe] C:\WINDOWS\crvb.exe
O4 - HKLM\..\RunOnce: [ieqi32.exe] C:\WINDOWS\system32\ieqi32.exe
O4 - HKLM\..\RunOnce: [sysbb32.exe] C:\WINDOWS\sysbb32.exe
O4 - HKLM\..\RunOnce: [sysye32.exe] C:\WINDOWS\system32\sysye32.exe
O4 - HKLM\..\RunOnce: [mshm.exe] C:\WINDOWS\system32\mshm.exe
O4 - HKLM\..\RunOnce: [sdkfc32.exe] C:\WINDOWS\system32\sdkfc32.exe
O4 - HKLM\..\RunOnce: [wintr32.exe] C:\WINDOWS\system32\wintr32.exe
O4 - HKLM\..\RunOnce: [sdktr.exe] C:\WINDOWS\sdktr.exe
O4 - HKLM\..\RunOnce: [crms32.exe] C:\WINDOWS\crms32.exe
O4 - HKLM\..\RunOnce: [msgl.exe] C:\WINDOWS\system32\msgl.exe
O4 - HKLM\..\RunOnce: [crqz32.exe] C:\WINDOWS\crqz32.exe
O4 - HKLM\..\RunOnce: [d3jl32.exe] C:\WINDOWS\system32\d3jl32.exe
O4 - HKLM\..\RunOnce: [ipoh32.exe] C:\WINDOWS\system32\ipoh32.exe
O4 - HKLM\..\RunOnce: [mssj.exe] C:\WINDOWS\system32\mssj.exe
O4 - HKLM\..\RunOnce: [systi32.exe] C:\WINDOWS\systi32.exe
O4 - HKLM\..\RunOnce: [sdkwa.exe] C:\WINDOWS\sdkwa.exe
O4 - HKLM\..\RunOnce: [apism32.exe] C:\WINDOWS\system32\apism32.exe
O4 - HKLM\..\RunOnce: [addqt.exe] C:\WINDOWS\system32\addqt.exe
O4 - HKLM\..\RunOnce: [d3pj32.exe] C:\WINDOWS\d3pj32.exe
O4 - HKLM\..\RunOnce: [ntgz32.exe] C:\WINDOWS\system32\ntgz32.exe
O4 - HKLM\..\RunOnce: [sysry32.exe] C:\WINDOWS\system32\sysry32.exe
O4 - HKLM\..\RunOnce: [iprr.exe] C:\WINDOWS\iprr.exe
O4 - HKLM\..\RunOnce: [croc32.exe] C:\WINDOWS\system32\croc32.exe
O4 - HKLM\..\RunOnce: [apihw32.exe] C:\WINDOWS\system32\apihw32.exe
O4 - HKLM\..\RunOnce: [apiwy.exe] C:\WINDOWS\apiwy.exe
O4 - HKLM\..\RunOnce: [crtn32.exe] C:\WINDOWS\system32\crtn32.exe
O4 - HKLM\..\RunOnce: [d3eh.exe] C:\WINDOWS\system32\d3eh.exe
O4 - HKLM\..\RunOnce: [atlcm32.exe] C:\WINDOWS\atlcm32.exe
O4 - HKLM\..\RunOnce: [apiet32.exe] C:\WINDOWS\system32\apiet32.exe
O4 - HKLM\..\RunOnce: [msln.exe] C:\WINDOWS\msln.exe
O4 - HKLM\..\RunOnce: [javaif.exe] C:\WINDOWS\javaif.exe
O4 - HKLM\..\RunOnce: [atlnk.exe] C:\WINDOWS\system32\atlnk.exe
O4 - HKLM\..\RunOnce: [atlnh32.exe] C:\WINDOWS\atlnh32.exe
O4 - HKLM\..\RunOnce: [apisw32.exe] C:\WINDOWS\apisw32.exe
O4 - HKLM\..\RunOnce: [atlhj32.exe] C:\WINDOWS\atlhj32.exe
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: VirtuaGirl2.lnk = C:\Program Files\vg\VirtuaGirl2.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global User Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global User Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Java Client 2.1.0.91L - http://207.29.194.123:8000/Java/cs4msl091.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.co...t/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/gam...nts/y/ct1_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/gam...ts/y/dtt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/gam...nts/y/tt0_x.cab
O16 - DPF: Yahoo! NFL StatTracker - http://aud10.sports.yahoo.com/java/y/nflst8219_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/gam...nts/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/gam...ts/y/potc_x.cab
O16 - DPF: Yahoo! Trivia - http://download.games.yahoo.com/gam...ts/y/tvt0_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptem...iveSekurity.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?lin...738&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.co...v43/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/...bin/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/de...bGameLoader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall...meInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuit.../ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/de...aploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tec.../ActiveData.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads.../ampx_en_dl.cab
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\winiw.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\JDG\Local Settings\Temporary Internet Files\Content.IE5\EJYP4R78\SFUninstaller[1].exe" service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: XtreamLok License Manager - Unknown owner - C:\WINDOWS\System32\xl.exe

RPeeteRules 0 Newbie Poster · Answer 9 · 2005-07-17T03:16:31+00:00

SysClean Log:

2005-07-15, 15:59:27, Auto-clean mode specified.
2005-07-15, 15:59:27, Running scanner "C:\Documents and Settings\JDG\Desktop\SysClean\TSC.BIN"...
2005-07-15, 16:04:00, Scanner "C:\Documents and Settings\JDG\Desktop\SysClean\TSC.BIN" has finished running.
2005-07-15, 16:04:00, TSC Log:

Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: Service Pack 2)

Start time : Fri Jul 15 2005 15:59:28

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\JDG\Desktop\SysClean\tsc.ptn" (version 627) [success]

Complete time : Fri Jul 15 2005 16:03:59
Execute pattern count(4102), Virus found count(0), Virus clean count(0), Clean failed count(0)

2005-07-15, 17:31:56, An error occurred while scanning file "C:\Documents and Settings\JDG\NTUSER.DAT": Access is denied.
2005-07-15, 17:31:56, An error occurred while scanning file "C:\Documents and Settings\JDG\ntuser.dat.LOG": Access is denied.
2005-07-15, 18:37:10, An error occurred while scanning file "C:\Documents and Settings\JDG\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-07-15, 18:37:10, An error occurred while scanning file "C:\Documents and Settings\JDG\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-07-15, 20:15:41, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Access is denied.
2005-07-15, 20:15:41, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Access is denied.
2005-07-15, 20:15:41, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-07-15, 20:15:41, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-07-15, 21:30:02, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB824141$\user32.dll": Access is denied.
2005-07-15, 21:30:02, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB824141$\win32k.sys": Access is denied.
2005-07-15, 21:30:03, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll": Access is denied.
2005-07-15, 21:30:03, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll": Access is denied.
2005-07-15, 21:30:18, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll": Access is denied.
2005-07-15, 21:30:18, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB839645$\shell32.dll": Access is denied.
2005-07-15, 21:30:18, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll": Access is denied.
2005-07-15, 21:30:18, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB839645$\sxs.dll": Access is denied.
2005-07-15, 21:30:18, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll": Access is denied.
2005-07-15, 21:31:10, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx": Access is denied.
2005-07-15, 21:31:10, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ828026$\wmp.dll": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ADDAS32.EXE-21CF3701.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ADDGJ32.EXE-0A6A0DEA.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ADDQT.EXE-197EDD06.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ADDVA.EXE-228442E1.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ADDYK32.EXE-25D0085A.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APIAA32.EXE-311D3D98.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APICR32.EXE-24B4CC71.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APIET32.EXE-08FD6745.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APIHW32.EXE-23CF857C.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APISM32.EXE-17121EB4.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APIWY.EXE-0004285F.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APIXD.EXE-07F4FE6C.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APIZC.EXE-1E88034B.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APIZN.EXE-29EDCE58.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APPIU32.EXE-10EAFCD3.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APPLP32.EXE-385CE062.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APPOP32.EXE-0D5A2F9F.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\APPTO32.EXE-29791B83.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ATLCM32.EXE-2A5B9865.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ATLJQ.EXE-30200EE2.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ATLNH32.EXE-2A5F1963.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\ATLNK.EXE-15176429.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRCG32.EXE-24886C68.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRCM32.EXE-0AF675F0.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRFN.EXE-33CB6BB0.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRIV.EXE-367AF4C2.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRKV32.EXE-2E18D4F9.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRLD.EXE-06C2EEB3.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRMS32.EXE-0B092E77.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CROC32.EXE-120497F9.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRQZ32.EXE-170DC154.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRTN32.EXE-20D6ABF8.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\CRVB.EXE-14AEE1E5.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3BU.EXE-1DBC073B.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3EH.EXE-0271AC48.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3JL32.EXE-0CD7CACF.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3KC.EXE-2F488364.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3PJ32.EXE-08A93985.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3TI.EXE-17FA0A29.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3VB32.EXE-15174E3D.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3WL.EXE-138A8A17.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\D3ZE.EXE-0BBEF52B.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\FIREFOX.EXE-06188867.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IEDM32.EXE-1148C755.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IEJD32.EXE-003F93C2.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IEQI32.EXE-01CD0FD2.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IETB32.EXE-3A251A01.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IPDW32.EXE-029D81A3.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IPEZ.EXE-0803F2BA.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IPFB32.EXE-1D9C8674.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IPMG.EXE-0F76CCF4.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IPOH32.EXE-3113D1BA.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IPRR.EXE-2C62FA6C.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\IPXI32.EXE-05784344.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\JAVAFD.EXE-038C8B23.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\JAVAIF.EXE-1C8F9671.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCBU.EXE-0E636635.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCCL.EXE-064CD694.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCJT32.EXE-2B61F658.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCLZ32.EXE-3925430B.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCMP32.EXE-2299558E.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCPW.EXE-2B55419D.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCSZ32.EXE-17EAAB12.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MFCZH.EXE-24E272F7.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSCONFIG.EXE-1EF1EA0F.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSGL.EXE-28877D59.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSHM.EXE-1A8E82A3.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSJI.EXE-30BF360A.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSJT.EXE-088B274D.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSLN.EXE-09888B42.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSN6.EXE-04E65C15.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSOM.EXE-0E04A87C.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\MSSJ.EXE-0163B8FF.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\NDETECT.EXE-2DABC14D.pf": Access is denied.
2005-07-15, 21:36:08, Could not set file for reading on "C:\WINDOWS\Prefetch\NETAF32.EXE-3423DBF0.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NETGD.EXE-39F8B1C8.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NETGM.EXE-1D82655E.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NETHE32.EXE-20A3EF72.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NETPE.EXE-16F6C398.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NETVX.EXE-21E08DA5.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NTGZ32.EXE-0133B0DF.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NTPS32.EXE-1B46E892.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NTRX32.EXE-208E3893.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NTSJ32.EXE-005A4315.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\NTXS.EXE-1BC638DD.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-5645E36A.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKCR.EXE-2BFE0FED.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKDT.EXE-3A014F09.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKFC32.EXE-1226F755.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKNH.EXE-0A3D7435.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKNZ.EXE-36F4C0C9.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKTR.EXE-1FECC4A7.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKUI32.EXE-046E1013.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKVG32.EXE-02077BE9.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SDKWA.EXE-0398D243.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSAG.EXE-0FF1AAFD.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSBB32.EXE-2D11B6D9.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSBP32.EXE-35FEFB33.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCC.EXE-3B593405.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.COM-154CC31B.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.EXE-02908E51.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.EXE-080D21C0.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSDZ32.EXE-0A68DA7F.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSER32.EXE-1A833386.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSRY32.EXE-0D095A4C.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSSJ32.EXE-06598C80.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSTI32.EXE-3A4B99D8.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSXQ.EXE-2BD58976.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSYE32.EXE-392C65B2.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\WINRG.EXE-147391CA.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\WINSM32.EXE-3A2018A7.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\WINTR32.EXE-313D46D2.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\WINZIP32.EXE-2491095F.pf": Access is denied.
2005-07-15, 21:36:09, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf": Access is denied.
2005-07-15, 21:42:37, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT": Access is denied.
2005-07-15, 21:42:37, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG": Access is denied.
2005-07-15, 21:42:37, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SAM": Access is denied.
2005-07-15, 21:42:37, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG": Access is denied.
2005-07-15, 21:42:37, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SECURITY": Access is denied.
2005-07-15, 21:42:37, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG": Access is denied.
2005-07-15, 21:42:37, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE": Access is denied.
2005-07-15, 21:42:37, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG": Access is denied.
2005-07-15, 21:42:38, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM": Access is denied.
2005-07-15, 21:42:38, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG": Access is denied.
2005-07-15, 21:44:50, Running scanner "C:\Documents and Settings\JDG\Desktop\SysClean\VSCANTM.BIN"...
2005-07-15, 23:23:56, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 7/15/2005 21:44:52
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 731 (104621 Patterns) (2005/07/14) (273100)
Command Line: C:\Documents and Settings\JDG\Desktop\SysClean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\JDG\Desktop\SysClean

C:\Documents and Settings\JDG\Desktop\Josh\backups\backup-20050711-192527-698.dll [TROJ_DLOADER.UQ]
C:\Program Files\Microsoft AntiSpyware\Quarantine\26E39A8E-5679-47A3-967F-2B6D3B\B44B9D1C-F27F-4474-9254-914057 [TROJ_KEYHOST.E]
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\82F65484-5FEC-439C-8B2F-E1593D\9B332885-A7CB-488B-9F5C-60090B [TROJ_SMALL.AMW]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1088\A0091021.exe [TROJ_SDBOT.GEN]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1111\A0093485.exe [TROJ_DLOADER.UR]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1111\A0093486.dll [TROJ_DLOADER.UQ]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094428.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094430.dll [TROJ_DLOADER.UQ]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094463.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094464.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094465.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094466.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094467.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094468.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094469.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094470.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094471.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094472.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094473.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094474.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094475.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094476.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094477.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0095620.dll.tcf [TROJ_SMALL.AZF]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096160.dll [TROJ_DLOADER.UQ]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096163.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096164.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096165.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096166.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096167.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096168.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096169.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096170.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096171.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096173.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096174.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096175.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096176.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096177.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096178.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096179.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096180.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096181.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096183.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096184.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096185.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096186.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096187.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096188.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096300.exe [TROJ_DATER.A]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096304.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096305.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096306.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096307.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096308.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096492.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096494.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096495.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096496.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096498.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096499.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096500.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096501.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096502.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096503.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096505.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096507.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096508.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096509.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096510.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096511.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096512.dll [TROJ_STARTPAG.RE]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096761.exe [TROJ_SMALL.AMW]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096864.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096865.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096895.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096896.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096897.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096898.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096899.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096900.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096901.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096902.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096903.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096904.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096905.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096906.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096907.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096908.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096909.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096910.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096911.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096912.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096913.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096914.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096915.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096916.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096917.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096922.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096923.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096924.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096925.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096928.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096929.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096930.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096931.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096932.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096933.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096934.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096935.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096936.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096937.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096938.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096939.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096940.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096941.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096942.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096944.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096945.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096946.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096947.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096948.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096949.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096950.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096951.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096952.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096953.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096954.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096955.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096956.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096957.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096958.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096959.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096960.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096961.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096962.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096963.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096964.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096965.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096966.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096967.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096968.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096969.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096970.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096971.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096972.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096973.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096974.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096975.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096976.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096977.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096978.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096980.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096981.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096982.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096983.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096984.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096985.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096986.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096987.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096988.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096989.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096990.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096991.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096992.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096993.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096994.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096995.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096996.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096997.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096998.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0096999.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097000.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097001.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097002.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097003.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097004.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097005.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097006.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097007.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097008.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097009.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097010.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097011.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097012.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097013.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097014.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097015.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097016.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097017.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097018.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097019.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097020.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097021.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097022.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097023.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097024.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097025.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097026.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097027.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097028.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097029.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097030.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097031.exe [TROJ_AGENT.GAH]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1118\A0097032.exe [TROJ_AGENT.GAI]
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1120\A0097195.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\apinj32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\apirr.exe [TROJ_AGENT.GAJ]
C:\WINDOWS\appku32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\appzo32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\atlcr32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\atlim32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\d3ub.exe [TROJ_DLOADER.UR]
C:\WINDOWS\fahic.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\gqisx.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\hdaeo.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\ietw32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\iphb.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\ipmo.exe [TROJ_DLOADER.UR]
C:\WINDOWS\javaae.exe [TROJ_AGENT.GAJ]
C:\WINDOWS\javadc.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\javaqo.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\jvhqb.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\likqa.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\msej32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\mshl32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\nbntv.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\netbh32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\rvqak.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\sdkcj32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\sdkhx32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\sdkxk.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\sedgh.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\akuda.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\apipz.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\atlgc.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\atlms.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\atlxd.exe [TROJ_DLOADER.UR]
C:\WINDOWS\SYSTEM32\atlxd32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\atlxl.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\d3ax.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\d3md32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\gchui.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\hbpif.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\hwgei.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\ievo.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\ipbh.exe [TROJ_DLOADER.UR]
C:\WINDOWS\SYSTEM32\ipdq32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\ipid.exe [TROJ_AGENT.GAJ]
C:\WINDOWS\SYSTEM32\javakf32.exe [TROJ_AGENT.GAJ]
C:\WINDOWS\SYSTEM32\kcdsy.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\kzxjg.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\maaxt.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\mfcsx32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\msru32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\ntmx32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\qgcok.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\sdkom.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\vkhzp.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\winjt32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\winta32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\winzx32.dll [TROJ_DLOADER.UQ]
C:\WINDOWS\SYSTEM32\xexaf.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\SYSTEM32\ytrgd.dll [TROJ_STARTPAG.RE]
C:\WINDOWS\ucval.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\winuz.exe [TROJ_DLOADER.UQ]
C:\WINDOWS\xjjgm.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\xktsb.dll.tcf [TROJ_STARTPAG.RE]
C:\WINDOWS\yvmot.dll.tcf [TROJ_STARTPAG.RE]
70721 files have been read.
70721 files have been checked.
52801 files have been scanned.
120467 files have been scanned. (including files in archived)
269 files containing viruses.
Found 269 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/15/2005 23:23:55
---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-15, 23:23:56, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 7/15/2005 21:44:52
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 731 (104621 Patterns) (2005/07/14) (273100)
Command Line: C:\Documents and Settings\JDG\Desktop\SysClean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\JDG\Desktop\SysClean

Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\Documents and Settings\JDG\Desktop\Josh\backups\backup-20050711-192527-698.dll
Success Clean [ TROJ_KEYHOST.E]( 1) from C:\Program Files\Microsoft AntiSpyware\Quarantine\26E39A8E-5679-47A3-967F-2B6D3B\B44B9D1C-F27F-4474-9254-914057
Success Clean [ TROJ_SMALL.AMW]( 1) from C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\82F65484-5FEC-439C-8B2F-E1593D\9B332885-A7CB-488B-9F5C-60090B
Success Clean [ TROJ_SDBOT.GEN]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1088\A0091021.exe
Success Clean [ TROJ_DLOADER.UR]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1111\A0093485.exe
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1111\A0093486.dll
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094428.exe
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094430.dll
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094463.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094464.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094465.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094466.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094467.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094468.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094469.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094470.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094471.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094472.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094473.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094474.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094475.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094476.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1112\A0094477.exe
Success Clean [ TROJ_SMALL.AZF]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0095620.dll.tcf
Success Clean [ TROJ_DLOADER.UQ]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096160.dll
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096163.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096164.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096165.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096166.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096167.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096168.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096169.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096170.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096171.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096173.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096174.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096175.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096176.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096177.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096178.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096179.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096180.exe
Success Clean [ TROJ_AGENT.GAH]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096181.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096183.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096184.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096185.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096186.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096187.exe
Success Clean [ TROJ_AGENT.GAI]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1114\A0096188.exe
Success Clean [ TROJ_DATER.A]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096300.exe
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096304.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096305.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096306.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096307.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096308.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096492.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096494.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096495.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096496.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096498.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096499.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096500.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096501.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1117\A0096502.dll
Success Clean [TROJ_STARTPAG.RE]( 1) from C:\System Volume Information\_restore{E87A81FB-FDCF-

RPeeteRules 0 Newbie Poster · Answer 10 · 2005-07-18T05:44:18+00:00

To do this option that you stated,
"As you might have noticed from the logs you've posted, your system is very seriously infected. Given that, I'm going to toss out the suggestion that it might be more efficient time-wise to back up your critical data, reformat the drive, and do a fresh install of Windows."
how would you recommend I do it exactly. What files should I save (what exactly would be critical, word and excel files type thing?), also what effects would it do to my computer? Would it basically be like having the computer from when I got it with nothing really on it?

RPeeteRules 0 Newbie Poster · Answer 11 · 2005-07-18T22:56:46+00:00

Here's the latest log after following the recent instructions...

Logfile of HijackThis v1.99.1
Scan saved at 12:54:43 PM, on 7/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\xl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\HP Share-to-Web\hpgs2wnd.exe
C:\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HighJackThis\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {19C147DB-0AAE-4BC9-7FA4-0291F21C5F33} - C:\WINDOWS\atlex.dll
O2 - BHO: Class - {29E7FFD8-E6A5-9FCB-ED6E-4AAE63F4CAE9} - C:\WINDOWS\system32\sysyx32.dll
O2 - BHO: Class - {2CAE7DD3-D3DC-7AD3-D17F-61DF6D540FD7} - C:\WINDOWS\addll.dll
O2 - BHO: Class - {52CA0E68-18D4-4EE7-27A9-12262907D778} - C:\WINDOWS\system32\addcm32.dll
O2 - BHO: Class - {5BB66F6F-6BA4-ED53-05F3-F6ED2C204BED} - C:\WINDOWS\croe32.dll
O2 - BHO: Class - {605BB929-10FB-81EB-196F-7822E1EA2567} - C:\WINDOWS\ipwg32.dll
O2 - BHO: Class - {750F1B5F-4A52-D126-4B8B-75595AF14315} - C:\WINDOWS\system32\ipwn.dll
O2 - BHO: Class - {8C4F8213-4CBA-4C70-31C9-B2D727A270F1} - C:\WINDOWS\ipoh.dll
O2 - BHO: Class - {991DF816-06EC-05DF-D306-F828A69AEF22} - C:\WINDOWS\netwy32.dll
O2 - BHO: Class - {A2CA1BE2-4F84-321D-86EF-3B7600C2E334} - C:\WINDOWS\netit32.dll
O2 - BHO: Class - {A5F02AA1-E33B-02E2-EE38-6C66F5363B53} - C:\WINDOWS\winaw.dll
O2 - BHO: Class - {B7C25C68-FA17-FA9D-AF0F-BB29B5B9B64C} - C:\WINDOWS\apicj.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C0146C97-9E45-541E-2BF9-8DEC38F21C73} - C:\WINDOWS\javaif.dll
O2 - BHO: Class - {D3F6EC5D-83BA-FBCD-1424-2CB23092B7EA} - C:\WINDOWS\netgr32.dll
O2 - BHO: Class - {E363C209-E213-B037-FBC0-927E7138A3AF} - C:\WINDOWS\system32\crqn32.dll
O2 - BHO: Class - {F47A935F-6D84-6D4E-54C7-DA22B3F01D10} - C:\WINDOWS\addmj32.dll
O2 - BHO: Class - {FA224A3B-80E3-FC4E-47BB-C7027C3BE4E9} - C:\WINDOWS\system32\javauq32.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Microsoft Tray] C:\Documents and Settings\JDG\Desktop\Josh\My Shared Folder\Video Strip Poker 2002.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [ieqg32.exe] C:\WINDOWS\system32\ieqg32.exe
O4 - HKLM\..\Run: [msif32.exe] C:\WINDOWS\msif32.exe
O4 - HKLM\..\Run: [ipdr32.exe] C:\WINDOWS\ipdr32.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ipka32.exe] C:\WINDOWS\system32\ipka32.exe
O4 - HKLM\..\RunOnce: [apiry.exe] C:\WINDOWS\apiry.exe
O4 - HKLM\..\RunOnce: [d3uy.exe] C:\WINDOWS\system32\d3uy.exe
O4 - HKLM\..\RunOnce: [mfcjv32.exe] C:\WINDOWS\system32\mfcjv32.exe
O4 - HKLM\..\RunOnce: [mfcem.exe] C:\WINDOWS\mfcem.exe
O4 - HKLM\..\RunOnce: [ntxf32.exe] C:\WINDOWS\system32\ntxf32.exe
O4 - HKLM\..\RunOnce: [msbz.exe] C:\WINDOWS\system32\msbz.exe
O4 - HKLM\..\RunOnce: [sysuy.exe] C:\WINDOWS\sysuy.exe
O4 - HKLM\..\RunOnce: [ipfi.exe] C:\WINDOWS\ipfi.exe
O4 - HKLM\..\RunOnce: [ntco.exe] C:\WINDOWS\ntco.exe
O4 - HKLM\..\RunOnce: [mfchq32.exe] C:\WINDOWS\system32\mfchq32.exe
O4 - HKLM\..\RunOnce: [sdkrr32.exe] C:\WINDOWS\system32\sdkrr32.exe
O4 - HKLM\..\RunOnce: [ievd.exe] C:\WINDOWS\ievd.exe
O4 - HKLM\..\RunOnce: [addte32.exe] C:\WINDOWS\system32\addte32.exe
O4 - HKLM\..\RunOnce: [sdkom.exe] C:\WINDOWS\system32\sdkom.exe
O4 - HKLM\..\RunOnce: [appil32.exe] C:\WINDOWS\system32\appil32.exe
O4 - HKLM\..\RunOnce: [msbu.exe] C:\WINDOWS\system32\msbu.exe
O4 - HKLM\..\RunOnce: [mska.exe] C:\WINDOWS\system32\mska.exe
O4 - HKLM\..\RunOnce: [iekq.exe] C:\WINDOWS\system32\iekq.exe
O4 - HKLM\..\RunOnce: [sdkys.exe] C:\WINDOWS\system32\sdkys.exe
O4 - HKLM\..\RunOnce: [appvr.exe] C:\WINDOWS\appvr.exe
O4 - HKLM\..\RunOnce: [netim32.exe] C:\WINDOWS\netim32.exe
O4 - HKLM\..\RunOnce: [ipfx32.exe] C:\WINDOWS\system32\ipfx32.exe
O4 - HKLM\..\RunOnce: [syscq32.exe] C:\WINDOWS\syscq32.exe
O4 - HKLM\..\RunOnce: [ntej32.exe] C:\WINDOWS\system32\ntej32.exe
O4 - HKLM\..\RunOnce: [iewa32.exe] C:\WINDOWS\system32\iewa32.exe
O4 - HKLM\..\RunOnce: [sdkjk32.exe] C:\WINDOWS\system32\sdkjk32.exe
O4 - HKLM\..\RunOnce: [crpp32.exe] C:\WINDOWS\system32\crpp32.exe
O4 - HKLM\..\RunOnce: [crja.exe] C:\WINDOWS\system32\crja.exe
O4 - HKLM\..\RunOnce: [ieft32.exe] C:\WINDOWS\system32\ieft32.exe
O4 - HKLM\..\RunOnce: [javaru32.exe] C:\WINDOWS\system32\javaru32.exe
O4 - HKLM\..\RunOnce: [crzc32.exe] C:\WINDOWS\crzc32.exe
O4 - HKLM\..\RunOnce: [msep32.exe] C:\WINDOWS\system32\msep32.exe
O4 - HKLM\..\RunOnce: [javadk32.exe] C:\WINDOWS\system32\javadk32.exe
O4 - HKLM\..\RunOnce: [crfn.exe] C:\WINDOWS\crfn.exe
O4 - HKLM\..\RunOnce: [windt.exe] C:\WINDOWS\system32\windt.exe
O4 - HKLM\..\RunOnce: [addyk32.exe] C:\WINDOWS\system32\addyk32.exe
O4 - HKLM\..\RunOnce: [mfcjt32.exe] C:\WINDOWS\mfcjt32.exe
O4 - HKLM\..\RunOnce: [ipoh32.exe] C:\WINDOWS\system32\ipoh32.exe
O4 - HKLM\..\RunOnce: [systi32.exe] C:\WINDOWS\systi32.exe
O4 - HKLM\..\RunOnce: [apihw32.exe] C:\WINDOWS\system32\apihw32.exe
O4 - HKLM\..\RunOnce: [apiwy.exe] C:\WINDOWS\apiwy.exe
O4 - HKLM\..\RunOnce: [d3eh.exe] C:\WINDOWS\system32\d3eh.exe
O4 - HKLM\..\RunOnce: [apiet32.exe] C:\WINDOWS\system32\apiet32.exe
O4 - HKLM\..\RunOnce: [javaif.exe] C:\WINDOWS\javaif.exe
O4 - HKLM\..\RunOnce: [atlnk.exe] C:\WINDOWS\system32\atlnk.exe
O4 - HKLM\..\RunOnce: [atlog.exe] C:\WINDOWS\atlog.exe
O4 - HKLM\..\RunOnce: [sdkrp32.exe] C:\WINDOWS\sdkrp32.exe
O4 - HKLM\..\RunOnce: [mfcqf32.exe] C:\WINDOWS\mfcqf32.exe
O4 - HKLM\..\RunOnce: [atlnh32.exe] C:\WINDOWS\atlnh32.exe
O4 - HKLM\..\RunOnce: [ntvy32.exe] C:\WINDOWS\ntvy32.exe
O4 - HKLM\..\RunOnce: [apiod32.exe] C:\WINDOWS\apiod32.exe
O4 - HKLM\..\RunOnce: [sysnt.exe] C:\WINDOWS\sysnt.exe
O4 - HKLM\..\RunOnce: [javatn.exe] C:\WINDOWS\javatn.exe
O4 - HKLM\..\RunOnce: [appbt.exe] C:\WINDOWS\system32\appbt.exe
O4 - HKLM\..\RunOnce: [mfcpv32.exe] C:\WINDOWS\system32\mfcpv32.exe
O4 - HKLM\..\RunOnce: [ieee32.exe] C:\WINDOWS\ieee32.exe
O4 - HKLM\..\RunOnce: [javafi32.exe] C:\WINDOWS\javafi32.exe
O4 - HKLM\..\RunOnce: [apisk.exe] C:\WINDOWS\apisk.exe
O4 - HKLM\..\RunOnce: [sdknd.exe] C:\WINDOWS\sdknd.exe
O4 - HKLM\..\RunOnce: [sdkoi32.exe] C:\WINDOWS\system32\sdkoi32.exe
O4 - HKLM\..\RunOnce: [criu.exe] C:\WINDOWS\system32\criu.exe
O4 - HKLM\..\RunOnce: [sdkja.exe] C:\WINDOWS\sdkja.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [d3ny32.exe] C:\WINDOWS\system32\d3ny32.exe
O4 - HKLM\..\RunOnce: [mfcfi32.exe] C:\WINDOWS\system32\mfcfi32.exe
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: VirtuaGirl2.lnk = C:\Program Files\vg\VirtuaGirl2.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global User Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Java Client 2.1.0.91L - http://207.29.194.123:8000/Java/cs4msl091.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: Yahoo! NFL StatTracker - http://aud10.sports.yahoo.com/java/y/nflst8219_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Trivia - http://download.games.yahoo.com/games/clients/y/tvt0_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\JDG\Local Settings\Temporary Internet Files\Content.IE5\EJYP4R78\SFUninstaller[1].exe" service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: XtreamLok License Manager - Unknown owner - C:\WINDOWS\System32\xl.exe

DMR 152 Wombat At Large Team Colleague · Answer 12 · 2005-07-19T06:54:00+00:00

1.

Would it basically be like having the computer from when I got it with nothing really on it?

Yes, a full "clean" reinstallation would mean starting all over again; you would have to reinstall and configure Windows and all of your programs from scratch.

2.

how would you recommend I do it exactly. What files should I save (what exactly would be critical, word and excel files type thing?

I can't really give you exact information on what you would need to save or instructions on how to do that, because that would depend on exactly what you use your computer for.

Things like Excel and Word documents are obviously things people normally need to save, but you may also have other items that you want to keep such as your address book, your email files/folders, Quicken or Palm Pilot files, MP3s, etc.

If it really does turn out that rebuilding the system is your best (or perhaps only) way to get it back to a clean state, you should get help from someone who is familiar with doing data backups and system restoration. That may even mean paying a computer tech to do the job, but if your data is critical, the cost of doing the job correctly would be justified.

3. The anti-spyware utilities that you've run should have done a much better job of removing your infections, but judging from the logs you've posted it doesn't look like they've done much at all. Unfortunately, I've honestly not seen this before.

4. I really don't like to be bested by these nasties though, so let's have a go at them with HijackThis and a few other specialized tools and see what sort of progress we can make. As I suggested before, please print out these instructions or save them into a text file. With the exception of downloading any further removal utilities or running further online anti-virus/anti-spyware scans, you should physically disconnect (unplug) your computer from the Internet.

Also: please perform all of the suggested procedures as fully and completely as possible! If any of the procedures do not work as we describe, please let us know the specifics of that, and do not hesitate to ask questions. Given the state of your system and the apparent ineffectiveness of the things you've tried so far, it's important that we know the exact results of anything we suggest from now on.

A) Download the Killbox utility and save it to your desktop, but don't run it yet.

B) In addition to the Panda online scan that swatkat suggested, run these other scans as well. As with the Panda scan, enable any "Auto Clean", "Disinfect", or similar options if applicable; we want the programs to automatically fix what they find, not just scan:

http://www.kaspersky.com/scanforvirus.html
http://housecall.trendmicro.com/
http://us.mcafee.com/root/mfs/default.asp?cid=9914
http://www.ravantivirus.com/scan/
http://www.bitdefender.com/scan/licence.php

C) Open Windows Notepad, copy-n-paste the following bolded lines into the new Notepad text file, and then click the "Save as..." option under Notepad's "File" menu. Name the file "Killdlls.txt" and save it to your desktop:

C:\WINDOWS\atlex.dll
C:\WINDOWS\system32\sysyx32.dll
C:\WINDOWS\addll.dll
C:\WINDOWS\system32\addcm32.dll
C:\WINDOWS\croe32.dll
C:\WINDOWS\ipwg32.dll
C:\WINDOWS\system32\ipwn.dll
C:\WINDOWS\ipoh.dll
C:\WINDOWS\netwy32.dll
C:\WINDOWS\netit32.dll
C:\WINDOWS\winaw.dll
C:\WINDOWS\apicj.dll
C:\WINDOWS\javaif.dll
C:\WINDOWS\netgr32.dll
C:\WINDOWS\system32\crqn32.dll
C:\WINDOWS\addmj32.dll
C:\WINDOWS\system32\javauq32.dll

Close Notepad whan you have finished.

D) Open Notepad again and repeat step C above for the following files, but this time name the new file "Killexes.txt" instead of "Killdlls.txt". As with hte above, save the file to your desktop:

C:\WINDOWS\system32\ieqg32.exe
C:\WINDOWS\msif32.exe
C:\WINDOWS\ipdr32.exe
C:\WINDOWS\system32\ipka32.exe
C:\WINDOWS\apiry.exe
C:\WINDOWS\system32\d3uy.exe
C:\WINDOWS\system32\mfcjv32.exe
C:\WINDOWS\mfcem.exe
C:\WINDOWS\system32\ntxf32.exe
C:\WINDOWS\system32\msbz.exe
C:\WINDOWS\sysuy.exe
C:\WINDOWS\ipfi.exe
C:\WINDOWS\ntco.exe
C:\WINDOWS\system32\mfchq32.exe
C:\WINDOWS\system32\sdkrr32.exe
C:\WINDOWS\ievd.exe
C:\WINDOWS\system32\addte32.exe
C:\WINDOWS\system32\sdkom.exe
C:\WINDOWS\system32\appil32.exe
C:\WINDOWS\system32\msbu.exe
C:\WINDOWS\system32\mska.exe
C:\WINDOWS\system32\iekq.exe
C:\WINDOWS\system32\sdkys.exe
C:\WINDOWS\appvr.exe
C:\WINDOWS\netim32.exe
C:\WINDOWS\system32\ipfx32.exe
C:\WINDOWS\syscq32.exe
C:\WINDOWS\system32\ntej32.exe
C:\WINDOWS\system32\iewa32.exe
C:\WINDOWS\system32\sdkjk32.exe
C:\WINDOWS\system32\crpp32.exe
C:\WINDOWS\system32\crja.exe
C:\WINDOWS\system32\ieft32.exe
C:\WINDOWS\system32\javaru32.exe
C:\WINDOWS\crzc32.exe
C:\WINDOWS\system32\msep32.exe
C:\WINDOWS\system32\javadk32.exe
C:\WINDOWS\crfn.exe
C:\WINDOWS\system32\windt.exe
C:\WINDOWS\system32\addyk32.exe
C:\WINDOWS\mfcjt32.exe
C:\WINDOWS\system32\ipoh32.exe
C:\WINDOWS\systi32.exe
C:\WINDOWS\system32\apihw32.exe
C:\WINDOWS\apiwy.exe
C:\WINDOWS\system32\d3eh.exe
C:\WINDOWS\system32\apiet32.exe
C:\WINDOWS\javaif.exe
C:\WINDOWS\system32\atlnk.exe
C:\WINDOWS\atlog.exe
C:\WINDOWS\sdkrp32.exe
C:\WINDOWS\mfcqf32.exe
C:\WINDOWS\atlnh32.exe
C:\WINDOWS\ntvy32.exe
C:\WINDOWS\apiod32.exe
C:\WINDOWS\sysnt.exe
C:\WINDOWS\javatn.exe
C:\WINDOWS\system32\appbt.exe
C:\WINDOWS\system32\mfcpv32.exe
C:\WINDOWS\ieee32.exe
C:\WINDOWS\javafi32.exe
C:\WINDOWS\apisk.exe
C:\WINDOWS\sdknd.exe
C:\WINDOWS\system32\sdkoi32.exe
C:\WINDOWS\system32\criu.exe
C:\WINDOWS\sdkja.exe
C:\WINDOWS\system32\d3ny32.exe
C:\WINDOWS\system32\mfcfi32.exe

E) Reboot into Safe Mode again and:

1) Run HijackThis and do a scan. Once the scan is finished, put a check mark in the boxes next to the following entries and then click the "Fix checked" button:

(Please note that some of the names of the actual ".exe" and/or ".dll" files in your new log's entries might have changed since you ran your last scan; this is, unfortunately, something that the infections can do to avoid removal. However, even if that happens, the common denominator will be the same: the filenames will still be random and meaningless-looking, but will most likely be very similar (meaning that only a couple of the letters/characters in the name have changed) to the entries I'm having you delete.)

R3 - Default URLSearchHook is missing
O2 - BHO: Class - {19C147DB-0AAE-4BC9-7FA4-0291F21C5F33} - C:\WINDOWS\atlex.dll
O2 - BHO: Class - {29E7FFD8-E6A5-9FCB-ED6E-4AAE63F4CAE9} - C:\WINDOWS\system32\sysyx32.dll
O2 - BHO: Class - {2CAE7DD3-D3DC-7AD3-D17F-61DF6D540FD7} - C:\WINDOWS\addll.dll
O2 - BHO: Class - {52CA0E68-18D4-4EE7-27A9-12262907D778} - C:\WINDOWS\system32\addcm32.dll
O2 - BHO: Class - {5BB66F6F-6BA4-ED53-05F3-F6ED2C204BED} - C:\WINDOWS\croe32.dll
O2 - BHO: Class - {605BB929-10FB-81EB-196F-7822E1EA2567} - C:\WINDOWS\ipwg32.dll
O2 - BHO: Class - {750F1B5F-4A52-D126-4B8B-75595AF14315} - C:\WINDOWS\system32\ipwn.dll
O2 - BHO: Class - {8C4F8213-4CBA-4C70-31C9-B2D727A270F1} - C:\WINDOWS\ipoh.dll
O2 - BHO: Class - {991DF816-06EC-05DF-D306-F828A69AEF22} - C:\WINDOWS\netwy32.dll
O2 - BHO: Class - {A2CA1BE2-4F84-321D-86EF-3B7600C2E334} - C:\WINDOWS\netit32.dll
O2 - BHO: Class - {A5F02AA1-E33B-02E2-EE38-6C66F5363B53} - C:\WINDOWS\winaw.dll
O2 - BHO: Class - {B7C25C68-FA17-FA9D-AF0F-BB29B5B9B64C} - C:\WINDOWS\apicj.dll
O2 - BHO: Class - {C0146C97-9E45-541E-2BF9-8DEC38F21C73} - C:\WINDOWS\javaif.dll
O2 - BHO: Class - {D3F6EC5D-83BA-FBCD-1424-2CB23092B7EA} - C:\WINDOWS\netgr32.dll
O2 - BHO: Class - {E363C209-E213-B037-FBC0-927E7138A3AF} - C:\WINDOWS\system32\crqn32.dll
O2 - BHO: Class - {F47A935F-6D84-6D4E-54C7-DA22B3F01D10} - C:\WINDOWS\addmj32.dll
O2 - BHO: Class - {FA224A3B-80E3-FC4E-47BB-C7027C3BE4E9} - C:\WINDOWS\system32\javauq32.dll
O4 - HKLM\..\Run: [ieqg32.exe] C:\WINDOWS\system32\ieqg32.exe
O4 - HKLM\..\Run: [msif32.exe] C:\WINDOWS\msif32.exe
O4 - HKLM\..\Run: [ipdr32.exe] C:\WINDOWS\ipdr32.exe
O4 - HKLM\..\Run: [ipka32.exe] C:\WINDOWS\system32\ipka32.exe
O4 - HKLM\..\RunOnce: [apiry.exe] C:\WINDOWS\apiry.exe
O4 - HKLM\..\RunOnce: [d3uy.exe] C:\WINDOWS\system32\d3uy.exe
O4 - HKLM\..\RunOnce: [mfcjv32.exe] C:\WINDOWS\system32\mfcjv32.exe
O4 - HKLM\..\RunOnce: [mfcem.exe] C:\WINDOWS\mfcem.exe
O4 - HKLM\..\RunOnce: [ntxf32.exe] C:\WINDOWS\system32\ntxf32.exe
O4 - HKLM\..\RunOnce: [msbz.exe] C:\WINDOWS\system32\msbz.exe
O4 - HKLM\..\RunOnce: [sysuy.exe] C:\WINDOWS\sysuy.exe
O4 - HKLM\..\RunOnce: [ipfi.exe] C:\WINDOWS\ipfi.exe
O4 - HKLM\..\RunOnce: [ntco.exe] C:\WINDOWS\ntco.exe
O4 - HKLM\..\RunOnce: [mfchq32.exe] C:\WINDOWS\system32\mfchq32.exe
O4 - HKLM\..\RunOnce: [sdkrr32.exe] C:\WINDOWS\system32\sdkrr32.exe
O4 - HKLM\..\RunOnce: [ievd.exe] C:\WINDOWS\ievd.exe
O4 - HKLM\..\RunOnce: [addte32.exe] C:\WINDOWS\system32\addte32.exe
O4 - HKLM\..\RunOnce: [sdkom.exe] C:\WINDOWS\system32\sdkom.exe
O4 - HKLM\..\RunOnce: [appil32.exe] C:\WINDOWS\system32\appil32.exe
O4 - HKLM\..\RunOnce: [msbu.exe] C:\WINDOWS\system32\msbu.exe
O4 - HKLM\..\RunOnce: [mska.exe] C:\WINDOWS\system32\mska.exe
O4 - HKLM\..\RunOnce: [iekq.exe] C:\WINDOWS\system32\iekq.exe
O4 - HKLM\..\RunOnce: [sdkys.exe] C:\WINDOWS\system32\sdkys.exe
O4 - HKLM\..\RunOnce: [appvr.exe] C:\WINDOWS\appvr.exe
O4 - HKLM\..\RunOnce: [netim32.exe] C:\WINDOWS\netim32.exe
O4 - HKLM\..\RunOnce: [ipfx32.exe] C:\WINDOWS\system32\ipfx32.exe
O4 - HKLM\..\RunOnce: [syscq32.exe] C:\WINDOWS\syscq32.exe
O4 - HKLM\..\RunOnce: [ntej32.exe] C:\WINDOWS\system32\ntej32.exe
O4 - HKLM\..\RunOnce: [iewa32.exe] C:\WINDOWS\system32\iewa32.exe
O4 - HKLM\..\RunOnce: [sdkjk32.exe] C:\WINDOWS\system32\sdkjk32.exe
O4 - HKLM\..\RunOnce: [crpp32.exe] C:\WINDOWS\system32\crpp32.exe
O4 - HKLM\..\RunOnce: [crja.exe] C:\WINDOWS\system32\crja.exe
O4 - HKLM\..\RunOnce: [ieft32.exe] C:\WINDOWS\system32\ieft32.exe
O4 - HKLM\..\RunOnce: [javaru32.exe] C:\WINDOWS\system32\javaru32.exe
O4 - HKLM\..\RunOnce: [crzc32.exe] C:\WINDOWS\crzc32.exe
O4 - HKLM\..\RunOnce: [msep32.exe] C:\WINDOWS\system32\msep32.exe
O4 - HKLM\..\RunOnce: [javadk32.exe] C:\WINDOWS\system32\javadk32.exe
O4 - HKLM\..\RunOnce: [crfn.exe] C:\WINDOWS\crfn.exe
O4 - HKLM\..\RunOnce: [windt.exe] C:\WINDOWS\system32\windt.exe
O4 - HKLM\..\RunOnce: [addyk32.exe] C:\WINDOWS\system32\addyk32.exe
O4 - HKLM\..\RunOnce: [mfcjt32.exe] C:\WINDOWS\mfcjt32.exe
O4 - HKLM\..\RunOnce: [ipoh32.exe] C:\WINDOWS\system32\ipoh32.exe
O4 - HKLM\..\RunOnce: [systi32.exe] C:\WINDOWS\systi32.exe
O4 - HKLM\..\RunOnce: [apihw32.exe] C:\WINDOWS\system32\apihw32.exe
O4 - HKLM\..\RunOnce: [apiwy.exe] C:\WINDOWS\apiwy.exe
O4 - HKLM\..\RunOnce: [d3eh.exe] C:\WINDOWS\system32\d3eh.exe
O4 - HKLM\..\RunOnce: [apiet32.exe] C:\WINDOWS\system32\apiet32.exe
O4 - HKLM\..\RunOnce: [javaif.exe] C:\WINDOWS\javaif.exe
O4 - HKLM\..\RunOnce: [atlnk.exe] C:\WINDOWS\system32\atlnk.exe
O4 - HKLM\..\RunOnce: [atlog.exe] C:\WINDOWS\atlog.exe
O4 - HKLM\..\RunOnce: [sdkrp32.exe] C:\WINDOWS\sdkrp32.exe
O4 - HKLM\..\RunOnce: [mfcqf32.exe] C:\WINDOWS\mfcqf32.exe
O4 - HKLM\..\RunOnce: [atlnh32.exe] C:\WINDOWS\atlnh32.exe
O4 - HKLM\..\RunOnce: [ntvy32.exe] C:\WINDOWS\ntvy32.exe
O4 - HKLM\..\RunOnce: [apiod32.exe] C:\WINDOWS\apiod32.exe
O4 - HKLM\..\RunOnce: [sysnt.exe] C:\WINDOWS\sysnt.exe
O4 - HKLM\..\RunOnce: [javatn.exe] C:\WINDOWS\javatn.exe
O4 - HKLM\..\RunOnce: [appbt.exe] C:\WINDOWS\system32\appbt.exe
O4 - HKLM\..\RunOnce: [mfcpv32.exe] C:\WINDOWS\system32\mfcpv32.exe
O4 - HKLM\..\RunOnce: [ieee32.exe] C:\WINDOWS\ieee32.exe
O4 - HKLM\..\RunOnce: [javafi32.exe] C:\WINDOWS\javafi32.exe
O4 - HKLM\..\RunOnce: [apisk.exe] C:\WINDOWS\apisk.exe
O4 - HKLM\..\RunOnce: [sdknd.exe] C:\WINDOWS\sdknd.exe
O4 - HKLM\..\RunOnce: [sdkoi32.exe] C:\WINDOWS\system32\sdkoi32.exe
O4 - HKLM\..\RunOnce: [criu.exe] C:\WINDOWS\system32\criu.exe
O4 - HKLM\..\RunOnce: [sdkja.exe] C:\WINDOWS\sdkja.exe
O4 - HKLM\..\RunOnce: [d3ny32.exe] C:\WINDOWS\system32\d3ny32.exe
O4 - HKLM\..\RunOnce: [mfcfi32.exe] C:\WINDOWS\system32\mfcfi32.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\JDG\Local Settings\Temporary Internet Files\Content.IE5\EJYP4R78\SFUninstaller[1].exe" service (file missing)

2) Once HJT finishes the fix, click on the "Config" button in the lower right corner of HijackThis' main window.

- In the next window click on the "Misc Tools" button at the top then click the "Delete an NT service" button. Type the following in the box and click OK:

SmartFinder_Uninstall

- Close HijackThis

3. Open the "Killedlls" text file you saved previously and right click and drag your cursor over the files to highlight them and then use Control+C to copy them to the clipboard.

* Open KILLBOX and go to File...."Paste From Clipboard". All the files should now appear in the box (click on the Tab and check to make sure that only the files I have identified as malware and marked for deletion are there).

* Put a check next to the "Standard file kill", "Unregister dll before deleting", and "End Explorer shell..." options, and then Click on the button with the red circle and white "X" icon. Click the YES option in the resulting confirmation prompt window. Close Killbox after that.

4. Open the "Killexes" text file you saved previously and right click and drag your cursor over the files to highlight them and then use Control+C to copy them to the clipboard.

* Open KILLBOX again and go to File...."Paste From Clipboard". All the files should now appear in the box (click on the Tab and check to make sure that only the files I have identified as malware and marked for deletion are there).

* Put a check next to the "Delete on reboot" option.

* Click on the button with the red circle and white "X" icon.

* Click the YES option in the resulting confirmation prompt window.

* Click YES in the next window which asks if you want to actually reboot.

5. Let the computer reboot normally, run JHT again, and post the new log.

RPeeteRules 0 Newbie Poster · Answer 13 · 2005-07-20T01:14:58+00:00

Here's the updated HJT Log File...When I tried to delete the SmartFinder_Uninstaller using NT, it said that it was unable to since it was running or being used, so that is why it is still in the log. I did fix it from the log, but it is still there. Thanks for all the help so far, seems like it's almost destroyed.

Logfile of HijackThis v1.99.1
Scan saved at 3:11:27 PM, on 7/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\xl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\HP Share-to-Web\hpgs2wnd.exe
C:\HP Share-to-Web\hpgs2wnf.exe
C:\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\Extreme Messenger\ExtremeMessenger.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\PROGRA~1\Webshots\webshots.scr
C:\Program Files\HighJackThis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Microsoft Tray] C:\Documents and Settings\JDG\Desktop\Josh\My Shared Folder\Video Strip Poker 2002.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: VirtuaGirl2.lnk = C:\Program Files\vg\VirtuaGirl2.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global User Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Java Client 2.1.0.91L - http://207.29.194.123:8000/Java/cs4msl091.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: Yahoo! NFL StatTracker - http://aud10.sports.yahoo.com/java/y/nflst8219_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Trivia - http://download.games.yahoo.com/games/clients/y/tvt0_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4534/mcfscan.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\JDG\Local Settings\Temporary Internet Files\Content.IE5\EJYP4R78\SFUninstaller[1].exe" service (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: XtreamLok License Manager - Unknown owner - C:\WINDOWS\System32\xl.exe

DMR 152 Wombat At Large Team Colleague · Answer 14 · 2005-07-21T04:36:06+00:00

That's much better now; I don't see any obvious nasties in your latest log. Good job. :)

1. I'm always a bit suspicious of things like the following; is Video Strip Poker a program you knowingly installed?:

O4 - HKLM\..\Run: [Microsoft Tray] C:\Documents and Settings\JDG\Desktop\Josh\My Shared Folder\Video Strip Poker 2002.exe

2. About the O23 - Service: SmartFinder Uninstall entry:

In my last post I forgot to include instructions on what to do if you get the error about a service being in use. Basically, we need to disable the service before HijackThis can delete it:

* Open the Services utility in your Administrative Tools control panel.

- In the list of services, locate the service named "SmartFinder_Uninstall" and double-click on it.

- In the General tab of the Properties window that opens, click the Stop button.

- Once the service is stopped, choose Disabled in the "Startup Type" drop-down menu and then click OK. Close the Services utility after that.

* Once you've done the above you should be able to go back into HijackThis and repeat the service deletion procedure:

- Click on the "Config" button in the lower right corner of HijackThis' main window.

- In the next window click on the "Misc Tools" button at the top then click the "Delete an NT service" button. Type the following in the box and click OK:

SmartFinder_Uninstall

- Close HijackThis

RPeeteRules 0 Newbie Poster · Answer 15 · 2005-07-21T06:30:30+00:00

Thank you very much for all of your and everyone's help. Looks clean now, I very much appreciate it all. Here's the updated log.

Logfile of HijackThis v1.99.1
Scan saved at 8:26:36 PM, on 7/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\xl.exe
C:\WINDOWS\system32\ltmsg.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
C:\HP Share-to-Web\hpgs2wnd.exe
C:\Digital Imaging\Unload\hpqcmon.exe
C:\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\HighJackThis\HijackThis.exe

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Dell|Alert] C:\Program Files\Dell\Support\Alert\bin\DAMon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Extreme Messenger for AIM] C:\Program Files\Extreme Messenger\ExtremeMessenger.exe nosplash
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: VirtuaGirl2.lnk = C:\Program Files\vg\VirtuaGirl2.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global User Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\inetrepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ChatSpace Java Client 2.1.0.91L - http://207.29.194.123:8000/Java/cs4msl091.cab
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Dots - http://download.games.yahoo.com/games/clients/y/dtt1_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt0_x.cab
O16 - DPF: Yahoo! NFL StatTracker - http://aud10.sports.yahoo.com/java/y/nflst8219_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: Yahoo! Trivia - http://download.games.yahoo.com/games/clients/y/tvt0_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0F9B4CA4-A30F-480A-841D-69B45C50A8F8} (SekureL0gin.SekureKontrol) - http://secure2.comned.com/signuptemplates/AktiveSekurity.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v43/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {36C66BBD-E667-4DAD-9682-58050E7C9FDC} (CDKey Class) - http://www.cdkeybonus.com/cdkey/ITCDKey.cab
O16 - DPF: {3FE16C08-D6A7-4133-84FC-D5BFB4F7D886} (WebGameLoader Class) - http://zone.msn.com/bingame/rtlw/default/ReflexiveWebGameLoader.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://apple.speedera.net/qtinstall.info.apple.com/borris/us/win/QuickTimeInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4534/mcfscan.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: XtreamLok License Manager - Unknown owner - C:\WINDOWS\System32\xl.exe

DMR 152 Wombat At Large Team Colleague · Answer 16 · 2005-07-21T08:01:33+00:00

Looks good now. :)

Judging from the history of references to downloaded games and the like in your logs though, I'll put this out there:

Many of the sites/companies that offer games and other such "free" downloads need to make money on their offerings in some way, and they often do that by bundling their downloads with adware/spyware components. At the very least, you should look carefully at the privacy and terms of use agreements of such products before downloading/installing them.

HighJackThis File Log, Help Needed.

Recommended Answers Collapse Answers

All 21 Replies

Recommended Answers