Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop Ups And Trojan Problems


  • This topic is locked This topic is locked
23 replies to this topic

#1 teenslayer

teenslayer

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 09 October 2006 - 03:11 PM

Logfile of HijackThis v1.99.1
Scan saved at 4:02:06 PM, on 10/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1152390480\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Eset\nod32.exe
C:\hijackthis\HijackThis.exe

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152390480\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [hcldvig.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hcldvig.dll,mqohfx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...846/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

BC AdBot (Login to Remove)

 


#2 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:03:57 AM

Posted 15 October 2006 - 01:38 AM

Hi teenslayer and welcome to BC

My name is Stelios and I will be helping you to clean up your computer.

Thanks for your patience.

It is strange that there are no 02's or 020's in the log.
A new infection is hiding these entries from a Hijackthis scan.
This means certain infections cannot be seen and are therefore hidden to the helper.
Go to this folder where Hijackthis is kept and rename the hijackthis application to "showme".
This can be done by right clicking on the program and clicking "rename".
Press enter, then open "showme.exe" by double clicking.

Post a new Hijackthis log from the newly named application.
=====
I also need to see a different type of log from Hijackthis:
Run Hijackthis.
Click on "Open the Misc Tools section".
Next click on "Open uninstall manager".
Press the button 'save list'.
It will open a Notepad file.

Place the content of that file here in your in your next reply.


Stelios

#3 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 15 October 2006 - 01:23 PM

Thanks in advance =]

Logfile of HijackThis v1.99.1
Scan saved at 2:19:26 PM, on 10/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1152390480\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\aol\1152390480\ee\aim6.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.exe
C:\hijackthis\showme.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\dldpndpb.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: (no name) - {4789198D-DEDF-09D2-D594-0A99F84DB0E9} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {62DA75DB-9173-4CAC-858B-77EB50359113} - C:\WINDOWS\system32\mljgf.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152390480\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [hcldvig.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hcldvig.dll,mqohfx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...846/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: mljgf - C:\WINDOWS\system32\mljgf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe


UNINSTALL LIST

7-Zip 4.42
Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0
Adobe Reader 7.0.8
AIM Gadgets 2.70
AOL Uninstaller (Choose which Products to Remove)
AppCore
Ares 1.9.0
AsusUpdate
AV
BitComet 0.60
Canon i560
ccCommon
CDCheck
DivX
Dolphin 1.3 beta
eMule
FLV Player 1.3.3
GTA San Andreas
Gunbound Revolution
Haali Media Splitter
HijackThis 1.99.1
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections
J2SE Development Kit 5.0 Update 7
J2SE Runtime Environment 5.0 Update 7
JCreator LE 2.50
K8 2005 (Beta2)
Kazaa Lite K++ v2.4.1
KuGoo(?1) V3.0???
LiveUpdate 3.1 (Symantec Corporation)
Magic ISO Maker v4.9 (build 0144)
MAME Classic
Matroska Pack
Microsoft Office XP Professional with FrontPage
Mozilla Firefox (1.5.0.7)
MSRedist
Need for Speed? Most Wanted
Nero 6 Ultra Edition
NetBeans IDE 5.0
NOD32 antivirus system
Norton AntiVirus
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Protection Center
NVIDIA Drivers
Panda ActiveScan
PC Probe II
Pcsx2 0.9.1 Watermoose
PowerDVD
PPLive 1.3.9
Python 2.4.3
QuickTime
RealPlayer
Realtek AC'97 Audio
RegCure 1.0.0.43
Rome - Total War™
Security Task Manager 1.6f
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
SiSoftware Sandra Standard 2004.SP2 (Win32 x86)
Softnyx Launcher
Sonic RecordNow!
SPBBC 32bit
Spybot - Search & Destroy 1.4
StepMania (remove only)
SymNet
TI Connect 1.6
Tom Clancy's Splinter Cell Chaos Theory
Ultrafunk Sonitus:fx R3 plug-in uninstaller
Unreal Tournament 2004
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinRAR archiver
WinZip

#4 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:03:57 AM

Posted 15 October 2006 - 04:30 PM

Hi teenslayer

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

*False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.

*System Performance Problems: Your system may lock up due to both software products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either NOD32 or Norton AntiVirus - if you remove Norton please understand you will have to install a new firewall as the Norton one will have been uninstalled also.

If you decide to remove Norton :
How To Remove Your Norton Products

Also 2 excellent (and free) products: Zone Alarm or Sygate It is important to note that you should only have one firewall installed at a time,but you can download both to your Desktop and install each in turn to see which one you prefer.
=====

Please download VundoFix.exe to your Desktop.

*Double-click VundoFix.exe to run it.
*Click the Scan for Vundo button.
*Once it's done scanning, click the Remove Vundo button.
*You will receive a prompt asking if you want to remove the files, click YES
*Once you click yes, your desktop will go blank as it starts removing Vundo.
*When completed, it will prompt that it will reboot your computer, click OK.
*It will make a log in C:\vundofix.txt, please include that in your next reply along
with a new Hijackthis log.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.


Stelios

#5 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 15 October 2006 - 07:43 PM

VundoFix V6.2.2

Checking Java version...

Java version is 1.5.0.7

Scan started at 7:23:08 PM 10/15/2006

Listing files found while scanning....

C:\WINDOWS\system32\dldpndpb.dll
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\fgjlm.bak1
C:\WINDOWS\system32\fgjlm.bak2
C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\fgjlm.tmp
C:\WINDOWS\system32\rqbxmiqp.dll
C:\WINDOWS\system32\dxjiqwwk.exe
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\fgjlm.bak1
C:\WINDOWS\system32\fgjlm.bak2
C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\fgjlm.tmp
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\fgjlm.bak1
C:\WINDOWS\system32\fgjlm.bak2
C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\fgjlm.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\dldpndpb.dll
C:\WINDOWS\system32\dldpndpb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mljgf.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\fgjlm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fgjlm.bak1
C:\WINDOWS\system32\fgjlm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\fgjlm.bak2
C:\WINDOWS\system32\fgjlm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\fgjlm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\fgjlm.tmp
C:\WINDOWS\system32\fgjlm.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqbxmiqp.dll
C:\WINDOWS\system32\rqbxmiqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\dxjiqwwk.exe
C:\WINDOWS\system32\dxjiqwwk.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mljgf.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mljgf.dll Has been deleted!

Performing Repairs to the registry.
Done!


Logfile of HijackThis v1.99.1
Scan saved at 8:40:53 PM, on 10/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1152390480\ee\AOLSoftware.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\showme.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\dldpndpb.dll (file missing)
O2 - BHO: (no name) - {4789198D-DEDF-09D2-D594-0A99F84DB0E9} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O2 - BHO: (no name) - {D3F2F1C9-6D4D-4479-8D30-7DF5246E00C2} - C:\WINDOWS\system32\mljgf.dll (file missing)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152390480\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [hcldvig.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hcldvig.dll,mqohfx
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...846/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

#6 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:03:57 AM

Posted 17 October 2006 - 10:41 AM

Hi teenslayer

Sorry for the delay.

Please print out or copy this instructions/tutorial to Notepad as the internet will not be available to you at certain points of the removal process (while in Safe Mode). Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
=====

Please download ATF Cleaner by Atribune. Don’t run it yet.
=====

download Avg anti-spyware from HERE and save that file to your desktop.
  • Once you have downloaded Avg anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need to run Avg and update the definition files.
  • On the main screen select the "Update" icon then click "Start Update". The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
    Don’t run it yet Close Avg anti-spyware .
    =====
    Now let's clean a Norton leftover.

    1. Click Start > Run > type: sc stop "Automatic LiveUpdate Scheduler" Click OK

    2. Click Start > Run > type: sc delete "Automatic LiveUpdate Scheduler" Click OK
    =====

    Please Run HijackThis again, click scan, and Put a checkmark next to each of the lines listed below, if still present:

    O2 - BHO: (no name) - {1DAEFCB9-06C8-47c6-8F20-3FB54B244DAA} - C:\WINDOWS\system32\dldpndpb.dll (file missing)
    O2 - BHO: (no name) - {4789198D-DEDF-09D2-D594-0A99F84DB0E9} - (no file)
    O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)
    O2 - BHO: (no name) - {D3F2F1C9-6D4D-4479-8D30-7DF5246E00C2} - C:\WINDOWS\system32\mljgf.dll (file missing)
    O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
    O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
    O4 - HKLM\..\Run: [hcldvig.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\hcldvig.dll,mqohfx
    O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - <a href="http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab" target="_blank">http://gamedownload.ijjimax.com/gamedownlo...GPlugin9USA.cab</a>
    O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\
    O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)

    Then close all other windows--you should only see Hijack This on your Desktop--and click the Fix Checked button, and EXIT Hijack This.
    =====

    Make sure that you can see hidden files.
    • ClickStart.
    • Click My Computer.
    • Select the Tools menu and click Folder Options.
    • Select the View Tab.
    • Under the Hidden files and folders heading select Show hidden files and folders.
    • Uncheck the Hide protected operating system files (recommended) option.
    • Click Yes to confirm.
    • Uncheck the Hide file extensions for known file types.
    • Click OK.
    =====

    Reboot into SAFE MODE By pressing the F8 key right when Windows starts, usually right after you hear your computer beep when you reboot it (some versions of windows will display 'Starting Windows' with a grey progress bar) you will be brought to a menu where you can choose to boot into safe mode.
    =====

    Now, using Windows Explorer, (right click on start, click on explore) I need you to DELETE the following folder and all their content if still present :

    C:\WINDOWS\system32\hcldvig.dll< ---file
    C:\Program Files\VSToolbar <-- folder

    =====
    Still in safe mode run: ATF
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
    If you use Firefox browserClick Firefox at
    the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please
    click No at the prompt.
    If you use Opera browserClick Opera at the
    top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please
    click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located
    at the bottom of each menu.]
    =====
  • Lauch Avg-anti-spyware by double-clicking the icon on your desktop.IMPORTANT: Do not open any other windows or programs while Avg is scanning, it may interfere with the scanning proccess.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan"
  • Avg will now begin the scanning process, be patient this may take a little time.
  • Avg will list any infections found on the left hand side. When the scan has finished, it should automatically set the recommended action to Quarantine--if not click on Recommended Action and set it there. Click the Apply all actions button. Avg will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
  • Close Avg.
=====

Reboot back to normal mode.
Please post back:

1) The Avg report
2) New HijackThis log

As my friend agrarianmonk have told you before:

The following are optional; however, any time you are running any type of P2P application, you are FAR more prone to infection by malware.


Kazaa Lite K++ v2.4.1
KuGoo
eMule
BitComet 0.60


(A list compiled by Nexus7 of clean and infected P2P programs can be found here


Let us know how things running?

Stelios

#7 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 25 October 2006 - 08:28 PM

Srry i've been really busy for a while.. here is the Avg report

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:37:48 PM 10/17/2006

+ Scan result:



C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP157\A0028718.exe -> Adware.DollarRevenue : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{0D4C7057-EAD2-44C6-AD18-9092905F28F1} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\Interface\{60D3A642-0B03-46AD-B8B0-8D45989A0055} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\Interface\{81CDDAE8-3B92-4F0D-86C1-8DD5DB6A8471} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\TypeLib\{EFA1EC0F-8359-41B7-A178-7DD6805A0C79} -> Adware.Generic : No action taken.
HKLM\SOFTWARE\Classes\TypeLib\{FEBB9141-2FF9-4FC8-BA91-1CE79DDE25CF} -> Adware.Generic : No action taken.
HKU\S-1-5-21-1409082233-1547161642-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : No action taken.
HKU\S-1-5-21-1409082233-1547161642-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D4C7057-EAD2-44C6-AD18-9092905F28F1} -> Adware.Generic : No action taken.
HKU\S-1-5-21-1409082233-1547161642-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A43385F0-7113-496D-96D7-B9B550E3FCCA} -> Adware.Isearch : No action taken.
C:\Program Files\VSToolbar\VSToolBar.dll -> Adware.Searchcolours : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP203\A0036738.dll -> Adware.Searchcolours : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP177\A0032029.dll -> Adware.Softomate : No action taken.
HKU\S-1-5-21-1409082233-1547161642-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} -> Adware.TrustCleaner : No action taken.
HKU\S-1-5-21-1409082233-1547161642-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE6C16C4-16AD-47B6-B250-26AD1829E49A} -> Adware.TrustCleaner : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP203\A0036739.dll -> Adware.Virtumionde : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP142\A0020441.exe -> Downloader.Small.ddv : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP203\A0037290.exe -> Downloader.Zlob.ans : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP201\A0036490.dll -> Downloader.Zlob.ant : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP201\A0036436.exe -> Downloader.Zlob.anw : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP201\A0036475.exe -> Downloader.Zlob.anw : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP203\A0036731.exe -> Downloader.Zlob.anw : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP203\A0036752.exe -> Downloader.Zlob.anw : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP203\A0037289.exe -> Downloader.Zlob.anw : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP201\A0036476.dll -> Downloader.Zlob.aoa : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP203\A0036732.dll -> Downloader.Zlob.aoa : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP203\A0036751.dll -> Downloader.Zlob.aoa : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP203\A0037292.dll -> Downloader.Zlob.aoa : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP203\A0037291.exe -> Downloader.Zlob.apm : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP182\A0032385.exe -> Dropper.Agent.adw : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP203\A0037297.dll -> Logger.VBStat.e : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP218\A0040574.dll -> Logger.VBStat.e : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP208\A0038618.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP203\A0037293.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP133\A0017779.exe -> Proxy.Horst.ef : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP139\A0019374.exe -> Proxy.Horst.ef : No action taken.
:mozilla.217:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.138:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.139:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.140:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.141:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.142:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.143:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.144:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.145:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.146:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.147:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.148:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.149:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.150:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.151:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.152:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.153:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.154:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.155:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.156:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.157:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.158:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.159:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.160:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.161:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.162:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.163:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.164:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.165:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.166:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.167:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.168:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.169:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.170:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.171:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.221:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.336:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.354:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.516:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.523:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.524:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.538:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.584:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.38:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.39:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.40:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.693:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.694:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.844:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.845:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.846:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.847:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.255:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.836:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.837:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.838:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.839:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.261:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.262:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.135:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.879:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.332:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.333:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.44:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Clickhype : No action taken.
:mozilla.381:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.382:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.37:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Com : No action taken.
:mozilla.374:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.375:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.376:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.377:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.791:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Cqcounter : No action taken.
:mozilla.184:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.411:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Estat : No action taken.
:mozilla.249:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.290:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.291:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.292:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.293:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.296:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.297:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.298:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.299:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.300:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.301:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.201:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.207:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.208:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.422:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Findwhat : No action taken.
:mozilla.899:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.125:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.126:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.127:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.45:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Hotlog : No action taken.
:mozilla.853:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.854:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.855:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.856:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.857:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.74:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.75:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Onestat : No action taken.
:mozilla.571:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Overture : No action taken.
:mozilla.595:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Overture : No action taken.
:mozilla.257:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.258:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.259:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.260:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.606:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.607:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.610:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.611:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.612:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.647:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.648:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.403:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.404:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.405:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.406:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.407:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.408:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.409:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.188:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.189:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.190:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.191:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.329:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.834:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.835:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Sitestat : No action taken.
:mozilla.250:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Specificclick : No action taken.
:mozilla.46:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Spylog : No action taken.
:mozilla.57:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.58:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.59:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.60:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.61:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.62:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.63:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.64:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.65:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.66:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.67:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.68:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.69:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.70:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.71:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.72:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.73:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.51:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.52:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.809:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.722:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.723:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.724:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.725:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.726:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.727:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.728:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.729:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.730:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.53:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.54:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.55:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.640:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.641:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.642:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.643:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.644:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Valuead : No action taken.
:mozilla.757:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.755:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.756:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Weborama : No action taken.
:mozilla.56:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.801:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.802:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.803:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.804:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.805:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.784:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.785:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.786:C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cookies-1.txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\Ashley Jiang\Local Settings\Temp\ltohgnil.dll -> Trojan.BHO.g : No action taken.
C:\Documents and Settings\Ashley Jiang\Local Settings\Temp\rboaxtxm.dll -> Trojan.BHO.g : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP207\A0038474.dll -> Trojan.BHO.g : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP209\A0038674.dll -> Trojan.BHO.g : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP209\A0038677.dll -> Trojan.BHO.g : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{E14DCE67-8FB7-4721-8149-179BAA4D792C} -> Trojan.Ciadoor.m : No action taken.
HKU\S-1-5-21-1409082233-1547161642-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E14DCE67-8FB7-4721-8149-179BAA4D792C} -> Trojan.Ciadoor.m : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP203\A0036740.exe -> Trojan.Starter.65 : No action taken.
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP177\A0032028.exe -> Trojan.VB.tg : No action taken.


::Report end



Logfile of HijackThis v1.99.1
Scan saved at 9:25:53 PM, on 10/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\AOL\1152390480\ee\AOLSoftware.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\showme.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {A9930D97-9CF0-42A0-A10D-4F28836579D5} - C:\PROGRA~1\KuGoo3\KUGOO3~1.OCX
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PRONoMgrWired] C:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1152390480\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 使用KuGoo3下载(&K) - C:\Program Files\KuGoo3\KuGoo3DownX.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...846/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: LMIinit - C:\WINDOWS\SYSTEM32\LMIinit.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

#8 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 25 October 2006 - 08:31 PM

Also, about the P2P softwares, I haven't been using them for a while. I'm pretty sure I got the viruses from downloading stuff from various websites.

Um. I'm running avast! right now.. and it seems to be finding a lot of viruses. What should I do? :thumbsup:

#9 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 25 October 2006 - 08:35 PM

One more question. Is it possible for viruses to infect connected mp3 players. My Iriver H10, ever since I connected it to my computer after I started this topic, has been acting weird. The titles are no longer alphabetized and I seem to be loosing data (songs) everytime I unconnect it from the computer. It used to be 700 something and now 500 or so.. Do you have any idea what is happening?
Thankyou

#10 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:03:57 AM

Posted 01 November 2006 - 03:12 AM

Hi teenslayer

Sorry for the delay!

Also, about the P2P softwares, I haven't been using them for a while. I'm pretty sure I got the viruses from downloading stuff from various websites.


Most probably!

One more question. Is it possible for viruses to infect connected mp3 players. My Iriver H10, ever since I connected it to my computer after I started this topic, has been acting weird. The titles are no longer alphabetized and I seem to be loosing data (songs) everytime I unconnect it from the computer. It used to be 700 something and now 500 or so.. Do you have any idea what is happening?

Not sure I’ll have to look around a little

Um. I'm running avast! right now.. and it seems to be finding a lot of viruses. What should I do?


Delete everything it finds, let me know if there is anything that it reports but can not remove.
=====

Reboot your comp in Safe mode, Run Avg-anti-spyware again, IMPORTANT: Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.

Reboot back to normal mode.
=====

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Please post back:

1) The Avg report

2) Panda's ActiveScan report

Let us know how things running?

Stelios :thumbsup:

#11 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 02 November 2006 - 07:15 PM

When I am downloading ActiveX from Panda ActiveScan, avast always gives the following warning.

A Virus was Found!

There is no reason to worry, though. avast! has stopped the malware before it could enter your computer. When you click on "Abort connection" button, the download of the dangerous file will be canceled.

File name: http: //acs.pandasoftware.com/activescan/as5free/motor.cab\pskavs.DLL
Malware name: Win32:CTX
Malware type: Virus/Worm
VPS version: 0645-3, 11/02/2006

Clicking abort connection or just closing the window results in the same thing. The downloading would have been stopped. And I have to click try again. And.. it just repeats.. :thumbsup:

#12 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 02 November 2006 - 07:17 PM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:38:59 PM 11/2/2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{0D4C7057-EAD2-44C6-AD18-9092905F28F1} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{60D3A642-0B03-46AD-B8B0-8D45989A0055} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\Interface\{81CDDAE8-3B92-4F0D-86C1-8DD5DB6A8471} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{EFA1EC0F-8359-41B7-A178-7DD6805A0C79} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{FEBB9141-2FF9-4FC8-BA91-1CE79DDE25CF} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1409082233-1547161642-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1409082233-1547161642-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D4C7057-EAD2-44C6-AD18-9092905F28F1} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1409082233-1547161642-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A43385F0-7113-496D-96D7-B9B550E3FCCA} -> Adware.Isearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP203\A0036737.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP218\A0040575.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\Program Files\VSToolbar\VSToolBar.dll -> Adware.Searchcolours : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP203\A0036738.dll -> Adware.Searchcolours : Cleaned with backup (quarantined).
HKU\S-1-5-21-1409082233-1547161642-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{590FFB84-6A29-4797-9C0E-B15DF2C4CDCB} -> Adware.TrustCleaner : Cleaned with backup (quarantined).
HKU\S-1-5-21-1409082233-1547161642-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE6C16C4-16AD-47B6-B250-26AD1829E49A} -> Adware.TrustCleaner : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP142\A0020441.exe -> Downloader.Small.ddv : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP203\A0037290.exe -> Downloader.Zlob.ans : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP201\A0036490.dll -> Downloader.Zlob.ant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP201\A0036436.exe -> Downloader.Zlob.anw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP201\A0036475.exe -> Downloader.Zlob.anw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP203\A0036731.exe -> Downloader.Zlob.anw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP203\A0036752.exe -> Downloader.Zlob.anw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP203\A0037289.exe -> Downloader.Zlob.anw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP182\A0032385.exe -> Dropper.Agent.adw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP203\A0037297.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP218\A0040574.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP228\A0043255.dll -> Not-A-Virus.RemoteAdmin.Win32.RemotelyAnywhere.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley Jiang\Local Settings\Temp\ltohgnil.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\Documents and Settings\Ashley Jiang\Local Settings\Temp\rboaxtxm.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP207\A0038474.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP209\A0038674.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP209\A0038677.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E14DCE67-8FB7-4721-8149-179BAA4D792C} -> Trojan.Ciadoor.m : Cleaned with backup (quarantined).
HKU\S-1-5-21-1409082233-1547161642-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E14DCE67-8FB7-4721-8149-179BAA4D792C} -> Trojan.Ciadoor.m : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP203\A0036740.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).


::Report end

#13 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:03:57 AM

Posted 03 November 2006 - 05:30 AM

Hi teenslayer

Let’s try this Scanner

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
And a new HijackThis log.

About the P2P softwares: one friend of mine who works for an antivirus company once said that 60% if files inside p2p networks are malware!!

Let us know how things running?

Stelios :thumbsup:

#14 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 03 November 2006 - 07:44 PM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, November 03, 2006 7:38:53 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 3/11/2006
Kaspersky Anti-Virus database records: 238198
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 78770
Number of viruses found: 39
Number of infected objects: 880 / 0
Number of suspicious objects: 3
Duration of the scan process: 00:54:18

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Documents\backup\Outlook Express\Sent Items.dbx/[From "Pioneer Shipping" <david@pioneershipping.net>][Date Wed, 23 Aug 2006 23:38:35 -0400]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Documents\backup\Outlook Express\Sent Items.dbx/[From "Pioneer Shipping" <david@pioneershipping.net>][Date Wed, 23 Aug 2006 23:38:35 -0400]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Documents and Settings\All Users\Documents\backup\Outlook Express\Sent Items.dbx Mail MS Outlook 5: suspicious - 2 skipped
C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\cert8.db Object is locked skipped
C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\history.dat Object is locked skipped
C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\key3.db Object is locked skipped
C:\Documents and Settings\Ashley Jiang\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\parent.lock Object is locked skipped
C:\Documents and Settings\Ashley Jiang\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Ashley Jiang\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped
C:\Documents and Settings\Ashley Jiang\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Ashley Jiang\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Ashley Jiang\Local Settings\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Ashley Jiang\Local Settings\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Ashley Jiang\Local Settings\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Ashley Jiang\Local Settings\Application Data\Mozilla\Firefox\Profiles\bd8bqxp3.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Ashley Jiang\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ashley Jiang\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Ashley Jiang\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Ashley Jiang\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\Sygate\SPF\debug.log Object is locked skipped
C:\Program Files\Sygate\SPF\rawlog.log Object is locked skipped
C:\Program Files\Sygate\SPF\seclog.log Object is locked skipped
C:\Program Files\Sygate\SPF\syslog.log Object is locked skipped
C:\Program Files\Sygate\SPF\tralog.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP136\A0017895.exe/data0002 Infected: not-a-virus:AdWare.Win32.Trustin.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP136\A0017895.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP138\A0018325.exe/data0002 Infected: not-a-virus:AdWare.Win32.Trustin.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP138\A0018325.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP139\A0019365.exe/data0002 Infected: not-a-virus:AdWare.Win32.Trustin.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP139\A0019365.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP142\A0020432.exe/data0002 Infected: not-a-virus:AdWare.Win32.Trustin.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP142\A0020432.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP143\A0021554.exe/data0002 Infected: not-a-virus:AdWare.Win32.Trustin.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP143\A0021554.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP163\A0028978.msi/data.cab/LMIinit.dll Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP163\A0028978.msi/data.cab/ramaint.exe Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP163\A0028978.msi/data.cab Infected: not-a-virus:RemoteAdmin.Win32.RemotelyAnywhere.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP163\A0028978.msi Embedded: infected - 3 skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033433.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033434.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033435.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033437.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033438.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033439.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033440.exe Infected: Trojan-Proxy.Win32.Horst.ep skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033441.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033442.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033443.exe Infected: Trojan-Proxy.Win32.Horst.ep skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033444.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033445.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033446.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033447.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033448.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033449.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033450.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033451.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033452.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033453.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033454.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033455.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033457.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033458.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033459.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033461.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033462.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033463.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033464.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033465.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033467.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033468.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033469.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033470.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033471.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033472.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033473.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033474.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033475.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033476.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033477.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033478.exe Infected: Trojan-Proxy.Win32.Horst.ep skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033479.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033481.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033482.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033484.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033485.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033486.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033487.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033488.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033489.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033490.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033492.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033493.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033495.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033496.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033497.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033498.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033499.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033500.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033501.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033502.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033503.exe Infected: Trojan-Proxy.Win32.Horst.ep skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033504.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033505.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033506.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033507.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033509.exe Infected: Trojan-Proxy.Win32.Horst.ep skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033511.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033512.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033513.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033514.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033515.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033516.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033518.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033519.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033520.exe Infected: Trojan-Proxy.Win32.Horst.ep skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033521.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033523.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033524.exe Infected: Trojan-Proxy.Win32.Horst.ep skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033525.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033526.exe Infected: Trojan-Proxy.Win32.Horst.ep skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033527.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033528.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033529.exe Infected: Trojan-Proxy.Win32.Horst.ep skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033530.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033531.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033532.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033533.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033534.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033536.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033537.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033538.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033539.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033541.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033543.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033544.exe Infected: Trojan-Proxy.Win32.Horst.ep skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033545.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033546.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033547.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033548.exe Infected: Trojan-Proxy.Win32.Horst.ep skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033550.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033551.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033552.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033553.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033554.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033555.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033556.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033557.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033558.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.aco skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033558.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033558.exe CryptFF: infected - 1 skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033559.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033560.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033561.exe Infected: Trojan-Proxy.Win32.Horst.ep skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033562.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033563.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033564.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033565.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033566.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033567.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033568.dll Infected: Trojan-Downloader.Win32.Small.ddp skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033569.exe Infected: Trojan-Proxy.Win32.Horst.ep skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033570.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033572.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033573.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033574.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033575.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033576.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033577.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033578.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033579.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033581.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033583.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033584.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033585.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033588.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033589.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033591.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033593.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033594.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033595.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033596.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033597.exe Infected: Trojan-Proxy.Win32.Horst.ep skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033598.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033599.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033600.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033601.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033602.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033603.exe Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033604.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033605.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033606.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033607.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033608.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033609.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033610.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033611.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033613.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033614.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033615.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033616.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033617.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033620.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033621.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033623.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033625.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033626.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033627.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033628.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033629.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033630.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033631.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033632.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033633.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033634.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033635.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033636.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033637.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033638.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033639.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033640.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033641.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033642.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033643.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033645.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033646.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033647.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033649.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033651.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033652.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033653.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033654.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033656.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033657.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033658.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033659.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033660.exe Infected: Trojan-Proxy.Win32.Horst.ep skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033661.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033662.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033663.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033664.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033665.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033666.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033668.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033669.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033670.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033671.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033672.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033673.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033675.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033676.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033677.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033678.exe Infected: Trojan-Proxy.Win32.Horst.ep skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033679.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033680.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033681.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033682.exe Infected: Trojan-Proxy.Win32.Horst.ep skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033683.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033684.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033685.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033688.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033689.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033690.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033691.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033692.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033693.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033694.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033695.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033696.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033697.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033698.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033699.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033700.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033701.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033702.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033703.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033704.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033705.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033707.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033709.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033711.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033712.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033714.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033715.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033716.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033717.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033718.exe Infected: Trojan-Proxy.Win32.Horst.ep skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033719.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033720.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033721.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033722.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033723.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033724.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033725.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033726.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033728.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033729.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033730.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033731.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033733.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033734.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033735.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033736.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033737.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033738.exe Infected: Trojan-Downloader.Win32.Adload.ef skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033739.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033741.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033742.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033743.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033746.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033747.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033748.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033749.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033752.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033753.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033754.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033755.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033756.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033757.exe Infected: Trojan-Proxy.Win32.Horst.ep skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033758.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033759.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033760.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033761.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033762.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033764.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033765.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033766.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033767.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033768.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033770.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033771.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033772.exe Infected: Trojan-Proxy.Win32.Horst.ep skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033773.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033774.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033775.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033776.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033777.exe Infected: Trojan-Proxy.Win32.Horst.ep skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033778.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033779.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033780.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033781.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033782.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033783.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033784.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033785.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033786.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033787.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033789.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033790.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033791.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033792.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033793.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033794.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033795.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033796.exe Infected: Trojan-Proxy.Win32.Horst.ep skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033797.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033798.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033799.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033800.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033801.exe Infected: Trojan-Downloader.Win32.Horst.b skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033802.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033803.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033805.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033806.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033807.exe Infected: Trojan-Proxy.Win32.Horst.ev skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033808.exe Infected: Trojan-Downloader.Win32.Horst.a skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033809.exe Infected: Trojan.Win32.Spabot.ad skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF5414DC8}\RP200\A0033810.exe Infected: Trojan-Downloader.Win32.Agent.ajd skipped
C:\System Volume Information\_restore{BD373192-588A-48A3-9EFD-499FF

Edited by teenslayer, 03 November 2006 - 07:45 PM.


#15 teenslayer

teenslayer
  • Topic Starter

  • Members
  • 78 posts
  • OFFLINE
  •  
  • Local time:09:57 PM

Posted 03 November 2006 - 07:48 PM

its really long.. dat's not the whole din.. let me repost




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users