Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

50 Popups At Once, Please Help!


  • This topic is locked This topic is locked
27 replies to this topic

#1 Illuminous One

Illuminous One

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 09 July 2007 - 12:07 PM

I am getting more popups than I ever thought imaginable. Thing about it is though that I am getting them after reconnecting my PC from being in storage almost a year. Its insane the types I am getting, from porn popups to spyware advertisements. I have run AVG and SpyBot, and still cannot get rid of them. I also ran TrendMicro's Housecall, and after the scan is finished, my browser shuts down, so I have no chance to attempt to fix the selected problems. PLEASE help me, I am getting ready to go back to school and I cant even use my computer properly. Any help is greatly appreciated.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:55:10 PM, on 7/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismon.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\issearch.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Program Files\Common Files\{F094C689-0640-1033-1225-030504130001}\Update.exe
C:\DOCUME~1\CLEMSH~1\APPLIC~1\CURITY~1\OOLSV~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\YSTEM3~1\chkntfs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\clemshadynlady\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\clemshadynlady\Application Data\Microsoft\Windows\vdnrat.exe
C:\DOCUME~1\CLEMSH~1\LOCALS~1\Temp\FlashPlayerUpdate.exe
C:\DOCUME~1\CLEMSH~1\LOCALS~1\Temp\nsm6.tmp\ns7.tmp
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {09D7B185-703E-70E6-1588-25275A8EEECC} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {86F1C9DB-0B6E-53EF-1473-5FF077BA6C94} - (no file)
R3 - URLSearchHook: (no name) - {87CBA730-3AD3-6E02-A4DF-651349A93F90} - C:\WINDOWS\system32\canaf.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ukapr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ffhtcht.exe
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\SafetyBar.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{F094C689-0640-1033-1225-030504130001}] "C:\Program Files\Common Files\{F094C689-0640-1033-1225-030504130001}\Update.exe" mc-110-12-0000272
O4 - HKCU\..\Run: [Eeyzhi] C:\DOCUME~1\CLEMSH~1\APPLIC~1\CURITY~1\OOLSV~1.EXE
O4 - HKCU\..\Run: [wiio] C:\PROGRA~1\COMMON~1\wiio\wiiom.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Iitt] "C:\PROGRA~1\YSTEM3~1\chkntfs.exe" -vt yazb
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\clemshadynlady\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\clemshadynlady\Application Data\Microsoft\Windows\vdnrat.exe
O4 - HKLM\..\Policies\Explorer\Run: [ishost.exe] ishost.exe
O4 - HKLM\..\Policies\Explorer\Run: [kernel32.dll] C:\WINDOWS\system32\isnotify.exe
O4 - HKLM\..\Policies\Explorer\Run: [issearch.exe] issearch.exe
O4 - HKCU\..\Policies\Explorer\Run: [{F094C689-0640-1033-1225-030504130001}] "C:\Program Files\Common Files\{F094C689-0640-1033-1225-030504130001}\Update.exe" mc-110-12-0000272
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...US_ZJxdm035YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\nslookup.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 8808 bytes

BC AdBot (Login to Remove)

 


m

#2 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:09:41 AM

Posted 09 July 2007 - 12:09 PM

Hello Illuminous One,

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Download SDFix and save it to your desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(this is the drive that contains the Windows Directory, typically C:\SDFix). DO NOT use it just yet.

Reboot your computer in SAFE MODE" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup [but before the Windows icon appears] press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Open the SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services or Registry Entries found then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts, the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt.
  • Finally copy and paste the contents of the results file Report.txt in your next reply along with a new HijackThis log.

Posted Image

#3 Illuminous One

Illuminous One
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 09 July 2007 - 01:41 PM

Here is the report...


SDFix: Version 1.90

Run by Administrator on Mon 07/09/2007 at 01:20 PM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
COM+ Messages
core

ImagePath:
"C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272
system32\drivers\core.sys

COM+ Messages - Deleted
core - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

Trojan Files Found:

C:\WINDOWS\temp\idd20C4.tmp.exe - Deleted
C:\WINDOWS\temp\idd20C7.tmp.exe - Deleted
C:\WINDOWS\temp\idd20F1.tmp.exe - Deleted
C:\WINDOWS\temp\idd22F9.tmp.exe - Deleted
C:\WINDOWS\temp\idd2325.tmp.exe - Deleted
C:\WINDOWS\temp\idd2355.tmp.exe - Deleted
C:\WINDOWS\temp\idd238A.tmp.exe - Deleted
C:\WINDOWS\temp\idd23B0.tmp.exe - Deleted
C:\WINDOWS\temp\idd241E.tmp.exe - Deleted
C:\WINDOWS\temp\idd2427.tmp.exe - Deleted
C:\WINDOWS\temp\idd243A.tmp.exe - Deleted
C:\WINDOWS\temp\idd2441.tmp.exe - Deleted
C:\WINDOWS\temp\idd246B.tmp.exe - Deleted
C:\WINDOWS\temp\idd24AD.tmp.exe - Deleted
C:\WINDOWS\temp\idd24F5.tmp.exe - Deleted
C:\WINDOWS\temp\idd2505.tmp.exe - Deleted
C:\WINDOWS\temp\idd2539.tmp.exe - Deleted
C:\WINDOWS\temp\idd2561.tmp.exe - Deleted
C:\WINDOWS\temp\idd2580.tmp.exe - Deleted
C:\WINDOWS\temp\idd25C2.tmp.exe - Deleted
C:\WINDOWS\temp\idd2601.tmp.exe - Deleted
C:\WINDOWS\temp\idd262B.tmp.exe - Deleted
C:\WINDOWS\temp\idd265C.tmp.exe - Deleted
C:\WINDOWS\temp\idd2698.tmp.exe - Deleted
C:\WINDOWS\temp\idd26C5.tmp.exe - Deleted
C:\WINDOWS\temp\idd26EF.tmp.exe - Deleted
C:\WINDOWS\temp\idd271C.tmp.exe - Deleted
C:\WINDOWS\temp\idd27D6.tmp.exe - Deleted
C:\WINDOWS\temp\idd27EB.tmp.exe - Deleted
C:\WINDOWS\temp\idd2814.tmp.exe - Deleted
C:\WINDOWS\temp\idd281B.tmp.exe - Deleted
C:\WINDOWS\temp\idd2846.tmp.exe - Deleted
C:\WINDOWS\temp\idd2873.tmp.exe - Deleted
C:\WINDOWS\temp\idd2878.tmp.exe - Deleted
C:\WINDOWS\temp\idd2898.tmp.exe - Deleted
C:\WINDOWS\temp\idd289E.tmp.exe - Deleted
C:\WINDOWS\temp\idd28C1.tmp.exe - Deleted
C:\WINDOWS\temp\idd28CB.tmp.exe - Deleted
C:\WINDOWS\temp\idd28DE.tmp.exe - Deleted
C:\WINDOWS\temp\idd28F6.tmp.exe - Deleted
C:\WINDOWS\temp\idd2923.tmp.exe - Deleted
C:\WINDOWS\temp\idd292C.tmp.exe - Deleted
C:\WINDOWS\temp\idd293C.tmp.exe - Deleted
C:\WINDOWS\temp\idd294D.tmp.exe - Deleted
C:\WINDOWS\temp\idd295C.tmp.exe - Deleted
C:\WINDOWS\temp\idd297D.tmp.exe - Deleted
C:\WINDOWS\temp\idd29A7.tmp.exe - Deleted
C:\WINDOWS\temp\idd29BC.tmp.exe - Deleted
C:\WINDOWS\temp\idd29BE.tmp.exe - Deleted
C:\WINDOWS\temp\idd29BF.tmp.exe - Deleted
C:\WINDOWS\temp\idd29C2.tmp.exe - Deleted
C:\WINDOWS\temp\idd29CD.tmp.exe - Deleted
C:\WINDOWS\temp\idd29EB.tmp.exe - Deleted
C:\WINDOWS\temp\idd2A03.tmp.exe - Deleted
C:\WINDOWS\temp\idd2A07.tmp.exe - Deleted
C:\WINDOWS\temp\idd2A15.tmp.exe - Deleted
C:\WINDOWS\temp\idd2A42.tmp.exe - Deleted
C:\WINDOWS\temp\idd2A43.tmp.exe - Deleted
C:\WINDOWS\temp\idd2A5B.tmp.exe - Deleted
C:\WINDOWS\temp\idd2A65.tmp.exe - Deleted
C:\WINDOWS\temp\idd2A7F.tmp.exe - Deleted
C:\WINDOWS\temp\idd2A8D.tmp.exe - Deleted
C:\WINDOWS\temp\idd2ABE.tmp.exe - Deleted
C:\WINDOWS\temp\idd2AF5.tmp.exe - Deleted
C:\WINDOWS\temp\idd2B02.tmp.exe - Deleted
C:\WINDOWS\temp\idd2B4A.tmp.exe - Deleted
C:\WINDOWS\temp\idd2B63.tmp.exe - Deleted
C:\WINDOWS\temp\idd2B8D.tmp.exe - Deleted
C:\WINDOWS\temp\idd2BC6.tmp.exe - Deleted
C:\WINDOWS\temp\idd2BD7.tmp.exe - Deleted
C:\WINDOWS\temp\idd2C1A.tmp.exe - Deleted
C:\WINDOWS\temp\idd2C33.tmp.exe - Deleted
C:\WINDOWS\temp\idd2C62.tmp.exe - Deleted
C:\WINDOWS\temp\idd2C95.tmp.exe - Deleted
C:\WINDOWS\temp\idd2CA7.tmp.exe - Deleted
C:\WINDOWS\temp\idd2CCA.tmp.exe - Deleted
C:\WINDOWS\temp\idd2CCD.tmp.exe - Deleted
C:\WINDOWS\temp\idd2CEF.tmp.exe - Deleted
C:\WINDOWS\temp\idd2D02.tmp.exe - Deleted
C:\WINDOWS\temp\idd2D32.tmp.exe - Deleted
C:\WINDOWS\temp\idd2D35.tmp.exe - Deleted
C:\WINDOWS\temp\idd2D65.tmp.exe - Deleted
C:\WINDOWS\temp\idd2D7A.tmp.exe - Deleted
C:\WINDOWS\temp\idd2DBF.tmp.exe - Deleted
C:\WINDOWS\temp\idd2DD2.tmp.exe - Deleted
C:\WINDOWS\temp\idd2E07.tmp.exe - Deleted
C:\WINDOWS\temp\idd2E35.tmp.exe - Deleted
C:\WINDOWS\temp\idd2E37.tmp.exe - Deleted
C:\WINDOWS\temp\idd2E4C.tmp.exe - Deleted
C:\WINDOWS\temp\idd2E6B.tmp.exe - Deleted
C:\WINDOWS\temp\idd2E94.tmp.exe - Deleted
C:\WINDOWS\temp\idd2EA3.tmp.exe - Deleted
C:\WINDOWS\temp\idd2ED6.tmp.exe - Deleted
C:\WINDOWS\temp\idd2F08.tmp.exe - Deleted
C:\WINDOWS\temp\idd2F1E.tmp.exe - Deleted
C:\WINDOWS\temp\idd2F63.tmp.exe - Deleted
C:\WINDOWS\temp\idd2F76.tmp.exe - Deleted
C:\WINDOWS\temp\idd2FAB.tmp.exe - Deleted
C:\WINDOWS\temp\idd2FD9.tmp.exe - Deleted
C:\WINDOWS\temp\idd2FEE.tmp.exe - Deleted
C:\WINDOWS\temp\idd3038.tmp.exe - Deleted
C:\WINDOWS\temp\idd3047.tmp.exe - Deleted
C:\WINDOWS\temp\idd307B.tmp.exe - Deleted
C:\WINDOWS\temp\idd308E.tmp.exe - Deleted
C:\WINDOWS\temp\idd30A3.tmp.exe - Deleted
C:\WINDOWS\temp\idd30BC.tmp.exe - Deleted
C:\WINDOWS\temp\idd30C0.tmp.exe - Deleted
C:\WINDOWS\temp\idd30E0.tmp.exe - Deleted
C:\WINDOWS\temp\idd30E9.tmp.exe - Deleted
C:\WINDOWS\temp\idd30FB.tmp.exe - Deleted
C:\WINDOWS\temp\idd3116.tmp.exe - Deleted
C:\WINDOWS\temp\idd3119.tmp.exe - Deleted
C:\WINDOWS\temp\idd3138.tmp.exe - Deleted
C:\WINDOWS\temp\idd3143.tmp.exe - Deleted
C:\WINDOWS\temp\idd3156.tmp.exe - Deleted
C:\WINDOWS\temp\idd3171.tmp.exe - Deleted
C:\WINDOWS\temp\idd3173.tmp.exe - Deleted
C:\WINDOWS\temp\idd3193.tmp.exe - Deleted
C:\WINDOWS\temp\idd319E.tmp.exe - Deleted
C:\WINDOWS\temp\idd31AE.tmp.exe - Deleted
C:\WINDOWS\temp\idd31CB.tmp.exe - Deleted
C:\WINDOWS\temp\idd31CC.tmp.exe - Deleted
C:\WINDOWS\temp\idd31EB.tmp.exe - Deleted
C:\WINDOWS\temp\idd31F7.tmp.exe - Deleted
C:\WINDOWS\temp\idd3209.tmp.exe - Deleted
C:\WINDOWS\temp\idd3224.tmp.exe - Deleted
C:\WINDOWS\temp\idd3225.tmp.exe - Deleted
C:\WINDOWS\temp\idd3241.tmp.exe - Deleted
C:\WINDOWS\temp\idd3246.tmp.exe - Deleted
C:\WINDOWS\temp\idd3261.tmp.exe - Deleted
C:\WINDOWS\temp\idd327F.tmp.exe - Deleted
C:\WINDOWS\temp\idd329B.tmp.exe - Deleted
C:\WINDOWS\temp\idd329E.tmp.exe - Deleted
C:\WINDOWS\temp\idd32BC.tmp.exe - Deleted
C:\WINDOWS\temp\idd32C0.tmp.exe - Deleted
C:\WINDOWS\temp\idd32C3.tmp.exe - Deleted
C:\WINDOWS\temp\idd32C5.tmp.exe - Deleted
C:\WINDOWS\temp\idd32D7.tmp.exe - Deleted
C:\WINDOWS\temp\idd32F7.tmp.exe - Deleted
C:\WINDOWS\temp\idd3314.tmp.exe - Deleted
C:\WINDOWS\temp\idd332B.tmp.exe - Deleted
C:\WINDOWS\temp\idd3332.tmp.exe - Deleted
C:\WINDOWS\temp\idd3354.tmp.exe - Deleted
C:\WINDOWS\temp\idd337D.tmp.exe - Deleted
C:\WINDOWS\temp\idd337F.tmp.exe - Deleted
C:\WINDOWS\temp\idd33C4.tmp.exe - Deleted
C:\WINDOWS\temp\idd33FC.tmp.exe - Deleted
C:\WINDOWS\temp\idd343E.tmp.exe - Deleted
C:\WINDOWS\temp\idd3461.tmp.exe - Deleted
C:\WINDOWS\temp\idd347B.tmp.exe - Deleted
C:\WINDOWS\temp\idd347D.tmp.exe - Deleted
C:\WINDOWS\temp\idd34A2.tmp.exe - Deleted
C:\WINDOWS\temp\idd34CC.tmp.exe - Deleted
C:\WINDOWS\temp\idd34DD.tmp.exe - Deleted
C:\WINDOWS\temp\idd350D.tmp.exe - Deleted
C:\WINDOWS\temp\idd350E.tmp.exe - Deleted
C:\WINDOWS\temp\idd3524.tmp.exe - Deleted
C:\WINDOWS\temp\idd3526.tmp.exe - Deleted
C:\WINDOWS\temp\idd3552.tmp.exe - Deleted
C:\WINDOWS\temp\idd357C.tmp.exe - Deleted
C:\WINDOWS\temp\idd3597.tmp.exe - Deleted
C:\WINDOWS\temp\idd35A9.tmp.exe - Deleted
C:\WINDOWS\temp\idd35CB.tmp.exe - Deleted
C:\WINDOWS\temp\idd35D4.tmp.exe - Deleted
C:\WINDOWS\temp\idd35EC.tmp.exe - Deleted
C:\WINDOWS\temp\idd3601.tmp.exe - Deleted
C:\WINDOWS\temp\idd361E.tmp.exe - Deleted
C:\WINDOWS\temp\idd362D.tmp.exe - Deleted
C:\WINDOWS\temp\idd3639.tmp.exe - Deleted
C:\WINDOWS\temp\idd365A.tmp.exe - Deleted
C:\WINDOWS\temp\idd3667.tmp.exe - Deleted
C:\WINDOWS\temp\idd3686.tmp.exe - Deleted
C:\WINDOWS\temp\idd368A.tmp.exe - Deleted
C:\WINDOWS\temp\idd36B4.tmp.exe - Deleted
C:\WINDOWS\temp\idd36C4.tmp.exe - Deleted
C:\WINDOWS\temp\idd36DE.tmp.exe - Deleted
C:\WINDOWS\temp\idd370B.tmp.exe - Deleted
C:\WINDOWS\temp\idd3717.tmp.exe - Deleted
C:\WINDOWS\temp\idd3738.tmp.exe - Deleted
C:\WINDOWS\temp\idd3750.tmp.exe - Deleted
C:\WINDOWS\temp\idd3767.tmp.exe - Deleted
C:\WINDOWS\temp\idd3773.tmp.exe - Deleted
C:\WINDOWS\temp\idd3791.tmp.exe - Deleted
C:\WINDOWS\temp\idd37A9.tmp.exe - Deleted
C:\WINDOWS\temp\idd37BE.tmp.exe - Deleted
C:\WINDOWS\temp\idd37CA.tmp.exe - Deleted
C:\WINDOWS\temp\idd3812.tmp.exe - Deleted
C:\WINDOWS\temp\idd381E.tmp.exe - Deleted
C:\WINDOWS\temp\idd3857.tmp.exe - Deleted
C:\WINDOWS\temp\idd3865.tmp.exe - Deleted
C:\WINDOWS\temp\idd388B.tmp.exe - Deleted
C:\WINDOWS\temp\idd38A7.tmp.exe - Deleted
C:\WINDOWS\temp\idd38AE.tmp.exe - Deleted
C:\WINDOWS\temp\idd38BD.tmp.exe - Deleted
C:\WINDOWS\temp\idd38C2.tmp.exe - Deleted
C:\WINDOWS\temp\idd38E5.tmp.exe - Deleted
C:\WINDOWS\temp\idd38EA.tmp.exe - Deleted
C:\WINDOWS\temp\idd3915.tmp.exe - Deleted
C:\WINDOWS\temp\idd3942.tmp.exe - Deleted
C:\WINDOWS\temp\idd396C.tmp.exe - Deleted
C:\WINDOWS\temp\idd396E.tmp.exe - Deleted
C:\WINDOWS\temp\idd398B.tmp.exe - Deleted
C:\WINDOWS\temp\idd399B.tmp.exe - Deleted
C:\WINDOWS\temp\idd39C5.tmp.exe - Deleted
C:\WINDOWS\temp\idd39F2.tmp.exe - Deleted
C:\WINDOWS\temp\idd3A1C.tmp.exe - Deleted
C:\WINDOWS\temp\idd3A49.tmp.exe - Deleted
C:\WINDOWS\temp\idd3A73.tmp.exe - Deleted
C:\WINDOWS\temp\idd3AA0.tmp.exe - Deleted
C:\WINDOWS\temp\idd3ABA.tmp.exe - Deleted
C:\WINDOWS\temp\idd3ACB.tmp.exe - Deleted
C:\WINDOWS\temp\idd3AF8.tmp.exe - Deleted
C:\WINDOWS\temp\idd3B22.tmp.exe - Deleted
C:\WINDOWS\temp\idd3B4F.tmp.exe - Deleted
C:\WINDOWS\temp\idd3B79.tmp.exe - Deleted
C:\WINDOWS\temp\idd3B98.tmp.exe - Deleted
C:\WINDOWS\temp\idd3B9A.tmp.exe - Deleted
C:\WINDOWS\temp\idd3C16.tmp.exe - Deleted
C:\WINDOWS\temp\idd3C65.tmp.exe - Deleted
C:\WINDOWS\temp\idd3C81.tmp.exe - Deleted
C:\WINDOWS\temp\idd3CC5.tmp.exe - Deleted
C:\WINDOWS\temp\idd3CC7.tmp.exe - Deleted
C:\WINDOWS\temp\idd9.tmp.exe - Deleted
C:\WINDOWS\temp\iddC.tmp.exe - Deleted
C:\WINDOWS\temp\win20A9.tmp.exe - Deleted
C:\WINDOWS\temp\win20C6.tmp.exe - Deleted
C:\WINDOWS\temp\win20CE.tmp.exe - Deleted
C:\WINDOWS\temp\win20ED.tmp.exe - Deleted
C:\WINDOWS\temp\win24.tmp.exe - Deleted
C:\WINDOWS\temp\win2504.tmp.exe - Deleted
C:\WINDOWS\temp\win2551.tmp.exe - Deleted
C:\WINDOWS\temp\win2560.tmp.exe - Deleted
C:\WINDOWS\temp\win2572.tmp.exe - Deleted
C:\WINDOWS\temp\win29.tmp.exe - Deleted
C:\WINDOWS\temp\win2D.tmp.exe - Deleted
C:\WINDOWS\temp\win30.tmp.exe - Deleted
C:\WINDOWS\temp\win4B9B.tmp.exe - Deleted
C:\WINDOWS\temp\win4BBD.tmp.exe - Deleted
C:\WINDOWS\temp\win61B8.tmp.exe - Deleted
C:\WINDOWS\Temp\idd20C4.tmp.exe - Deleted
C:\WINDOWS\Temp\idd20C7.tmp.exe - Deleted
C:\WINDOWS\Temp\idd20F1.tmp.exe - Deleted
C:\WINDOWS\Temp\idd22F9.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2325.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2355.tmp.exe - Deleted
C:\WINDOWS\Temp\idd238A.tmp.exe - Deleted
C:\WINDOWS\Temp\idd23B0.tmp.exe - Deleted
C:\WINDOWS\Temp\idd241E.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2427.tmp.exe - Deleted
C:\WINDOWS\Temp\idd243A.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2441.tmp.exe - Deleted
C:\WINDOWS\Temp\idd246B.tmp.exe - Deleted
C:\WINDOWS\Temp\idd24AD.tmp.exe - Deleted
C:\WINDOWS\Temp\idd24F5.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2505.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2539.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2561.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2580.tmp.exe - Deleted
C:\WINDOWS\Temp\idd25C2.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2601.tmp.exe - Deleted
C:\WINDOWS\Temp\idd262B.tmp.exe - Deleted
C:\WINDOWS\Temp\idd265C.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2698.tmp.exe - Deleted
C:\WINDOWS\Temp\idd26C5.tmp.exe - Deleted
C:\WINDOWS\Temp\idd26EF.tmp.exe - Deleted
C:\WINDOWS\Temp\idd271C.tmp.exe - Deleted
C:\WINDOWS\Temp\idd27D6.tmp.exe - Deleted
C:\WINDOWS\Temp\idd27EB.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2814.tmp.exe - Deleted
C:\WINDOWS\Temp\idd281B.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2846.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2873.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2878.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2898.tmp.exe - Deleted
C:\WINDOWS\Temp\idd289E.tmp.exe - Deleted
C:\WINDOWS\Temp\idd28C1.tmp.exe - Deleted
C:\WINDOWS\Temp\idd28CB.tmp.exe - Deleted
C:\WINDOWS\Temp\idd28DE.tmp.exe - Deleted
C:\WINDOWS\Temp\idd28F6.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2923.tmp.exe - Deleted
C:\WINDOWS\Temp\idd292C.tmp.exe - Deleted
C:\WINDOWS\Temp\idd293C.tmp.exe - Deleted
C:\WINDOWS\Temp\idd294D.tmp.exe - Deleted
C:\WINDOWS\Temp\idd295C.tmp.exe - Deleted
C:\WINDOWS\Temp\idd297D.tmp.exe - Deleted
C:\WINDOWS\Temp\idd29A7.tmp.exe - Deleted
C:\WINDOWS\Temp\idd29BC.tmp.exe - Deleted
C:\WINDOWS\Temp\idd29BE.tmp.exe - Deleted
C:\WINDOWS\Temp\idd29BF.tmp.exe - Deleted
C:\WINDOWS\Temp\idd29C2.tmp.exe - Deleted
C:\WINDOWS\Temp\idd29CD.tmp.exe - Deleted
C:\WINDOWS\Temp\idd29EB.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2A03.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2A07.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2A15.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2A42.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2A43.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2A5B.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2A65.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2A7F.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2A8D.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2ABE.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2AF5.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2B02.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2B4A.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2B63.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2B8D.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2BC6.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2BD7.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2C1A.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2C33.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2C62.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2C95.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2CA7.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2CCA.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2CCD.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2CEF.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2D02.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2D32.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2D35.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2D65.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2D7A.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2DBF.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2DD2.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2E07.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2E35.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2E37.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2E4C.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2E6B.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2E94.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2EA3.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2ED6.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2F08.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2F1E.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2F63.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2F76.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2FAB.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2FD9.tmp.exe - Deleted
C:\WINDOWS\Temp\idd2FEE.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3038.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3047.tmp.exe - Deleted
C:\WINDOWS\Temp\idd307B.tmp.exe - Deleted
C:\WINDOWS\Temp\idd308E.tmp.exe - Deleted
C:\WINDOWS\Temp\idd30A3.tmp.exe - Deleted
C:\WINDOWS\Temp\idd30BC.tmp.exe - Deleted
C:\WINDOWS\Temp\idd30C0.tmp.exe - Deleted
C:\WINDOWS\Temp\idd30E0.tmp.exe - Deleted
C:\WINDOWS\Temp\idd30E9.tmp.exe - Deleted
C:\WINDOWS\Temp\idd30FB.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3116.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3119.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3138.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3143.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3156.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3171.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3173.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3193.tmp.exe - Deleted
C:\WINDOWS\Temp\idd319E.tmp.exe - Deleted
C:\WINDOWS\Temp\idd31AE.tmp.exe - Deleted
C:\WINDOWS\Temp\idd31CB.tmp.exe - Deleted
C:\WINDOWS\Temp\idd31CC.tmp.exe - Deleted
C:\WINDOWS\Temp\idd31EB.tmp.exe - Deleted
C:\WINDOWS\Temp\idd31F7.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3209.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3224.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3225.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3241.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3246.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3261.tmp.exe - Deleted
C:\WINDOWS\Temp\idd327F.tmp.exe - Deleted
C:\WINDOWS\Temp\idd329B.tmp.exe - Deleted
C:\WINDOWS\Temp\idd329E.tmp.exe - Deleted
C:\WINDOWS\Temp\idd32BC.tmp.exe - Deleted
C:\WINDOWS\Temp\idd32C0.tmp.exe - Deleted
C:\WINDOWS\Temp\idd32C3.tmp.exe - Deleted
C:\WINDOWS\Temp\idd32C5.tmp.exe - Deleted
C:\WINDOWS\Temp\idd32D7.tmp.exe - Deleted
C:\WINDOWS\Temp\idd32F7.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3314.tmp.exe - Deleted
C:\WINDOWS\Temp\idd332B.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3332.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3354.tmp.exe - Deleted
C:\WINDOWS\Temp\idd337D.tmp.exe - Deleted
C:\WINDOWS\Temp\idd337F.tmp.exe - Deleted
C:\WINDOWS\Temp\idd33C4.tmp.exe - Deleted
C:\WINDOWS\Temp\idd33FC.tmp.exe - Deleted
C:\WINDOWS\Temp\idd343E.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3461.tmp.exe - Deleted
C:\WINDOWS\Temp\idd347B.tmp.exe - Deleted
C:\WINDOWS\Temp\idd347D.tmp.exe - Deleted
C:\WINDOWS\Temp\idd34A2.tmp.exe - Deleted
C:\WINDOWS\Temp\idd34CC.tmp.exe - Deleted
C:\WINDOWS\Temp\idd34DD.tmp.exe - Deleted
C:\WINDOWS\Temp\idd350D.tmp.exe - Deleted
C:\WINDOWS\Temp\idd350E.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3524.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3526.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3552.tmp.exe - Deleted
C:\WINDOWS\Temp\idd357C.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3597.tmp.exe - Deleted
C:\WINDOWS\Temp\idd35A9.tmp.exe - Deleted
C:\WINDOWS\Temp\idd35CB.tmp.exe - Deleted
C:\WINDOWS\Temp\idd35D4.tmp.exe - Deleted
C:\WINDOWS\Temp\idd35EC.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3601.tmp.exe - Deleted
C:\WINDOWS\Temp\idd361E.tmp.exe - Deleted
C:\WINDOWS\Temp\idd362D.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3639.tmp.exe - Deleted
C:\WINDOWS\Temp\idd365A.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3667.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3686.tmp.exe - Deleted
C:\WINDOWS\Temp\idd368A.tmp.exe - Deleted
C:\WINDOWS\Temp\idd36B4.tmp.exe - Deleted
C:\WINDOWS\Temp\idd36C4.tmp.exe - Deleted
C:\WINDOWS\Temp\idd36DE.tmp.exe - Deleted
C:\WINDOWS\Temp\idd370B.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3717.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3738.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3750.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3767.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3773.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3791.tmp.exe - Deleted
C:\WINDOWS\Temp\idd37A9.tmp.exe - Deleted
C:\WINDOWS\Temp\idd37BE.tmp.exe - Deleted
C:\WINDOWS\Temp\idd37CA.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3812.tmp.exe - Deleted
C:\WINDOWS\Temp\idd381E.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3857.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3865.tmp.exe - Deleted
C:\WINDOWS\Temp\idd388B.tmp.exe - Deleted
C:\WINDOWS\Temp\idd38A7.tmp.exe - Deleted
C:\WINDOWS\Temp\idd38AE.tmp.exe - Deleted
C:\WINDOWS\Temp\idd38BD.tmp.exe - Deleted
C:\WINDOWS\Temp\idd38C2.tmp.exe - Deleted
C:\WINDOWS\Temp\idd38E5.tmp.exe - Deleted
C:\WINDOWS\Temp\idd38EA.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3915.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3942.tmp.exe - Deleted
C:\WINDOWS\Temp\idd396C.tmp.exe - Deleted
C:\WINDOWS\Temp\idd396E.tmp.exe - Deleted
C:\WINDOWS\Temp\idd398B.tmp.exe - Deleted
C:\WINDOWS\Temp\idd399B.tmp.exe - Deleted
C:\WINDOWS\Temp\idd39C5.tmp.exe - Deleted
C:\WINDOWS\Temp\idd39F2.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3A1C.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3A49.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3A73.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3AA0.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3ABA.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3ACB.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3AF8.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3B22.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3B4F.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3B79.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3B98.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3B9A.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3C16.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3C65.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3C81.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3CC5.tmp.exe - Deleted
C:\WINDOWS\Temp\idd3CC7.tmp.exe - Deleted
C:\WINDOWS\Temp\idd9.tmp.exe - Deleted
C:\WINDOWS\Temp\iddC.tmp.exe - Deleted
C:\WINDOWS\Temp\win20A9.tmp.exe - Deleted
C:\WINDOWS\Temp\win20C6.tmp.exe - Deleted
C:\WINDOWS\Temp\win20CE.tmp.exe - Deleted
C:\WINDOWS\Temp\win20ED.tmp.exe - Deleted
C:\WINDOWS\Temp\win24.tmp.exe - Deleted
C:\WINDOWS\Temp\win2504.tmp.exe - Deleted
C:\WINDOWS\Temp\win2551.tmp.exe - Deleted
C:\WINDOWS\Temp\win2560.tmp.exe - Deleted
C:\WINDOWS\Temp\win2572.tmp.exe - Deleted
C:\WINDOWS\Temp\win29.tmp.exe - Deleted
C:\WINDOWS\Temp\win2D.tmp.exe - Deleted
C:\WINDOWS\Temp\win30.tmp.exe - Deleted
C:\WINDOWS\Temp\win4B9B.tmp.exe - Deleted
C:\WINDOWS\Temp\win4BBD.tmp.exe - Deleted
C:\WINDOWS\Temp\win61B8.tmp.exe - Deleted
C:\WINDOWS\system32\drivers\core.cache.dsk - Deleted
C:\WINDOWS\system32\drivers\core.sys - Deleted
C:\WINDOWS\system32\svchosts.exe - Deleted
C:\WINDOWS\system32\unsvchosts.lzma - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted


Folder C:\Program Files\InetGet2 - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\1125861561\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1125861561\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\America Online 9.0\\waol.exe"="C:\\Program Files\\America Online 9.0\\waol.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe:*:Enabled:AOLTsMon"
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe:*:Enabled:AOLTopSpeed"
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe:*:Enabled:AOL"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\1125861561\\ee\\AOLServiceHost.exe"="C:\\Program Files\\Common Files\\AOL\\1125861561\\ee\\AOLServiceHost.exe:*:Enabled:AOL Services"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Documents and Settings\clemshadynlady\My Documents\Tutorials\Hook.dll
C:\Documents and Settings\clemshadynlady\My Documents\Tutorials\plugins\BloodPace.dll
C:\Documents and Settings\clemshadynlady\My Documents\Tutorials\plugins\Distance.dll
C:\Documents and Settings\clemshadynlady\My Documents\Tutorials\plugins\IME.dll
C:\Documents and Settings\clemshadynlady\My Documents\Tutorials\plugins\TParty.dll
C:\Documents and Settings\clemshadynlady\My Documents\Tutorials\plugins\WinampPlugin.dll
C:\WINDOWS\system32\nnnmmli.dll
C:\WINDOWS\system32\pmkif.dll
C:\WINDOWS\system32\qomkllj.dll
C:\WINDOWS\Y2xlbXNoYWR5\asappsrv.dll
C:\Documents and Settings\clemshadynlady\Application Data\??curity\??oolsv.exe
C:\Documents and Settings\clemshadynlady\My Documents\Tutorials\dotnetfx.exe
C:\Documents and Settings\clemshadynlady\My Documents\Tutorials\Launcher.exe
C:\Program Files\America Online 9.0\AOLphx.exe
C:\Program Files\America Online 9.0\rbm.exe
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\Common Files\Adobe\ESD\DLMCleanup.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\?ystem32\chkntfs.exe
C:\WINDOWS\Y2xlbXNoYWR5\command.exe
C:\Program Files\ATI Multimedia\RemCtrl\x10prod.sys
C:\Program Files\InterActual\InterActual Player\iti14.tmp
C:\WINDOWS\system32\fikmp.tmp
C:\WINDOWS\Y2xlbXNoYWR5\sZU5vrhCsqlc.vbs

Finished

Here is the log from HijackThis...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:58 PM, on 7/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\Program Files\Common Files\{F094C689-0640-1033-1225-030504130001}\Update.exe
C:\DOCUME~1\CLEMSH~1\APPLIC~1\CURITY~1\OOLSV~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\YSTEM3~1\chkntfs.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinPop\winpop.exe
C:\Documents and Settings\clemshadynlady\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\clemshadynlady\Application Data\Microsoft\Windows\vdnrat.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {09D7B185-703E-70E6-1588-25275A8EEECC} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {86F1C9DB-0B6E-53EF-1473-5FF077BA6C94} - (no file)
R3 - URLSearchHook: (no name) - {87CBA730-3AD3-6E02-A4DF-651349A93F90} - C:\WINDOWS\system32\canaf.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ukapr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ffhtcht.exe
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\SafetyBar.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{F094C689-0640-1033-1225-030504130001}] "C:\Program Files\Common Files\{F094C689-0640-1033-1225-030504130001}\Update.exe" mc-110-12-0000272
O4 - HKCU\..\Run: [Eeyzhi] C:\DOCUME~1\CLEMSH~1\APPLIC~1\CURITY~1\OOLSV~1.EXE
O4 - HKCU\..\Run: [wiio] C:\PROGRA~1\COMMON~1\wiio\wiiom.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Iitt] "C:\PROGRA~1\YSTEM3~1\chkntfs.exe" -vt yazb
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinPop] C:\Program Files\WinPop\winpop.exe
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\clemshadynlady\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\clemshadynlady\Application Data\Microsoft\Windows\vdnrat.exe
O4 - HKCU\..\Policies\Explorer\Run: [{F094C689-0640-1033-1225-030504130001}] "C:\Program Files\Common Files\{F094C689-0640-1033-1225-030504130001}\Update.exe" mc-110-12-0000272
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...US_ZJxdm035YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\nslookup.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 8275 bytes

#4 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:09:41 AM

Posted 09 July 2007 - 01:55 PM

Please download Combofix to your desktop.
Doubleclick combo.exe to launch the application.
Follow the prompts that will be displayed on the screen.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog.
Posted Image

#5 Illuminous One

Illuminous One
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 09 July 2007 - 02:18 PM

"clemshadynlady" - 2007-07-09 14:58:22 - ComboFix 07-07-09.3 - Service Pack 2


(((((((((((((((((((((((((((((((((((((((( Qoologic's Log ))))))))))))))))))))))))))))))))))))))))))))))))))


No infected Qoologic files found. Reg entries were fixed

(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\nnnmmli.dll
C:\WINDOWS\system32\qomkllj.dll
C:\WINDOWS\system32\mljkhgh.dll
C:\WINDOWS\system32\winbws32.dll
C:\WINDOWS\system32\fikmp.bak1
C:\WINDOWS\system32\fikmp.bak2
C:\WINDOWS\system32\fikmp.ini
C:\WINDOWS\system32\fikmp.ini2
C:\WINDOWS\system32\fikmp.tmp
C:\WINDOWS\system32\fikmp.bak1
C:\WINDOWS\system32\fikmp.bak2
C:\WINDOWS\system32\fikmp.ini
C:\WINDOWS\system32\fikmp.ini2
C:\WINDOWS\system32\fikmp.tmp
C:\WINDOWS\system32\pmkif.dll
C:\WINDOWS\system32\yayywvv.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\DOCUME~1\CLEMSH~1\APPLIC~1.\appatc~1
C:\DOCUME~1\CLEMSH~1\APPLIC~1.\curity~1
C:\DOCUME~1\CLEMSH~1\APPLIC~1.\curity~1\??oolsv.exe
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\domains.txt
C:\DOCUME~1\LOCALS~1\APPLIC~1\NetMon\log.txt
C:\Program Files\Common Files\{F094C~1
C:\Program Files\Common Files\{F094C~1\system.dll
C:\Program Files\Common Files\{F094C~1\Update.exe
C:\Program Files\Common Files\icroso~1
C:\Program Files\Common Files\icroso~1.net
C:\Program Files\Common Files\Yazzle1122OinAdmin.exe
C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\Program Files\fnts~1
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\printview
C:\Program Files\printview\printhook030.dll
C:\Program Files\printview\pvmodule.exe
C:\Program Files\safety bar
C:\Program Files\safety bar\SafetyBar.dll
C:\Program Files\safety bar\Uninstall.bat
C:\Program Files\winpop
C:\Program Files\winpop\UnInstall.exe
C:\Program Files\winpop\winpop.exe
C:\Program Files\ystem3~1
C:\Program Files\ystem3~1\chkntfs.exe
C:\temp\tn3
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\dirty_dishes.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\foodtray.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\heart1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\heart2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\heart3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\menu_down.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\menu_up.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\mop_prop.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\accessories\ticket.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a3.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\cafe\cafe_music_a4.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\music\mainmenumusic.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\baby_cry.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\chef_cook1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\closing_time.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\customer_ditch.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_down.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\dialog_up.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\drink_table.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\expert.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_deliver.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\highchair_pickup.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\keystroke2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\level_lose.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\level_win.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\menu_click.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\menu_rollover.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\mop_pickup.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\mop_spill.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_bring_check_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_deliver_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dish_dropoff_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_dropoff_drinks_1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_food_ready_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_gain_heart_1.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_get_drinks_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_menu_down.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_party_arrive_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pencil_write_2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_pickup_food_1_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\sfx_seat_people_snd.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\spill.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\table_drink.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\audio\sfx\tip_2.ogg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\flo_lose.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\flo_win.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\fullscreendialog.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\high_score_menu_bg.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\levelintro.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\levelover.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\longdialog.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\mainmenu_logo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\popup.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\popup.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\textfield.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\backgrounds\upgrade_lines.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowdown_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowdown_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowdown_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowup_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowup_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\arrowup_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\checkbox_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\checkbox_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\checkbox_rotated_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\decor_highlight.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\decor_normal.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\decor_selected.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_large_3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a_small_3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\dialog_button_a3.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\left_arrow_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\left_arrow_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\left_arrow_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button1_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\main_menu_button2_mask.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\map_button_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\map_button_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\map_button_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\right_arrow_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\right_arrow_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\right_arrow_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\upgrade_down.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\upgrade_over.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\upgrade_up.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\buttons\welcome_player.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\actionpoints.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\career.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\customer.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\endless.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\global.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\config\powerups.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cook\stove.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\arrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\click.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\click2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\grab.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\cursor\open.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\dad_male\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\kid_male\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\baby.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_baby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\red_baby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\mom_female\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\anim.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\anim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\blue_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\legs.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\customers\young_female\red_legs.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\idle.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\idle.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\lower.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\lower.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\upper.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\flo\upper.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\fonts\mercurius.mvec
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\bench.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\bench.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\blue_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\chair.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\chair.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\dirt2top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\dirt4top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\dishcart.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\dishcart.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\green_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\highchair_prop_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\highchairbaby.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\luxury_bench.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\mop_station_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\mop_station_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\mop_station_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\podium.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\podium_heart.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\podium_heart.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\purple_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\radio.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\red_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\spill.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\spill.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\stereo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\ticketstation.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\ticketstation.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\furniture\yellow_highchairbaby.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\family.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help_dividerline.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help1_colormatch1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help1_colormatch2.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help1_noise.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help1_score.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_cleardishes.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_givecheck.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_pickupfood.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_servefood.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\help\help2_takeorder.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\hiscore\local-hs-bb.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\hiscore\p1icon.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_1.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_2.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_3.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_4.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_5.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\career_1_6.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\endless_1_1.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_a.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_b.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\layouts\endless_1_1_c.bin
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\playfirstlogo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\background.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\blue.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\green.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\grey.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\chairs\red.pal
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\cup1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\food\food.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_0.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\frames\2_1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\furniture\drinkstation1_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\people\cook.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\props\cup_prop1.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\2top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\tables\4top.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_0.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrade_icons\cafe_icon_2_1.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\cafe\upgrades.xml
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\restaurants\tableshadow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\careerupgrade.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\choosedifficulty.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\closeconfirm.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\entername.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\game.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\getmoregames.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\help1.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\help2.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\hiscore.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\hiscoreinfo.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\hiscoresubmit.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\levelintro.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\levelover.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\loading.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\mainloop.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\mainmenu.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\ok.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\pause.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\style.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\upgrade.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\upsell.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\scripts\yesno.lua
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\splash\aol_logo.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\splash\playfirst_logo.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\strings.xml
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\angersmoke.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\angersmoke.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\bubbles\request_bubble.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\bubbles\request_mop.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\bubbles\request_rejectmeal.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\chairflags.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\chairflags.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\check.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\checkmark.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\closed.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\coinflip.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\coinflip.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\decor_lines.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\dollar.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\expert.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\foodpoof.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\foodpoof.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\heartgrow.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\heartgrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\jar.anm
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\jar.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\lives_icon.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\noisering.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_d.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_e.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\notes\music_boost_f.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\tablenumber_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\tablenumber_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\traynumber.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\tutorialarrow.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\tutorialbox.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\ui_base.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\ui_hand.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\ui_timer_off.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\ui_timer_on.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgradeanim.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_bench_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_drink_station1_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_luxury_bench_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_oven_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_podium_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_powerbars_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_radio_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_stereo_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_a.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_b.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\ui\upgrades\icon_table_c.png
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\upsell\dd1.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\upsell\dd2.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\upsell\dd3.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\assets\upsell\dd4.jpg
C:\WINDOWS\DOWNLO~1.\DinerDash2.1.0.0.53\dinerdash2.exe
C:\WINDOWS\NDNuninstall7_22.exe
C:\WINDOWS\smante~1
C:\WINDOWS\system32\asks~1
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\components
C:\WINDOWS\system32\components\flx1.dll
C:\WINDOWS\system32\components\flx2.dll
C:\WINDOWS\system32\components\flx3.dll
C:\WINDOWS\system32\components\flx4.dll
C:\WINDOWS\system32\components\flx5.dll
C:\WINDOWS\system32\components\flx6.dll
C:\WINDOWS\system32\components\flx7.dll
C:\WINDOWS\system32\components\flx8.dll
C:\WINDOWS\system32\components\flx9.dll
C:\WINDOWS\system32\ishost.exe
C:\WINDOWS\system32\ismon.exe
C:\WINDOWS\system32\isnotify.exe
C:\WINDOWS\system32\issearch.exe
C:\WINDOWS\system32\ixt0.dll
C:\WINDOWS\system32\ixt1.dll
C:\WINDOWS\system32\ixt2.dll
C:\WINDOWS\system32\nslookup.dll
C:\WINDOWS\system32\ppatch~1
C:\WINDOWS\system32\rundll.dll
C:\WINDOWS\system32\smbols~1
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\vjjezgiv.dll
C:\WINDOWS\system32\wcpsvcc.exe
C:\WINDOWS\system32\wcpsvcc32.exe
C:\WINDOWS\system32\winnb58.dll
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\Y2xlbXNoYWR5\asappsrv.dll
C:\WINDOWS\Y2xlbXNoYWR5\command.exe


((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))


-------\LEGACY_CMDSERVICE
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
-------\Network Monitor


((((((((((((((((((((((((( Files Created from 2007-06-09 to 2007-07-09 )))))))))))))))))))))))))))))))


2007-07-09 15:12 28,672 --a------ C:\WINDOWS\system32\ukapr.exe
2007-07-09 15:12 127,488 --a------ C:\WINDOWS\system32\eajlrb.exe
2007-07-09 15:00 93,696 --a------ C:\WINDOWS\system32\drvgon.dll
2007-07-09 14:57 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-09 13:19 <DIR> d-------- C:\WINDOWS\ERUNT
2007-07-09 13:16 <DIR> d-------- C:\WINDOWS\CSC
2007-07-09 12:54 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-09 05:21 <DIR> d-------- C:\DOCUME~1\CLEMSH~1\APPLIC~1\WinTouch
2007-07-09 00:37 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-07-09 00:36 <DIR> d-------- C:\DOCUME~1\CLEMSH~1\.housecall6.6
2007-07-07 00:45 <DIR> d-------- C:\DOCUME~1\Tricia\APPLIC~1\Aim
2007-07-07 00:12 94,208 --a------ C:\WINDOWS\system32\GTW32N50.dll
2007-07-07 00:12 243,328 --a------ C:\WINDOWS\system32\rt2500.sys
2007-07-07 00:12 243,328 --a------ C:\WINDOWS\system32\drivers\RT2500.sys
2007-07-07 00:12 20,747 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2007-07-07 00:12 17,992 --a------ C:\WINDOWS\system32\drivers\bcm42rly.sys
2007-07-07 00:12 17,992 --a------ C:\WINDOWS\system32\bcm42rly.sys
2007-07-07 00:12 17,992 --a------ C:\WINDOWS\bcm42rly.sys
2007-07-07 00:12 15,872 --a------ C:\WINDOWS\system32\GTNDIS5.sys
2007-07-07 00:12 <DIR> d-------- C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2007-07-06 17:13 786,432 --ah----- C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-07-06 17:12 87,424 --a------ C:\WINDOWS\system32\drivers\irda.sys
2007-07-06 17:12 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2007-07-06 17:12 27,136 --a------ C:\WINDOWS\system32\irmon.dll
2007-07-06 17:12 19,584 --a------ C:\WINDOWS\system32\drivers\rasirda.sys
2007-07-06 17:12 18,688 --a------ C:\WINDOWS\system32\drivers\irsir.sys
2007-07-06 17:12 152,576 --a------ C:\WINDOWS\system32\irftp.exe
2007-07-05 21:09 786,432 --ah----- C:\DOCUME~1\Other\NTUSER.DAT


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-09 19:10:01 24 ----a-w C:\WINDOWS\cvpsj.dll
2007-07-07 04:12:39 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-05-01 15:35:12 146,432 ----a-w C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
2007-04-17 02:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-17 02:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-17 02:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-17 02:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-17 02:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-17 02:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-17 02:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-17 02:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2005-07-29 20:24:26 472 --sha-r C:\WINDOWS\Y2xlbXNoYWR5\sZU5vrhCsqlc.vbs


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-01-12 20:38 63128 --a------ C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{873eb32d-ae1a-4183-89bd-45a77f761be4}]
C:\WINDOWS\system32\ixt0.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{87CBA730-3AD3-6E02-A4DF-651349A93F90}]
C:\WINDOWS\system32\canaf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864A5-3916-46E2-96A9-A2E84F3F1208}]
C:\Program Files\Accoona\ASearchAssist.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E}]
C:\WINDOWS\system32\WinNB58.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a43385f0-7113-496d-96d7-b9b550e3fcca}]
C:\WINDOWS\system32\ixt2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-09-18 01:13]
"drndry"="C:\WINDOWS\system32\eajlrb.exe" [2006-08-03 16:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eeyzhi"="C:\DOCUME~1\CLEMSH~1\APPLIC~1\CURITY~1\OOLSV~1.EXE" []
"wiio"="C:\PROGRA~1\COMMON~1\wiio\wiiom.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Iitt"="C:\PROGRA~1\YSTEM3~1\chkntfs.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"WinTouch"="C:\Documents and Settings\clemshadynlady\Application Data\WinTouch\WinTouch.exe" [2007-07-09 05:22]
"SfKg6w"="C:\Documents and Settings\clemshadynlady\Application Data\Microsoft\Windows\vdnrat.exe" [2007-07-09 05:22]
"aoufs"="C:\WINDOWS\system32\eajlrb.exe" [2006-08-03 16:25]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe, C:\WINDOWS\system32\ukapr.exe"
"Userinit"="C:\WINDOWS\system32\userinit.exe,ffhtcht.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"= C:\WINDOWS\system32\nslookup.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ATI CATALYST System Tray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk
backup=C:\WINDOWS\pss\ATI CATALYST System Tray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Highlight Zone II.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Highlight Zone II.lnk
backup=C:\WINDOWS\pss\Highlight Zone II.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NaturalColorLoad.lnk
backup=C:\WINDOWS\pss\NaturalColorLoad.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^viumx.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\viumx.exe
backup=C:\WINDOWS\pss\viumx.exeCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^clemshadynlady^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\clemshadynlady\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^clemshadynlady^Start Menu^Programs^Startup^BitTorrent.lnk]
path=C:\Documents and Settings\clemshadynlady\Start Menu\Programs\Startup\BitTorrent.lnk
backup=C:\WINDOWS\pss\BitTorrent.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\324d1bb9.exe]
C:\WINDOWS\system32\324d1bb9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\54250bf2.exe]
C:\WINDOWS\system32\54250bf2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
C:\Program Files\AIM\aim.exe -cnetwait.odl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
"C:\Program Files\America Online 9.0\AOL.EXE" -b

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
"C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aoufs]
C:\WINDOWS\system32\eajlrb.exe reg_run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]
C:\Program Files\ATI Multimedia\main\ATIDtct.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]
C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector]
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drndry]
C:\WINDOWS\system32\eajlrb.exe reg_run

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eeyzhi]
C:\DOCUME~1\CLEMSH~1\APPLIC~1\CURITY~1\OOLSV~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMK08KB]
C:\Program Files\Muiltmedia keyboard utility\1.1\MMKEYBD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]
C:\Program Files\Browser Mouse\mouse32a.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
"C:\Program Files\Google\Google Talk\googletalk.exe" /autostart

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
C:\Program Files\Common Files\AOL\1125861561\ee\AOLSoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iitt]
"C:\PROGRA~1\YSTEM3~1\chkntfs.exe" -vt yax

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Meetro]
"C:\Program Files\Meetro\meetro.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\My Web Search Bar]
rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]
C:\Program Files\Plaxo\2.5.6.21\PlaxoHelper.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
"C:\Program Files\Valve\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead Photo Express Calendar Checker]
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wcmdmgr]
C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wiio]
C:\PROGRA~1\COMMON~1\wiio\wiiom.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WT GameChannel]
C:\Program Files\WildTangent\Apps\GameChannel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"x10nets"=3 (0x3)
"WANMiniportService"=2 (0x2)
"Network Monitor"=2 (0x2)
"cmdService"=2 (0x2)


**************************************************************************

catchme 0.3.915 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-09 15:12:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-09 15:14:44 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-09 15:14

--- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:16:10 PM, on 7/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\clemshadynlady\Application Data\WinTouch\WinTouch.exe
C:\Documents and Settings\clemshadynlady\Application Data\Microsoft\Windows\vdnrat.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {09D7B185-703E-70E6-1588-25275A8EEECC} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {86F1C9DB-0B6E-53EF-1473-5FF077BA6C94} - (no file)
R3 - URLSearchHook: (no name) - {87CBA730-3AD3-6E02-A4DF-651349A93F90} - C:\WINDOWS\system32\canaf.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ukapr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ffhtcht.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {87CBA730-3AD3-6E02-A4DF-651349A93F90} - C:\WINDOWS\system32\canaf.dll (file missing)
O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll (file missing)
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt2.dll (file missing)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll (file missing)
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Eeyzhi] C:\DOCUME~1\CLEMSH~1\APPLIC~1\CURITY~1\OOLSV~1.EXE
O4 - HKCU\..\Run: [wiio] C:\PROGRA~1\COMMON~1\wiio\wiiom.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Iitt] "C:\PROGRA~1\YSTEM3~1\chkntfs.exe" -vt yazb
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\clemshadynlady\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\clemshadynlady\Application Data\Microsoft\Windows\vdnrat.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...US_ZJxdm035YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\nslookup.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 8486 bytes

#6 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:09:41 AM

Posted 09 July 2007 - 02:50 PM

Hello Illuminous One,

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Please download OTMoveIt by Oldtimer and save it to your desktop.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: (no name) - <default> - (no file)
R3 - URLSearchHook: (no name) - {09D7B185-703E-70E6-1588-25275A8EEECC} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {86F1C9DB-0B6E-53EF-1473-5FF077BA6C94} - (no file)
R3 - URLSearchHook: (no name) - {87CBA730-3AD3-6E02-A4DF-651349A93F90} - C:\WINDOWS\system32\canaf.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ukapr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,ffhtcht.exe
O2 - BHO: (no name) - {873eb32d-ae1a-4183-89bd-45a77f761be4} - C:\WINDOWS\system32\ixt0.dll (file missing)
O2 - BHO: (no name) - {87CBA730-3AD3-6E02-A4DF-651349A93F90} - C:\WINDOWS\system32\canaf.dll (file missing)
O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O2 - BHO: Related Page - {9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll (file missing)
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt2.dll (file missing)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB58.dll (file missing)
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)
O4 - HKCU\..\Run: [Eeyzhi] C:\DOCUME~1\CLEMSH~1\APPLIC~1\CURITY~1\OOLSV~1.EXE
O4 - HKCU\..\Run: [wiio] C:\PROGRA~1\COMMON~1\wiio\wiiom.exe
O4 - HKCU\..\Run: [Iitt] "C:\PROGRA~1\YSTEM3~1\chkntfs.exe" -vt yazb
O4 - HKCU\..\Run: [WinTouch] C:\Documents and Settings\clemshadynlady\Application Data\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Documents and Settings\clemshadynlady\Application Data\Microsoft\Windows\vdnrat.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O20 - AppInit_DLLs: C:\WINDOWS\system32\nslookup.dll


Now close all windows other than HiJackThis, then click Fix Checked. Close HijackThis.

Firstly download: DelDomains.inf
Locate DelDomains.inf right-click and select: Install
Note: you will not see any on-screen action ...
This will remove all entries in the Trusted, Restricted,and Enhanced Security Configuration Zones.
Note once you do this, any previous restricted zone hacks (spywareblaster, ie-spyad, etc) will need to be reapplyed.[/list]
Run ATF Cleaner:Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Open notepad and copy (Ctrl C) and paste (Ctrl V) the following text in the quote:

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Highlight Zone II.lnk]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NaturalColorLoad.lnk]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^viumx.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\324d1bb9.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\54250bf2.exe]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\aoufs]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drndry]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eeyzhi]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FLMOFFICE4DMOUSE]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iitt]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wiio]

Save it to your desktop as fix133.reg and as Type "All files"
Double click on fix133.reg and allow when prompted to let it merge with the registry.

Run OTMoveIt:
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\ukapr.exe
C:\WINDOWS\system32\eajlrb.exe
C:\WINDOWS\system32\drvgon.dll
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe
C:\WINDOWS\Y2xlbXNoYWR5
C:\WINDOWS\cvpsj.dll
C:\PROGRA~1\COMMON~1\wiio\wiiom.exe
C:\PROGRA~1\YSTEM3~1\chkntfs.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\DOCUME~1\CLEMSH~1\APPLIC~1\CURITY~1\OOLSV~1.EXE
C:\WINDOWS\system32\eajlrb.exe
C:\WINDOWS\system32\54250bf2.exe
C:\WINDOWS\system32\324d1bb9.exe
C:\Documents and Settings\clemshadynlady\Application Data\WinTouch
C:\Documents and Settings\clemshadynlady\Application Data\Microsoft\Windows\vdnrat.exe
C:\WINDOWS\system32\ukapr.exe
C:\WINDOWS\system32\ffhtcht.exe
C:\DOCUME~1\CLEMSH~1\APPLIC~1\CURITY~1
C:\PROGRA~1\COMMON~1\wiio
C:\PROGRA~1\YSTEM3~1
C:\WINDOWS\system32\nslookup.dll

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)
Click the red Moveit! button.
Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.
Reboot into Normal Mode.

In your next reply please include the following:
  • A new Hijackthis log.
  • The OTMoveIt log.

Posted Image

#7 Illuminous One

Illuminous One
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 10 July 2007 - 02:58 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:37 PM, on 7/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ukapr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,ffhtcht.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [wiio] C:\PROGRA~1\COMMON~1\wiio\wiiom.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 6320 bytes


File/Folder C:\WINDOWS\system32\ukapr.exe not found.
File/Folder C:\WINDOWS\system32\eajlrb.exe not found.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\drvgon.dll
C:\WINDOWS\system32\drvgon.dll NOT unregistered.
C:\WINDOWS\system32\drvgon.dll moved successfully.
C:\Program Files\Common Files\Yazzle1162OinAdmin.exe moved successfully.
C:\WINDOWS\Y2xlbXNoYWR5 moved successfully.
File/Folder C:\WINDOWS\cvpsj.dll not found.
File/Folder C:\PROGRA~1\COMMON~1\wiio\wiiom.exe not found.
File/Folder C:\PROGRA~1\YSTEM3~1\chkntfs.exe not found.
C:\Program Files\Browser Mouse\mouse32a.exe moved successfully.
File/Folder C:\DOCUME~1\CLEMSH~1\APPLIC~1\CURITY~1\OOLSV~1.EXE not found.
File/Folder C:\WINDOWS\system32\eajlrb.exe not found.
C:\WINDOWS\system32\54250bf2.exe moved successfully.
C:\WINDOWS\system32\324d1bb9.exe moved successfully.
C:\Documents and Settings\clemshadynlady\Application Data\WinTouch moved successfully.
C:\Documents and Settings\clemshadynlady\Application Data\Microsoft\Windows\vdnrat.exe moved successfully.
File/Folder C:\WINDOWS\system32\ukapr.exe not found.
File/Folder C:\WINDOWS\system32\ffhtcht.exe not found.
File/Folder C:\DOCUME~1\CLEMSH~1\APPLIC~1\CURITY~1 not found.
C:\PROGRA~1\COMMON~1\wiio\wiiod moved successfully.
C:\PROGRA~1\COMMON~1\wiio moved successfully.
File/Folder C:\PROGRA~1\YSTEM3~1 not found.
File/Folder C:\WINDOWS\system32\nslookup.dll not found.

Created on 07/10/2007 15:55:37

#8 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:09:41 AM

Posted 10 July 2007 - 03:29 PM

Hello Illuminous One,

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

C:\WINDOWS\system32\ukapr.exe
C:\WINDOWS\SYSTEM32\Userinit.exe,ffhtcht.exe
C:\PROGRA~1\COMMON~1\wiio\wiiom.exe


Now close all windows other than HiJackThis, then click Fix Checked. Close HijackThis.

Run ATF Cleaner:Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Run OTMoveIt:
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\system32\ukapr.exe
C:\WINDOWS\SYSTEM32\ffhtcht.exe
C:\PROGRA~1\COMMON~1\wiio

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)
Click the red Moveit! button.
Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.
Reboot into Normal Mode.

In your next reply please include the following:
  • A new Hijackthis log.
  • The OTMoveIt log.

Posted Image

#9 Illuminous One

Illuminous One
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 10 July 2007 - 04:35 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:34:06 PM, on 7/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\clemshadynlady\Desktop\OTMoveIt.exe
C:\WINDOWS\system32\notepad.exe

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ukapr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,ffhtcht.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 6321 bytes




File/Folder C:\WINDOWS\system32\ukapr.exe not found.
File/Folder C:\WINDOWS\SYSTEM32\ffhtcht.exe not found.
File/Folder C:\PROGRA~1\COMMON~1\wiio not found.

Created on 07/10/2007 17:33:33

#10 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:09:41 AM

Posted 11 July 2007 - 12:24 AM

Hello Illuminous One,

Please do an online scan with Kaspersky WebScanner Please note: You MUST use Internet Explorer for this scan to work. )

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Posted Image

#11 Illuminous One

Illuminous One
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 11 July 2007 - 01:59 PM

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, July 11, 2007 2:58:50 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 11/07/2007
Kaspersky Anti-Virus database records: 338885
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 53491
Number of viruses found: 28
Number of infected objects: 553 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:02:54

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\clemshadynlady\Application Data\Mozilla\Firefox\Profiles\i37xd5xp.Default User\cert8.db Object is locked skipped
C:\Documents and Settings\clemshadynlady\Application Data\Mozilla\Firefox\Profiles\i37xd5xp.Default User\history.dat Object is locked skipped
C:\Documents and Settings\clemshadynlady\Application Data\Mozilla\Firefox\Profiles\i37xd5xp.Default User\key3.db Object is locked skipped
C:\Documents and Settings\clemshadynlady\Application Data\Mozilla\Firefox\Profiles\i37xd5xp.Default User\parent.lock Object is locked skipped
C:\Documents and Settings\clemshadynlady\Application Data\Mozilla\Firefox\Profiles\i37xd5xp.Default User\search.sqlite Object is locked skipped
C:\Documents and Settings\clemshadynlady\Application Data\Mozilla\Firefox\Profiles\i37xd5xp.Default User\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\clemshadynlady\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\clemshadynlady\Local Settings\Application Data\324d1bb9.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\Documents and Settings\clemshadynlady\Local Settings\Application Data\54250bf2.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\Documents and Settings\clemshadynlady\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\clemshadynlady\Local Settings\Application Data\AOL OCP\AIM\Storage\data\clemshady21\localStorage\common.cls Object is locked skipped
C:\Documents and Settings\clemshadynlady\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\clemshadynlady\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\clemshadynlady\Local Settings\Application Data\Mozilla\Firefox\Profiles\i37xd5xp.Default User\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\clemshadynlady\Local Settings\Application Data\Mozilla\Firefox\Profiles\i37xd5xp.Default User\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\clemshadynlady\Local Settings\Application Data\Mozilla\Firefox\Profiles\i37xd5xp.Default User\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\clemshadynlady\Local Settings\Application Data\Mozilla\Firefox\Profiles\i37xd5xp.Default User\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\clemshadynlady\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\clemshadynlady\Local Settings\History\History.IE5\MSHist012007071120070712\index.dat Object is locked skipped
C:\Documents and Settings\clemshadynlady\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\clemshadynlady\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\clemshadynlady\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc10\UnInstall.exe.vir Infected: Trojan.Win32.Small.oa skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc11\SafetyBar.dll.vir Infected: Trojan-Downloader.Win32.Zlob.akg skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc16\Yazzle1122OinAdmin.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc35\324d1bb9.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc35\54250bf2.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc35\drvgon.dll Infected: Trojan.Win32.Agent.qt skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc39\Yazzle1162OinAdmin.exe Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc5\flx1.dll.vir Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc5\flx2.dll.vir Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc5\flx3.dll.vir Infected: Trojan-Downloader.Win32.Zlob.ajs skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc5\flx4.dll.vir Infected: Trojan-Downloader.Win32.Zlob.ajs skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc5\flx5.dll.vir Infected: Trojan-Downloader.Win32.Zlob.ake skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc5\flx6.dll.vir Infected: Trojan-Downloader.Win32.Zlob.alz skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc5\flx7.dll.vir Infected: Trojan-Downloader.Win32.Zlob.alz skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc5\flx8.dll.vir Infected: Trojan-Downloader.Win32.Zlob.alz skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc5\flx9.dll.vir Infected: Trojan-Downloader.Win32.Zlob.alz skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/core.sys Infected: Rootkit.Win32.Agent.eq skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd20C4.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd20C7.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd20F1.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd22F9.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2325.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2355.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd238A.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd23B0.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd241E.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2427.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd243A.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2441.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd246B.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd24AD.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd24F5.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2505.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2539.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2561.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2580.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd25C2.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2601.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd262B.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd265C.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2698.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd26C5.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd26EF.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd271C.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd27D6.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd27EB.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2814.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd281B.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2846.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2873.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2878.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2898.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd289E.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd28C1.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd28CB.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd28DE.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd28F6.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2923.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd292C.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd293C.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd294D.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd295C.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd297D.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd29A7.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd29BC.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd29BE.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd29BF.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd29C2.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd29CD.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd29EB.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2A03.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2A07.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2A15.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2A42.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2A43.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2A5B.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2A65.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2A7F.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2A8D.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2ABE.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2AF5.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2B02.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2B4A.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2B63.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2B8D.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2BC6.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2BD7.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2C1A.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2C33.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2C62.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2C95.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2CA7.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2CCA.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2CCD.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2CEF.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2D02.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2D32.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2D35.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2D65.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2D7A.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2DBF.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2DD2.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2E07.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2E35.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2E37.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2E4C.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2E6B.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2E94.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2EA3.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2ED6.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2F08.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2F1E.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2F63.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2F76.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2FAB.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2FD9.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd2FEE.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3038.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3047.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd307B.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd308E.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd30A3.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd30BC.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd30C0.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd30E0.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd30E9.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd30FB.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3116.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3119.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3138.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3143.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3156.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3171.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3173.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3193.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd319E.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd31AE.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd31CB.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd31CC.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd31EB.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd31F7.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3209.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3224.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3225.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3241.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3246.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3261.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd327F.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd329B.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd329E.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd32BC.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd32C0.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd32C3.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd32C5.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd32D7.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd32F7.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3314.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd332B.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3332.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3354.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd337D.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd337F.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd33C4.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd33FC.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd343E.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3461.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd347B.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd347D.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd34A2.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd34CC.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd34DD.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd350D.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd350E.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3524.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3526.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3552.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd357C.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3597.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd35A9.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd35CB.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd35D4.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd35EC.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3601.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd361E.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd362D.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3639.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd365A.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3667.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3686.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd368A.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd36B4.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd36C4.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd36DE.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd370B.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3717.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3738.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3750.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3767.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3773.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3791.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd37A9.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd37BE.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd37CA.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3812.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd381E.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3857.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3865.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd388B.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd38A7.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd38AE.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd38BD.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd38C2.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd38E5.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd38EA.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3915.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3942.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd396C.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd396E.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd398B.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd399B.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd39C5.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd39F2.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3A1C.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3A49.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3A73.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3AA0.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3ABA.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3ACB.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3AF8.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3B22.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3B4F.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3B79.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3B98.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3B9A.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3C16.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3C65.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3C81.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3CC5.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd3CC7.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/idd9.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/iddC.tmp.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/svchosts.exe Infected: Trojan-Downloader.Win32.Agent.bca skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/win20A9.tmp.exe Infected: Trojan.Win32.Pakes skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/win20C6.tmp.exe Infected: Trojan.Win32.Pakes skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/win20CE.tmp.exe Infected: Trojan.Win32.Pakes skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/win20ED.tmp.exe Infected: Trojan.Win32.Pakes skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/win24.tmp.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/win2504.tmp.exe Infected: Trojan.Win32.Pakes skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/win2551.tmp.exe Infected: Trojan.Win32.Pakes skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/win2560.tmp.exe Infected: Trojan.Win32.Pakes skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/win2572.tmp.exe Infected: Trojan.Win32.Pakes skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/win29.tmp.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/win2D.tmp.exe Infected: Packed.Win32.Klone.g skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/win30.tmp.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/win30.tmp.exe Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/win4B9B.tmp.exe Infected: Trojan.Win32.Pakes skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip/backups/win4BBD.tmp.exe Infected: Trojan.Win32.Pakes skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc52\backups.zip ZIP: infected - 241 skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc6\ishost.exe.vir Infected: Trojan-Downloader.Win32.Zlob.agf skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc6\ismon.exe.vir Infected: Trojan-Downloader.Win32.Zlob.agf skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc6\isnotify.exe.vir Infected: Trojan-Downloader.Win32.Zlob.alf skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc6\issearch.exe.vir Infected: Trojan-Downloader.Win32.Zlob.ajs skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc6\ixt0.dll.vir Infected: Trojan-Downloader.Win32.Zlob.all skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc6\ixt1.dll.vir Infected: Trojan-Downloader.Win32.Zlob.ahy skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc6\ixt2.dll.vir Infected: Trojan-Downloader.Win32.Zlob.ajs skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc6\winbws32.dll.vir Infected: Packed.Win32.Klone.g skipped
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003\Dc9\chkntfs.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.ej skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP10\A0009510.exe Infected: Trojan-Downloader.Win32.Zlob.agf skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP10\A0009511.dll Infected: Trojan-Downloader.Win32.Zlob.ajs skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009549.exe Infected: Trojan-Downloader.Win32.Zlob.agf skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009550.dll Infected: Trojan-Downloader.Win32.Zlob.ajs skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009558.exe Infected: Trojan-Downloader.Win32.Zlob.agf skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009559.dll Infected: Trojan-Downloader.Win32.Zlob.ajs skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009567.exe Infected: Trojan-Downloader.Win32.Zlob.agf skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009568.dll Infected: Trojan-Downloader.Win32.Zlob.ajs skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009614.exe Infected: Trojan-Downloader.Win32.Zlob.agf skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009615.dll Infected: Trojan-Downloader.Win32.Zlob.ajs skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009721.sys Infected: Rootkit.Win32.Agent.eq skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009722.exe Infected: Trojan-Downloader.Win32.Agent.bca skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009728.sys Infected: Rootkit.Win32.Agent.eq skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009729.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009730.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009731.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009732.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009733.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009734.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009735.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009736.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009737.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009738.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009739.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009740.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009741.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009742.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009743.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009744.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009745.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009746.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009747.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009748.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009749.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009750.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009751.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009752.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009753.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009754.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009755.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009756.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009757.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009758.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009759.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009760.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009761.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009762.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009763.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009764.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009765.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009766.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009767.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009768.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009769.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009770.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009771.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009772.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009773.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009774.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009775.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009776.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009777.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009778.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009779.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009780.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009781.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009782.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009783.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009784.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009785.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009786.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009787.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009788.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009789.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009790.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009791.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009792.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009793.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009794.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009795.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009796.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009797.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009798.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009799.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009800.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009801.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009802.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009803.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009804.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009805.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009806.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009807.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009808.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009809.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009810.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009811.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009812.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009813.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009814.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009815.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009816.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009817.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009818.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009819.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009820.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009821.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009822.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009823.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009824.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009825.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009826.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009827.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009828.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009829.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009830.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009831.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009832.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009833.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009834.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009835.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009836.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009837.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009838.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009839.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009840.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009841.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009842.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009843.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009844.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009845.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009846.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009847.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009848.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009849.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009850.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009851.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009852.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009853.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009854.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009855.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009856.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009857.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009858.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009859.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009860.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009861.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009862.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009863.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009864.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009865.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009866.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009867.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009868.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009869.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009870.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009871.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009872.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009873.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009874.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009875.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009876.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009877.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009878.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009879.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009880.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009881.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009882.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009883.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009884.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009885.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009886.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009887.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009888.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009889.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009890.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009891.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009892.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009893.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009894.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009895.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009896.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009897.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009898.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009899.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009900.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009901.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009902.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009903.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009904.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009905.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009906.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009907.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009908.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009909.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009910.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009911.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009912.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009913.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009914.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009915.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009916.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009917.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009918.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009919.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009920.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009921.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009922.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009923.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009924.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009925.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009926.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009927.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009928.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009929.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009930.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009931.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009932.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009933.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009934.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009935.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009936.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009937.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009938.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009939.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009940.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009941.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009942.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009943.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009944.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009945.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009946.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009947.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009948.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009949.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009950.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009951.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009952.exe Infected: Trojan.Win32.Dialer.qy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009954.exe Infected: Trojan-Downloader.Win32.Agent.bca skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009955.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009956.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009957.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009958.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009959.exe Infected: Trojan-Downloader.Win32.Adload.jm skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009960.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009961.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009962.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009963.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009964.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009965.exe Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009966.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009966.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009967.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP11\A0009968.exe Infected: Trojan.Win32.Pakes skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP12\A0010011.exe Infected: Trojan-Downloader.Win32.PurityScan.dx skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP12\A0010012.exe Infected: Trojan-Downloader.Win32.PurityScan.eh skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP12\A0010015.dll Infected: Trojan-Downloader.Win32.Zlob.all skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP12\A0010016.dll Infected: Trojan-Downloader.Win32.Zlob.ahy skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP12\A0010017.dll Infected: Trojan-Downloader.Win32.Zlob.ajs skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP12\A0010031.dll Infected: Trojan-Downloader.Win32.Zlob.akg skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP12\A0010033.exe Infected: Trojan.Win32.Small.oa skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP12\A0010035.dll Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP12\A0010036.dll Infected: not-virus:Hoax.Win32.Renos.fh skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP12\A0010037.dll Infected: Trojan-Downloader.Win32.Zlob.ajs skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP12\A0010038.dll Infected: Trojan-Downloader.Win32.Zlob.ajs skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP12\A0010039.dll Infected: Trojan-Downloader.Win32.Zlob.ake skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP12\A0010040.dll Infected: Trojan-Downloader.Win32.Zlob.alz skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP12\A0010041.dll Infected: Trojan-Downloader.Win32.Zlob.alz skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP12\A0010042.dll Infected: Trojan-Downloader.Win32.Zlob.alz skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP12\A0010043.dll Infected: Trojan-Downloader.Win32.Zlob.alz skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP12\A0010046.exe Infected: Trojan-Downloader.Win32.Zlob.agf skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP12\A0010047.exe Infected: Trojan-Downloader.Win32.Zlob.agf skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP12\A0010048.exe Infected: Trojan-Downloader.Win32.Zlob.alf skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP12\A0010049.exe Infected: Trojan-Downloader.Win32.Zlob.ajs skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP12\A0010056.dll Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP12\A0010062.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP12\A0010063.exe Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP17\change.log Object is locked skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP9\A0009502.exe Infected: Trojan-Downloader.Win32.Zlob.agf skipped
C:\System Volume Information\_restore{9974C558-9E85-489B-904C-4BC2DFD3CCE1}\RP9\A0009503.dll Infected: Trojan-Downloader.Win32.Zlob.ajs skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\gdnUS2339.exe Infected: Trojan-Downloader.Win32.Obfuscated.n skipped
C:\WINDOWS\pss\viumx.exeCommon Startup Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{3C38BB65-194F-4734-927D-5FAEEAAA3B75}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\cool.exe Infected: Trojan.Win32.Dialer.qs skipped
C:\WINDOWS\system32\dmonwv.dll_tobedeleted Infected: Trojan-Downloader.Win32.Agent.agw skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\jxxpe.dat Infected: Trojan-Downloader.Win32.Qoologic.bj skipped
C:\WINDOWS\system32\oins.exe Infected: Trojan-Downloader.Win32.PurityScan.eb skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

#12 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:09:41 AM

Posted 11 July 2007 - 02:09 PM

Hello Illuminous One,

Run OTMoveIt:
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\Documents and Settings\clemshadynlady\Local Settings\Application Data\324d1bb9.exe
C:\Documents and Settings\clemshadynlady\Local Settings\Application Data\54250bf2.exe
C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003
C:\WINDOWS\pss\viumx.exe
C:\WINDOWS\system32\cool.exe
C:\WINDOWS\system32\dmonwv.dll_tobedeleted
C:\WINDOWS\system32\jxxpe.dat
C:\WINDOWS\system32\oins.exe
  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
(If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.)
Click the red Moveit! button.
Please "Copy" the results from the "Results" window (to the right) and then "Paste" them into your next reply on the forum.
Reboot into Normal Mode.

In your next reply please include the following:
  • A new Hijackthis log.
  • The OTMoveIt log.

Posted Image

#13 Illuminous One

Illuminous One
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 11 July 2007 - 03:07 PM

I accidentally rebooted before it gave me the old results for the OTMoveIt! program. I apologize. I reran the program after rebooting and these are the results for that procedure.

File/Folder C:\Documents and Settings\clemshadynlady\Local Settings\Application Data\324d1bb9.exe not found.
File/Folder C:\Documents and Settings\clemshadynlady\Local Settings\Application Data\54250bf2.exe not found.
File/Folder C:\RECYCLER\S-1-5-21-796845957-1682526488-839522115-1003 not found.
File/Folder C:\WINDOWS\pss\viumx.exe not found.
File/Folder C:\WINDOWS\system32\cool.exe not found.
File/Folder C:\WINDOWS\system32\dmonwv.dll_tobedeleted not found.
C:\WINDOWS\system32\jxxpe.dat moved successfully.
File/Folder C:\WINDOWS\system32\oins.exe not found.

Created on 07/11/2007 16:05:16

And here is the HiJackThis log. Thank you for all your help and patience in this matter, I realize you have spent days and hours of your time helping me, I appreciate your consideration in this matter.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:05:47 PM, on 7/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\clemshadynlady\Desktop\OTMoveIt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\ukapr.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,ffhtcht.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} (WildfireActiveXHost Class) - http://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 6471 bytes

#14 Illuminous One

Illuminous One
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:41 AM

Posted 11 July 2007 - 03:14 PM

Also, I have noticed that since I have begun all these different processes with removing the virii/spyware/malware/adware programs, I am unable to change the settings on my ATI Video Card. I attempt to open the Catalyst Control Center and I get an error 0xc0000135 The application failed to initialize properly. I honestly have no clue what we have removed that would cause this, but I have attempted to download the newest drivers, as well as the CCC, and it still gives me the same error. Also, when I boot up my pc, I am getting an error with MOM.exe failing to load properly. Im not sure as well what this program consists of, but Im definately sure its nothing that I have installed. If you have any incite into these problems, I would appreciate any help you could give me.

Bryan

#15 __RiP_ChAiN_

__RiP_ChAiN_

    Eh, whatever goes here.


  • Members
  • 1,592 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Omaha, Nebraska U.S.A
  • Local time:09:41 AM

Posted 11 July 2007 - 10:49 PM

Hello Illuminous One,

It's possible that one of the viruses removed had some kind of an effect on the ATI control center, but since you're computer is still malware infected I'd like to come back to this specific problem a little later on. As for the MOM.exe error, it's most likely a piece of malware deleted but not yet removed from the startup process so it comes up as a file missing error. We'll fix this as well.
  • Download Brute Force Uninstaller to your C:\
  • Unzip it to a folder of its own (C:\BFU). So BFU should be on your root. In most cases this is C:\
  • Download qoofix.bat (rightclick on this link and choose save as)
  • Place qoofix.bat in your C:\BFU - folder. (Important!)
  • Doubleclick qooFix.bat, Close all browsers and explorer folders.
  • Choose option 1 (Qoolfix autofix) and follow the prompts.
  • Please be patient, it will take about five minutes.
  • After the PC has restarted please post another hijackthis log.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users