Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

dday.dll/trojan.virtumonde [RESOLVED]

Started by nekropsycho , Oct 18 2007 11:55 AM

  • This topic is locked This topic is locked

#1
nekropsycho
Posted 18 October 2007 - 11:55 AM

nekropsycho

    Member

  • Member
  • PipPip
  • 18 posts
Hi, i'm not sure i'm posting in the correct section, but i'm sure you could direct me to the right one if so. My problem is simple to explain but i've had a rather difficult time finding a solution so here's my first attempt at someone walking me through it.. here's my hjt report. thank you!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:59 AM, on 10/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\Dan\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKUS\S-1-5-18\..\Run: [NAV Auto Updates] slserver.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [NAV Auto Updates] slserver.exe (User 'Default user')
O4 - S-1-5-21-1957994488-616249376-1801674531-1003 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - S-1-5-21-1957994488-616249376-1801674531-1003 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: DomainService - Unknown owner - C:\DOCUME~1\Dan\LOCALS~1\Temp\sevmmyat.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 5749 bytes
  • 0

Advertisements

#2
MoNsTeReNeRgY22
Posted 28 October 2007 - 03:04 PM

MoNsTeReNeRgY22

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,539 posts
Hello and Welcome to Geeks to Go. :)

I am MoNsTeReNeRgY22 and I will be assisting you with your malware problem today.

Sorry for the delay, we have been quite busy around here.

Step 1
I need you to rename Hijackthis because I suspect that you may have the Vundo infection that can hide some entries in your log.
  • Please go to the folder where you saved Hijackthis.exe:
    < :\Documents and Settings\Dan\Desktop\HiJackThis.exe >
  • Right-click on it, then select Rename.
  • Please rename it to energy.exe
  • Then double-click energy.exe to scan and then post the new logfile.
Step 2
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post along with a new renamed HJT log.

Edited by MoNsTeReNeRgY22, 28 October 2007 - 03:05 PM.
Fixed Typo

  • 0

#3
nekropsycho
Posted 28 October 2007 - 07:20 PM

nekropsycho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
hey monster, thanks for helping me. heres the uninstall_list.txt:

7-Zip 4.15 beta
ActivationManager
Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Premiere Pro
Adobe Stock Photos 1.0
Ahead InCD
Ahead InCD EasyWrite Reader
Ahead NeroMediaPlayer
AIM 6
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
AVG Anti-Spyware 7.5
AVS Video Tools 5.4
Cacheman 5.50
Diskeeper Professional Edition
DivX Content Uploader
DivX Web Player
Fraps
Google Earth
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB926239)
IGN Download Manager 2.2.2
InterActual Player
IsoBuster 1.9.1
iTunes
Java™ 6 Update 3
Linksys Wireless-G PCI Adapter
MAIET entertainment - Gunz
Microsoft .NET Framework 2.0
Microsoft AntiSpyware
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft MPEG-4 VKI Video Codec V1/V2/V3
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.8)
Nero - Burning Rom (Web installer)
Norton Security Scan
NVIDIA Drivers
NvMixer
Omni-Bot 0.532 STABLE
OpenOffice.org 1.1.4
Palm Desktop and Synchronization Software
PowerDVD
QuickTime
RealPlayer
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
SoulSeek Client 156c
SoulSeek Client 157 test 10
Spy Sweeper
Spybot - Search & Destroy 1.3
Spyware Doctor 5.0
SpywareBlaster v3.3
TeamSpeak 2 RC2
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884020
Windows XP Hotfix - KB885222
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885626
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB886677
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888240
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890831
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Wolfenstein - Enemy Territory
XChat 2 (remove only)
Xfire (remove only)
XviD MPEG-4 Video Codec
ZD Soft Screen Recorder
ZD Soft Screen Video Decoder
ZoneAlarm



and the new HJT log:
EDIT: i didn't rename the HJT log, should i delete original and repost it?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:18:17 PM, on 10/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Xfire\xfire.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dan\Desktop\energy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adsense Helper Object - {18FA53D3-B7A8-4309-8045-D43D6AA2DCE9} - C:\Program Files\Adsense Helper Object\aho.v5.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6ED62293-9B35-404B-A074-5F501275F3AF} - C:\WINDOWS\system32\ddayy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\ewlgucmq.dll
O3 - Toolbar: (no name) - {11A69AE4-FBED-4832-A2BF-45AF82825583} - (no file)
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKLM\..\Run: [a2e8ad8f] rundll32.exe "C:\WINDOWS\system32\rddspkco.dll",b
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [CS Update] copy /Y "C:\Program Files\ActivationManager\ActivationManager.dll.upd" "C:\Program Files\ActivationManager\ActivationManager.dll"
O4 - HKUS\S-1-5-21-1957994488-616249376-1801674531-1003\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User '?')
O4 - HKUS\S-1-5-21-1957994488-616249376-1801674531-1003\..\Run: [CS Update] copy /Y "C:\Program Files\ActivationManager\ActivationManager.dll.upd" "C:\Program Files\ActivationManager\ActivationManager.dll" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [NAV Auto Updates] slserver.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [NAV Auto Updates] slserver.exe (User 'Default user')
O4 - S-1-5-21-1957994488-616249376-1801674531-1003 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - S-1-5-21-1957994488-616249376-1801674531-1003 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O20 - Winlogon Notify: vtuvuvs - vtuvuvs.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: DomainService - Unknown owner - C:\DOCUME~1\Dan\LOCALS~1\Temp\sevmmyat.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 6861 bytes

Edited by nekropsycho, 28 October 2007 - 07:24 PM.

  • 0

#4
MoNsTeReNeRgY22
Posted 28 October 2007 - 07:41 PM

MoNsTeReNeRgY22

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,539 posts
Hello again,

You renamed HJT just right!

Download ComboFix from Here or Here to your Desktop.
  • Double click combofix.exe and follow the prompts.
  • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall
  • 0

#5
nekropsycho
Posted 28 October 2007 - 08:01 PM

nekropsycho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
awesome, heres the combofix log:

ComboFix 07-10-28.2 - Dan 2007-10-28 18:50:25.1 - NTFSx86

Running from: C:\Documents and Settings\Dan\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Dan\Favorites\Online Security Guide.lnk
C:\Program Files\Common Files\Yazzle1162OinUninstaller.exe
C:\WINDOWS\Casino.ico
C:\WINDOWS\cookies.ini
C:\WINDOWS\Free Online Dating.ico
C:\WINDOWS\Spyware Remover.ico
C:\WINDOWS\system32\cleikslu.dll
C:\WINDOWS\system32\ddayy.dll
C:\WINDOWS\system32\dfojkeop.exe
C:\WINDOWS\system32\dhgvsdaj.ini
C:\WINDOWS\system32\drivers\bg_bg.gif
C:\WINDOWS\system32\drivers\cell_bg.gif
C:\WINDOWS\system32\drivers\cell_footer.gif
C:\WINDOWS\system32\drivers\cell_header_block.gif
C:\WINDOWS\system32\drivers\cell_header_remove.gif
C:\WINDOWS\system32\drivers\cell_header_scan.gif
C:\WINDOWS\system32\drivers\close_ico.gif
C:\WINDOWS\system32\drivers\detect.htm
C:\WINDOWS\system32\drivers\download_btn.jpg
C:\WINDOWS\system32\drivers\download_now_btn.gif
C:\WINDOWS\system32\drivers\header_red_bg.gif
C:\WINDOWS\system32\drivers\header_red_free_scan.gif
C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
C:\WINDOWS\system32\drivers\rating.gif
C:\WINDOWS\system32\drivers\s_detect.htm
C:\WINDOWS\system32\drivers\screenshot.jpg
C:\WINDOWS\system32\drivers\shadow.jpg
C:\WINDOWS\system32\drivers\shadow_bg.gif
C:\WINDOWS\system32\euxttsbk.exe
C:\WINDOWS\system32\ewlgucmq.dll
C:\WINDOWS\system32\hjmuljcp.exe
C:\WINDOWS\system32\hpokkuqy.dll
C:\WINDOWS\system32\jadsvghd.dll
C:\WINDOWS\system32\jfsyaodx.exe
C:\WINDOWS\system32\jtlpkbbt.exe
C:\WINDOWS\system32\knrmaevx.dll
C:\WINDOWS\system32\krbhhlyi.exe
C:\WINDOWS\system32\lxgmrmfp.ini
C:\WINDOWS\system32\mifjckiv.exe
C:\WINDOWS\system32\nusrmgr.exe
C:\WINDOWS\system32\nvnaqfux.exe
C:\WINDOWS\system32\ockpsddr.ini
C:\WINDOWS\system32\pcyhrlof.exe
C:\WINDOWS\system32\pfmrmgxl.dll
C:\WINDOWS\system32\psyktjtv.exe
C:\WINDOWS\system32\rddspkco.dll
C:\WINDOWS\system32\rklmmolg.dll
C:\WINDOWS\system32\rktmsoyg.exe
C:\WINDOWS\system32\roauakwg.exe
C:\WINDOWS\system32\tdindvnk.exe
C:\WINDOWS\system32\txkirext.dll
C:\WINDOWS\system32\ulskielc.ini
C:\WINDOWS\system32\uvpbnxpt.exe
C:\WINDOWS\system32\wgnjhzbn.dllbox
C:\WINDOWS\system32\xdcsnjdd.exe
C:\WINDOWS\system32\xveamrnk.ini
C:\WINDOWS\system32\ylbhissc.dllbox
C:\WINDOWS\system32\ypmsnoyc.exe
C:\WINDOWS\system32\yqukkoph.ini
C:\WINDOWS\system32\yyadd.bak1
C:\WINDOWS\system32\yyadd.bak2
C:\WINDOWS\system32\yyadd.ini
C:\WINDOWS\system32\yyadd.ini2
C:\WINDOWS\system32\yyadd.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-09-28 to 2007-10-29 )))))))))))))))))))))))))))))))
.

2007-10-28 18:45 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-28 18:45 589 --a------ C:\WINDOWS\system32\yfjxxguk.dll
2007-10-27 21:40 <DIR> d-------- C:\Screen Recordings
2007-10-27 15:48 <DIR> d-------- C:\Program Files\ZD Soft
2007-10-24 20:54 <DIR> d-------- C:\Program Files\New Folder
2007-10-24 01:48 <DIR> d-------- C:\Fraps
2007-10-23 22:29 <DIR> d-------- C:\Program Files\Fraps
2007-10-23 22:03 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\Sony
2007-10-23 21:55 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\Sony Setup
2007-10-20 23:38 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-10-20 11:45 <DIR> d-------- C:\Program Files\Adsense Helper Object
2007-10-19 22:13 14,900 --a------ C:\Program Files\3269.exe
2007-10-19 22:08 20,480 --a------ C:\WINDOWS\system32\winjyg32.dll
2007-10-19 22:01 901,120 --------- C:\WINDOWS\Unnero.exe
2007-10-19 22:01 532,480 --a------ C:\WINDOWS\system32\imagx5.dll
2007-10-19 22:01 507,904 --a------ C:\WINDOWS\system32\imagr5.dll
2007-10-19 22:01 275,312 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2007-10-19 22:01 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-10-19 22:01 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-10-19 22:01 49,152 --a------ C:\WINDOWS\system32\MultiSZ.dll
2007-10-19 22:01 35,328 --a------ C:\WINDOWS\system32\picn20.dll
2007-10-17 20:25 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-10-17 20:19 <DIR> d-------- C:\Program Files\Webroot
2007-10-17 20:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-10-17 20:19 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\Webroot
2007-10-17 20:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-10-17 20:19 1,521,464 --a------ C:\WINDOWS\WRSetup.dll
2007-10-17 20:19 163,128 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-10-17 20:19 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-10-17 20:19 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-10-17 20:19 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB8.sys
2007-10-17 20:18 164 --a------ C:\install.dat
2007-10-17 20:16 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\GetRightToGo
2007-10-17 18:44 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\Grisoft
2007-10-17 18:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-17 18:44 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-10-17 15:39 <DIR> d-------- C:\VundoFix Backups
2007-10-17 15:38 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-17 15:38 382,352 --a------ C:\Program Files\jre-6u3-windows-i586-p-iftw.exe
2007-10-16 23:08 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-10-16 23:05 593,920 --a------ C:\WINDOWS\system32\ati2sgag.exe
2007-10-16 23:04 <DIR> d-------- C:\Program Files\ATI Technologies
2007-10-16 20:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-10-16 20:45 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-16 20:45 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-10-16 17:19 <DIR> d-------- C:\Program Files\Bonjour
2007-10-16 15:15 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\BitTorrent
2007-10-16 14:47 <DIR> d-------- C:\Program Files\xchat
2007-10-16 14:47 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\X-Chat 2
2007-10-16 13:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-10-16 13:30 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2007-10-09 13:27 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-05 19:49 <DIR> d-------- C:\Documents and Settings\Dan\Application Data\mIRC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-29 01:57 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-10-28 22:36 22,328 -c--a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-10-27 19:55 --------- d-----w C:\Documents and Settings\Dan\Application Data\teamspeak2
2007-10-25 02:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-10-24 21:54 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2007-10-24 07:06 --------- d-----w C:\Program Files\Common Files\AOL
2007-10-24 07:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-23 08:50 --------- d-----w C:\Program Files\ActivationManager
2007-10-23 03:51 --------- d-s---w C:\Program Files\Xfire
2007-10-21 08:24 --------- d-----w C:\Program Files\Soulseek
2007-10-21 02:56 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-10-20 20:53 --------- d-----w C:\Program Files\Norton Security Scan
2007-10-20 05:01 --------- d-----w C:\Program Files\Ahead
2007-10-18 00:18 --------- d-----w C:\Program Files\Spyware Doctor
2007-10-17 22:39 --------- d-----w C:\Program Files\Java
2007-10-17 09:12 99,840 -c--a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpHost.exe
2007-10-17 09:12 743,936 -c--a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpsvc.exe
2007-10-17 09:12 35,328 -c--a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\notiflag.exe
2007-10-17 09:12 18,944 -c----w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\hscupd.exe
2007-10-17 09:12 146,432 -c--a-w C:\WINDOWS\regedit.exe
2007-10-17 09:10 99,840 -c--a-w C:\WINDOWS\UninstallFirefox.exe
2007-10-17 09:10 69,632 -c--a-w C:\WINDOWS\uinst001.exe
2007-10-17 09:10 25,600 -c--a-w C:\WINDOWS\twunk_32.exe
2007-10-17 09:10 1,282,048 -c----w C:\WINDOWS\UNMRW.exe
2007-10-17 09:10 1,167,360 -c----w C:\WINDOWS\UNNMP.exe
2007-10-17 09:09 283,648 -c--a-w C:\WINDOWS\winhlp32.exe
2007-10-17 05:17 94,208 -c--a-w C:\WINDOWS\ScUnin.exe
2007-10-17 05:17 10,752 -c--a-w C:\WINDOWS\hh.exe
2007-10-17 05:13 15,360 -c--a-w C:\WINDOWS\TASKMAN.EXE
2007-10-17 05:04 69,120 -c--a-w C:\WINDOWS\notepad.exe
2007-10-17 05:04 32,768 -c----w C:\WINDOWS\slrundll.exe
2007-10-17 05:04 1,286,144 -c----w C:\WINDOWS\NuNinst.exe
2007-10-17 05:02 700,416 ----a-w C:\StubInstaller.exe
2007-10-17 04:16 768,512 -c--a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\helpctr.exe
2007-10-17 04:16 158,208 -c--a-w C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\msconfig.exe
2007-10-17 04:02 --------- d-----w C:\Documents and Settings\Dan\Application Data\Xfire
2007-10-17 04:00 --------- d-----w C:\Program Files\Google
2007-10-17 03:57 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-16 23:23 --------- d-----w C:\Program Files\OpenOffice.org1.1.4
2007-10-16 23:21 --------- d-----w C:\Program Files\AIM
2007-10-16 23:19 --------- d-----w C:\Program Files\QuickTime
2007-10-16 09:53 --------- d-----w C:\Program Files\Winamp
2007-09-29 05:46 47,376 ----a-w C:\WINDOWS\system32\drivers\ativvpxx.vp
2007-09-29 03:05 2,456,064 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2007-09-29 02:19 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2007-09-15 21:19 --------- d-----w C:\Program Files\Apple Software Update
2007-09-15 21:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-09-14 10:41 --------- d-----w C:\Program Files\Soulseek-Test
2007-09-13 05:52 --------- d-----w C:\Program Files\Common Files\xing shared
2007-09-13 05:52 --------- d-----w C:\Program Files\Common Files\Real
2007-09-12 02:55 --------- d-----w C:\Program Files\NuGardt Software
2007-09-11 09:30 22,328 ----a-w C:\Documents and Settings\Dan\Application Data\PnkBstrK.sys
2007-09-07 08:55 --------- d-----w C:\Program Files\Teamspeak2_RC2
2005-03-11 04:08:28 475 -csha-w C:\WINDOWS\system32\ltwjjwe.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{18FA53D3-B7A8-4309-8045-D43D6AA2DCE9}]
2007-10-20 11:45 26112 --a------ C:\Program Files\Adsense Helper Object\aho.v5.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{86A44EF7-78FC-4e18-A564-B18F806F7F56}]
2007-10-23 01:50 221184 --a------ C:\Program Files\ActivationManager\ActivationManager.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-07-12 15:35]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [2007-10-16 21:15]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2007-10-16 21:15]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-27 20:14]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-12 22:51]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2007-10-17 00:29]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-16 21:15]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2002-09-11 18:01]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-07-19 22:54]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-04-27 14:17]
"CS Update"="copy /Y C:\Program Files\ActivationManager\ActivationManager.dll.upd C:\Program Files\ActivationManager\ActivationManager.dll" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"NAV Auto Updates"=slserver.exe

C:\Documents and Settings\Dan\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-10-02 16:56:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtuvuvs]
vtuvuvs.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddayy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dan^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\Dan\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft upnp Update]
msie.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
mah.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe


.
Contents of the 'Scheduled Tasks' folder
"2007-10-22 23:24:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-10-26 22:00:00 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-10-26 02:00:00 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2007-10-22 09:00:03 C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job"
.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 18:57:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-28 18:59:58 - machine was rebooted
.
--- E O F ---


And the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:29 PM, on 10/28/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dan\Desktop\energy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adsense Helper Object - {18FA53D3-B7A8-4309-8045-D43D6AA2DCE9} - C:\Program Files\Adsense Helper Object\aho.v5.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [CS Update] copy /Y "C:\Program Files\ActivationManager\ActivationManager.dll.upd" "C:\Program Files\ActivationManager\ActivationManager.dll"
O4 - HKUS\S-1-5-21-1957994488-616249376-1801674531-1003\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User '?')
O4 - HKUS\S-1-5-21-1957994488-616249376-1801674531-1003\..\Run: [CS Update] copy /Y "C:\Program Files\ActivationManager\ActivationManager.dll.upd" "C:\Program Files\ActivationManager\ActivationManager.dll" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [NAV Auto Updates] slserver.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [NAV Auto Updates] slserver.exe (User 'Default user')
O4 - S-1-5-21-1957994488-616249376-1801674531-1003 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - S-1-5-21-1957994488-616249376-1801674531-1003 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O20 - Winlogon Notify: vtuvuvs - vtuvuvs.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 6370 bytes
  • 0

#6
MoNsTeReNeRgY22
Posted 29 October 2007 - 09:54 PM

MoNsTeReNeRgY22

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,539 posts
Hello again,

Step 1
Please re-open HijackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: Adsense Helper Object - {18FA53D3-B7A8-4309-8045-D43D6AA2DCE9} - C:\Program Files\Adsense Helper Object\aho.v5.dll
O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll
O4 - HKCU\..\Run: [CS Update] copy /Y "C:\Program Files\ActivationManager\ActivationManager.dll.upd" "C:\Program Files\ActivationManager\ActivationManager.dll"
O4 - HKUS\S-1-5-21-1957994488-616249376-1801674531-1003\..\Run: [CS Update] copy /Y "C:\Program Files\ActivationManager\ActivationManager.dll.upd" "C:\Program Files\ActivationManager\ActivationManager.dll" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [NAV Auto Updates] slserver.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [NAV Auto Updates] slserver.exe (User 'Default user')
O20 - Winlogon Notify: vtuvuvs - vtuvuvs.dll (file missing)

Now close all windows other than Hijackthis, then click Fix Checked. Close HijackThis.

Please go to Start > Control Panel > Add or Remove Programs and remove the following (if present):

Adsense Helper Object
ActivationManager

Step 2
Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\Program Files\Adsense Helper Object
    C:\Program Files\ActivationManager

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.

Step 3
Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum

Step 4
Download Deckard's System Scanner (DSS) to your Desktop.
  • Close all applications and windows.
  • Double-click on DSS.exe to run it, and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply along with the Report.txt.
Extra Note: When running DSS, some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so. Also, it may happen that your Antivirus flags DSS as suspicious. Please allow the Deckard's System Scanner to run and don't let your Antivirus delete it. (In this case, it may be better to temporary disable your Antivirus)

Edited by MoNsTeReNeRgY22, 29 October 2007 - 09:55 PM.

  • 0

#7
nekropsycho
Posted 30 October 2007 - 02:36 AM

nekropsycho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hey! so here ya go...

C:\Program Files\Adsense Helper Object moved successfully.
C:\Program Files\ActivationManager moved successfully.

Created on 10/30/2007 01:09:32

REPORT.TXT


SDFix: Version 1.112

Run by Dan on 10/30/2007 at 01:19 AM

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files:

No Trojan Files Found




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Xfire\\xfire.exe"="C:\\Program Files\\Xfire\\xfire.exe:*:Enabled:Xfire"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\et.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\et.exe:*:Enabled:et"
"C:\\Program Files\\Soulseek\\slsk.exe"="C:\\Program Files\\Soulseek\\slsk.exe:*:Enabled:SoulSeek"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------


Files with Hidden Attributes:

Thu 10 Mar 2005 475 A.SH. --- "C:\WINDOWS\system32\ltwjjwe.dll"
Wed 9 Mar 2005 106 A..H. --- "C:\WINDOWS\system32\vt.dll"
Wed 24 Oct 2007 693,481 A.SH. --- "C:\WINDOWS\system32\yibhqvbe.tmp"
Wed 2 Mar 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 2 Mar 2005 401 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv18.bak"
Thu 28 Sep 2006 72 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti2A9.tmp"
Tue 19 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 2 Mar 2005 4,348 A..H. --- "C:\Documents and Settings\Dan\My Documents\My Music\License Backup\drmv1key.bak"
Wed 16 Mar 2005 401 A..H. --- "C:\Documents and Settings\Dan\My Documents\My Music\License Backup\drmv1lic.bak"
Sat 5 Mar 2005 400 A..H. --- "C:\Documents and Settings\Dan\My Documents\My Music\License Backup\drmv2key.bak"
Wed 16 Mar 2005 1,536 A..H. --- "C:\Documents and Settings\Dan\My Documents\My Music\License Backup\drmv2lic.bak"

Finished!


MAIN.TXT

Deckard's System Scanner v20071014.68
Run by Dan on 2007-10-30 01:26:56
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Unable to create WMI object; The operation completed successfully.


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Dan.exe) -------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:27:26 AM, on 10/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dan\Desktop\dss.exe
C:\DOCUME~1\Dan\Desktop\Dan.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKUS\S-1-5-21-1957994488-616249376-1801674531-1003\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp (User '?')
O4 - S-1-5-21-1957994488-616249376-1801674531-1003 Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (User '?')
O4 - S-1-5-21-1957994488-616249376-1801674531-1003 Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe (User '?')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 5579 bytes

-- HijackThis Fixed Entries (C:\DOCUME~1\Dan\Desktop\backups\) -----------------

backup-20071018-073753-965 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20071018-073754-276 O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
backup-20071030-010738-165 O20 - Winlogon Notify: vtuvuvs - vtuvuvs.dll (file missing)
backup-20071030-010738-208 O4 - HKUS\S-1-5-21-1957994488-616249376-1801674531-1003\..\Run: [CS Update] copy /Y "C:\Program Files\ActivationManager\ActivationManager.dll.upd" "C:\Program Files\ActivationManager\ActivationManager.dll" (User '?')
backup-20071030-010738-297 O4 - HKUS\S-1-5-18\..\Run: [NAV Auto Updates] slserver.exe (User '?')
backup-20071030-010738-393 O4 - HKCU\..\Run: [CS Update] copy /Y "C:\Program Files\ActivationManager\ActivationManager.dll.upd" "C:\Program Files\ActivationManager\ActivationManager.dll"
backup-20071030-010738-496 O4 - HKUS\.DEFAULT\..\Run: [NAV Auto Updates] slserver.exe (User 'Default user')
backup-20071030-010738-667 O2 - BHO: Adsense Helper Object - {18FA53D3-B7A8-4309-8045-D43D6AA2DCE9} - C:\Program Files\Adsense Helper Object\aho.v5.dll
backup-20071030-010738-836 O2 - BHO: ActivationManager module - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

3 catchme - c:\docume~1\dan\locals~1\temp\catchme.sys (file missing)
3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
3 IKFileFlt (File Filter Driver) - system32\drivers\ikfileflt.sys (file missing)
3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
3 scrcap - c:\windows\system32\drivers\scrcap.sys <Not Verified; ZD Soft; ZD Soft Screen Capture Series>
3 XTrapD12 - c:\windows\system32\xtrapd12.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

2 Diskeeper - c:\program files\executive software\diskeeper\dkservice.exe
3 FLEXnet Licensing Service - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
2 WMP54Gv4SVC - c:\program files\linksys wireless-g pci wireless network monitor\wlservice.exe


-- Device Manager: Disabled ----------------------------------------------------

Unable to create WMI object.

-- Scheduled Tasks -------------------------------------------------------------

2007-10-29 16:24:03 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-10-29 02:00:28 1494 --a------ C:\WINDOWS\Tasks\wrSpySweeperTrialSweep.job
2007-10-26 15:00:00 410 --a----c- C:\WINDOWS\Tasks\Norton Security Scan.job
2007-10-25 19:00:00 324 --a----c- C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job


-- Files created between 2007-09-30 and 2007-10-30 -----------------------------

2007-10-30 01:18:37 0 d-------- C:\WINDOWS\ERUNT
2007-10-28 18:45:38 589 --a------ C:\WINDOWS\system32\yfjxxguk.dll
2007-10-27 21:40:13 0 d-------- C:\Screen Recordings
2007-10-27 15:48:00 0 d-------- C:\Program Files\ZD Soft
2007-10-24 20:54:52 0 d-------- C:\Program Files\New Folder
2007-10-24 01:48:17 0 d-------- C:\Fraps
2007-10-23 22:29:48 0 d-------- C:\Program Files\Fraps
2007-10-23 22:03:34 0 d-------- C:\Documents and Settings\Dan\Application Data\Sony
2007-10-23 21:55:38 0 d-------- C:\Documents and Settings\Dan\Application Data\Sony Setup
2007-10-19 22:13:06 14900 --a------ C:\Program Files\3269.exe
2007-10-19 22:08:58 20480 --a------ C:\WINDOWS\system32\winjyg32.dll
2007-10-19 22:01:26 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe <Not Verified; Ahead Software Gmbh; Ahead Software Gmbh NeroCheck>
2007-10-19 22:01:24 49152 --a------ C:\WINDOWS\system32\MultiSZ.dll <Not Verified; Ahead Software AG\r\nim Stoeckmaedle 6\r\n76307 Karlsbad, Germany\r\nFax: ++49-7248-911-888\r\ne-mail: [email protected]; MultiSZ/ACL Installation Library>
2007-10-19 22:01:22 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2007-10-19 22:01:22 35328 --a------ C:\WINDOWS\system32\picn20.dll <Not Verified; Pegasus Imaging Corp.; PEGASUS>
2007-10-19 22:01:22 532480 --a------ C:\WINDOWS\system32\imagx5.dll <Not Verified; Pegasus Software, LLC; ImagXpress>
2007-10-19 22:01:22 507904 --a------ C:\WINDOWS\system32\imagr5.dll <Not Verified; Pegasus Software,LLC; ImagXpress>
2007-10-17 20:25:14 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2007-10-17 20:19:18 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2007-10-17 20:19:10 0 d-------- C:\Program Files\Webroot
2007-10-17 20:19:10 0 d-------- C:\Documents and Settings\Dan\Application Data\Webroot
2007-10-17 20:19:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2007-10-17 20:18:32 164 --a------ C:\install.dat
2007-10-17 20:16:12 0 d-------- C:\Documents and Settings\Dan\Application Data\GetRightToGo
2007-10-17 18:44:26 0 d-------- C:\Documents and Settings\Dan\Application Data\Grisoft
2007-10-17 18:44:05 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-10-17 15:39:57 0 d-------- C:\VundoFix Backups
2007-10-17 15:38:46 0 d-------- C:\Program Files\Common Files\Java
2007-10-16 23:08:55 0 --a------ C:\WINDOWS\ativpsrm.bin
2007-10-16 23:05:04 593920 --a------ C:\WINDOWS\system32\ati2sgag.exe <Not Verified; ; ATI Smart>
2007-10-16 23:04:46 0 d-------- C:\Program Files\ATI Technologies
2007-10-16 20:58:14 0 d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-10-16 20:45:55 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-10-16 20:45:54 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-10-16 17:19:08 0 d-------- C:\Program Files\Bonjour
2007-10-16 17:04:45 4718592 --a------ C:\Documents and Settings\Dan\ntuser.dat
2007-10-16 15:15:20 0 d-------- C:\Documents and Settings\Dan\Application Data\BitTorrent
2007-10-16 14:47:43 0 d-------- C:\Documents and Settings\Dan\Application Data\X-Chat 2
2007-10-16 14:47:39 0 d-------- C:\Program Files\xchat
2007-10-16 13:40:36 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-10-16 13:30:53 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2007-10-05 19:49:34 0 d-------- C:\Documents and Settings\Dan\Application Data\mIRC


-- Find3M Report ---------------------------------------------------------------

2007-10-30 01:24:39 0 d-------- C:\Program Files\Microsoft AntiSpyware
2007-10-30 01:15:46 0 d---s---- C:\Program Files\Xfire
2007-10-29 15:28:30 0 d-------- C:\Documents and Settings\Dan\Application Data\Xfire
2007-10-29 14:33:31 0 d-------- C:\Program Files\Soulseek
2007-10-28 18:52:35 0 d-------- C:\Program Files\Common Files
2007-10-27 12:55:18 0 d-------- C:\Documents and Settings\Dan\Application Data\teamspeak2
2007-10-24 14:54:17 0 d-------- C:\Program Files\Wolfenstein - Enemy Territory
2007-10-24 00:06:50 0 d-------- C:\Program Files\Common Files\AOL
2007-10-24 00:02:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-10-20 19:56:02 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-10-20 13:53:05 0 d-------- C:\Program Files\Norton Security Scan
2007-10-19 22:01:19 0 d-------- C:\Program Files\Ahead
2007-10-17 17:18:15 0 d-------- C:\Program Files\Spyware Doctor
2007-10-17 15:39:41 0 d-------- C:\Program Files\Java
2007-10-17 09:46:44 4212 --ah---c- C:\WINDOWS\system32\zllictbl.dat
2007-10-17 02:12:53 146432 --a----c- C:\WINDOWS\regedit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-17 02:10:03 99840 --a----c- C:\WINDOWS\UninstallFirefox.exe
2007-10-17 02:10:03 69632 --a----c- C:\WINDOWS\uinst001.exe
2007-10-17 02:10:03 25600 --a----c- C:\WINDOWS\twunk_32.exe <Not Verified; Twain Working Group; Twain Thunker>
2007-10-17 02:10:00 2560 --a----c- C:\WINDOWS\_MSRSTRT.EXE
2007-10-17 02:09:56 283648 --a----c- C:\WINDOWS\winhlp32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-17 02:01:44 26112 --a------ C:\WINDOWS\system32\Ati2mdxx.exe <Not Verified; ATI Technologies, Inc.; ATI Default Resolution Update>
2007-10-16 22:17:04 94208 --a----c- C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2007-10-16 22:17:02 10752 --a----c- C:\WINDOWS\hh.exe <Not Verified; Microsoft Corporation; HTML Help>
2007-10-16 22:13:29 15360 --a----c- C:\WINDOWS\TASKMAN.EXE <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:29 21504 --a----c- C:\WINDOWS\system32\spupdwxp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:27 11776 --a----c- C:\WINDOWS\system32\spnpinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:26 12800 --a----c- C:\WINDOWS\system32\spiisupd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:26 538624 --a----c- C:\WINDOWS\system32\spider.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:25 9216 --a----c- C:\WINDOWS\system32\print.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:24 49152 --a----c- C:\WINDOWS\system32\powercfg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:23 32256 --a----c- C:\WINDOWS\system32\wupdmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:23 146432 --a----c- C:\WINDOWS\system32\WudfHost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:21 30720 --a----c- C:\WINDOWS\system32\xcopy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:21 77824 --a----c- C:\WINDOWS\system32\wmpstub.exe <Not Verified; Microsoft Corporation; Microsoft® Windows Media Player>
2007-10-16 22:13:20 114688 --a----c- C:\WINDOWS\system32\wscript.exe <Not Verified; Microsoft Corporation; Microsoft ® Windows Script Host>
2007-10-16 22:13:19 13824 --a----c- C:\WINDOWS\system32\wscntfy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:19 5632 --a----c- C:\WINDOWS\system32\write.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:18 32256 --a----c- C:\WINDOWS\system32\wpnpinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:18 17408 --a----c- C:\WINDOWS\system32\wpdshextautoplay.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:17 32256 --a----c- C:\WINDOWS\system32\wpabaln.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:17 14848 --a----c- C:\WINDOWS\system32\shadow.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:16 9728 --a----c- C:\WINDOWS\system32\sfc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:15 23040 --a----c- C:\WINDOWS\system32\setup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:14 31232 --a----c- C:\WINDOWS\system32\sethc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:10 15872 --a----c- C:\WINDOWS\system32\expand.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:09 8704 --a----c- C:\WINDOWS\system32\eventvwr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:09 77824 --a----c- C:\WINDOWS\system32\eventtriggers.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:08 50176 --a----c- C:\WINDOWS\system32\eventcreate.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:08 193024 --a----c- C:\WINDOWS\system32\eudcedit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:07 5632 --a----c- C:\WINDOWS\system32\winver.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:07 8192 --a----c- C:\WINDOWS\system32\winhlp32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:07 39424 --a----c- C:\WINDOWS\system32\esentutl.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:04 8192 --a----c- C:\WINDOWS\system32\spdwnwxp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:03 98304 --a----c- C:\WINDOWS\system32\verifier.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:03 28672 --a----c- C:\WINDOWS\system32\verclsid.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:02 8704 --a----c- C:\WINDOWS\system32\uwdf.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:02 50176 --a----c- C:\WINDOWS\system32\utilman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:02 14336 --a----c- C:\WINDOWS\system32\auditusr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:01 11264 --a----c- C:\WINDOWS\system32\attrib.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:01 11264 --a----c- C:\WINDOWS\system32\atmadm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:13:00 111104 --a----c- C:\WINDOWS\system32\netdde.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:59 124928 --a----c- C:\WINDOWS\system32\net1.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:59 42496 --a----c- C:\WINDOWS\system32\net.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:58 4096 --a----c- C:\WINDOWS\system32\nddeapir.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:58 123392 --a----c- C:\WINDOWS\system32\mplay32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:57 8192 --a----c- C:\WINDOWS\system32\mountvol.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:56 126976 --a----c- C:\WINDOWS\system32\mshearts.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:56 143360 --a----c- C:\WINDOWS\system32\mobsync.exe <Not Verified; Microsoft Corporation; Microsoft Synchronization Manager>
2007-10-16 22:12:55 20992 --a----c- C:\WINDOWS\system32\msg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:54 126464 --a----c- C:\WINDOWS\system32\nwscript.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:53 21504 --a----c- C:\WINDOWS\system32\rcp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:53 35840 --a----c- C:\WINDOWS\system32\rcimlby.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:52 56832 --a----c- C:\WINDOWS\system32\rasphone.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:51 11264 --a----c- C:\WINDOWS\system32\rasdial.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:49 433664 --a----c- C:\WINDOWS\system32\wiaacmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:48 15360 --a----c- C:\WINDOWS\system32\ctfmon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:48 98304 --a----c- C:\WINDOWS\system32\cscript.exe <Not Verified; Microsoft Corporation; Microsoft ® Windows Script Host>
2007-10-16 22:12:40 114688 --a----c- C:\WINDOWS\system32\calc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:39 18432 --a----c- C:\WINDOWS\system32\cacls.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:37 9728 --a----c- C:\WINDOWS\system32\label.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:36 36352 --a----c- C:\WINDOWS\system32\typeperf.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:35 69632 --a------ C:\WINDOWS\system32\TWUNK_32.EXE <Not Verified; Twain Working Group; Twain Thunker>
2007-10-16 22:12:34 16896 --a----c- C:\WINDOWS\system32\tsshutdn.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:33 16384 --a----c- C:\WINDOWS\system32\tskill.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:33 14848 --a----c- C:\WINDOWS\system32\tsdiscon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:32 44544 --a----c- C:\WINDOWS\system32\tscupgrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:32 14848 --a----c- C:\WINDOWS\system32\tscon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:31 31744 --a----c- C:\WINDOWS\system32\tracert6.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:31 12288 --a----c- C:\WINDOWS\system32\tracert.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:31 259584 --a----c- C:\WINDOWS\system32\tracerpt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:27 65536 --a----c- C:\WINDOWS\system32\wextract.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:25 8704 --a----c- C:\WINDOWS\system32\wdfmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:17 49664 --a----c- C:\WINDOWS\system32\w32tm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:16 33792 --a----c- C:\WINDOWS\system32\vssadmin.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:15 69632 --a----c- C:\WINDOWS\system32\usrshuta.exe <Not Verified; U.S. Robotics Corporation; U.S. Robotics Modem Driver>
2007-10-16 22:12:14 61440 --a----c- C:\WINDOWS\system32\usrprbda.exe <Not Verified; U.S. Robotics Corporation; U.S. Robotics modem>
2007-10-16 22:12:14 77824 --a----c- C:\WINDOWS\system32\usrmlnka.exe <Not Verified; U.S. Robotics Corporation; U.S. Robotics Modem Driver>
2007-10-16 22:12:13 347136 --a----c- C:\WINDOWS\system32\tourstart.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:12 78336 --a----c- C:\WINDOWS\system32\tlntsess.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:11 61440 --a----c- C:\WINDOWS\system32\tlntadmn.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:11 16896 --a----c- C:\WINDOWS\system32\tftp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:10 75776 --a----c- C:\WINDOWS\system32\telnet.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:10 19456 --a----c- C:\WINDOWS\system32\tcpsvcs.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:09 12288 --a----c- C:\WINDOWS\system32\tcmsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:09 135680 --a----c- C:\WINDOWS\system32\taskmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:09 15360 --a----c- C:\WINDOWS\system32\taskman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:08 72192 --a----c- C:\WINDOWS\system32\tasklist.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:08 72192 --a----c- C:\WINDOWS\system32\taskkill.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:07 3072 --a----c- C:\WINDOWS\system32\systray.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:06 68096 --a----c- C:\WINDOWS\system32\systeminfo.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:06 105984 --a----c- C:\WINDOWS\system32\sysocmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:05 36864 --a----c- C:\WINDOWS\system32\syskey.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:05 51200 --a----c- C:\WINDOWS\system32\syncapp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:04 9216 --a----c- C:\WINDOWS\system32\subst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:04 14848 --a----c- C:\WINDOWS\system32\stimon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:03 679936 --a----c- C:\WINDOWS\system32\sstext3d.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:02 14336 --a----c- C:\WINDOWS\system32\ssstars.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:01 610304 --a----c- C:\WINDOWS\system32\sspipes.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:00 18944 --a----c- C:\WINDOWS\system32\ssmyst.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:12:00 20992 --a----c- C:\WINDOWS\system32\ssmarque.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:59 393216 --a----c- C:\WINDOWS\system32\ssflwbox.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:59 19968 --a----c- C:\WINDOWS\system32\ssbezier.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:58 704512 --a----c- C:\WINDOWS\system32\ss3dfo.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:57 26112 --a----c- C:\WINDOWS\system32\skeys.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:57 70144 --a----c- C:\WINDOWS\system32\sigverif.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:56 19456 --a----c- C:\WINDOWS\system32\shutdown.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:56 77824 --a----c- C:\WINDOWS\system32\shrpubw.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:55 23552 --a----c- C:\WINDOWS\system32\sort.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:54 56832 --a----c- C:\WINDOWS\system32\sol.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:54 138752 --a----c- C:\WINDOWS\system32\sndvol32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:53 131584 --a----c- C:\WINDOWS\system32\sndrec32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:53 8192 --a----c- C:\WINDOWS\system32\smbinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:52 73728 --a----c- C:\WINDOWS\system32\slserv.exe <Not Verified; Smart Link; Soft Modem>
2007-10-16 22:11:52 32768 --a----c- C:\WINDOWS\system32\slrundll.exe <Not Verified; Smart Link; Soft Modem>
2007-10-16 22:11:51 19968 --a----c- C:\WINDOWS\system32\route.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:51 62464 --a----c- C:\WINDOWS\system32\rdpclip.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:50 16896 --a----c- C:\WINDOWS\system32\qappsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:50 33280 --a----c- C:\WINDOWS\system32\ping6.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:49 18432 --a----c- C:\WINDOWS\system32\secedit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:48 77312 --a----c- C:\WINDOWS\system32\sdbinst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:48 9216 --a----c- C:\WINDOWS\system32\scrnsave.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:48 121856 --a----c- C:\WINDOWS\system32\schtasks.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:47 31232 --a----c- C:\WINDOWS\system32\sc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:47 13312 --a----c- C:\WINDOWS\system32\savedump.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:46 15872 --a----c- C:\WINDOWS\system32\rwinsta.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:46 14336 --a----c- C:\WINDOWS\system32\runonce.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:45 33280 --a----c- C:\WINDOWS\system32\rundll32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:45 16384 --a----c- C:\WINDOWS\system32\runas.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:44 77312 --a----c- C:\WINDOWS\system32\rtcshare.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:44 62976 --a----c- C:\WINDOWS\system32\rsopprov.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:43 107520 --a----c- C:\WINDOWS\system32\rsnotify.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:43 49152 --a----c- C:\WINDOWS\system32\rsmui.exe <Not Verified; Microsoft Corporation; Microsoft® Windows Whistler® Operating System>
2007-10-16 22:11:42 24576 --a----c- C:\WINDOWS\system32\rsmsink.exe <Not Verified; Microsoft Corporation; Microsoft® Windows Whistler® Operating System>
2007-10-16 22:11:42 49152 --a----c- C:\WINDOWS\system32\rsm.exe <Not Verified; Microsoft Corp; Microsoft® Windows ® 2000 Operating System>
2007-10-16 22:11:42 14848 --a----c- C:\WINDOWS\system32\rsh.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:41 25600 --a----c- C:\WINDOWS\system32\routemon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:40 11776 --a----c- C:\WINDOWS\system32\rasautou.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:40 22016 --a----c- C:\WINDOWS\system32\qwinsta.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:39 20480 --a----c- C:\WINDOWS\system32\qprocess.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:38 9216 --a----c- C:\WINDOWS\system32\proxycfg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:37 50176 --a----c- C:\WINDOWS\system32\proquota.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:37 109568 --a----c- C:\WINDOWS\system32\progman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:36 17920 --a----c- C:\WINDOWS\system32\ping.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:35 15872 --a----c- C:\WINDOWS\system32\perfmon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:29 419840 --a----c- C:\WINDOWS\system32\ntvdm.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:27 1200128 --a----c- C:\WINDOWS\system32\ntbackup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:23 76800 --a----c- C:\WINDOWS\system32\nslookup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:22 69120 --a----c- C:\WINDOWS\system32\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:22 20480 --a----c- C:\WINDOWS\system32\nbtstat.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:21 53760 --a----c- C:\WINDOWS\system32\narrator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:13 12800 --a----c- C:\WINDOWS\system32\mrinfo.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:12 117248 --a----c- C:\WINDOWS\system32\mqtgsvc.exe <Not Verified; Microsoft Corporation; Microsoft Message Queue>
2007-10-16 22:11:12 4608 --a----c- C:\WINDOWS\system32\mqsvc.exe <Not Verified; Microsoft Corporation; Microsoft Message Queue>
2007-10-16 22:11:11 815104 --a----c- C:\WINDOWS\system32\mmc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:10 51712 --a----c- C:\WINDOWS\system32\migpwd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:08 22016 --a----c- C:\WINDOWS\system32\mpnotify.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:07 29696 --a----c- C:\WINDOWS\system32\lights.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:06 85504 --a----c- C:\WINDOWS\system32\makecab.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:06 72704 --a----c- C:\WINDOWS\system32\magnify.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:11:04 19968 --a----c- C:\WINDOWS\system32\mqbkup.exe <Not Verified; Microsoft Corporation; Microsoft Message Queue>
2007-10-16 22:10:59 23552 --a----c- C:\WINDOWS\system32\ipxroute.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:59 53248 --a----c- C:\WINDOWS\system32\ipv6.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:58 44032 --a----c- C:\WINDOWS\system32\ipsec6.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:58 55808 --a----c- C:\WINDOWS\system32\ipconfig.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:55 7680 --a----c- C:\WINDOWS\system32\hostname.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:54 14848 --a----c- C:\WINDOWS\system32\help.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:54 39424 --a----c- C:\WINDOWS\system32\grpconv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:53 57344 --a----c- C:\WINDOWS\system32\gpupdate.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:53 119808 --a----c- C:\WINDOWS\system32\gpresult.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:52 55296 --a----c- C:\WINDOWS\system32\getmac.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:51 42496 --a----c- C:\WINDOWS\system32\ftp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:51 56320 --a----c- C:\WINDOWS\system32\fsutil.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:50 193024 --a----c- C:\WINDOWS\system32\fsquirt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:50 55296 --a----c- C:\WINDOWS\system32\freecell.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:49 7168 --a----c- C:\WINDOWS\system32\forcedos.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:49 20992 --a----c- C:\WINDOWS\system32\fontview.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:48 114688 --a----c- C:\WINDOWS\system32\iexpress.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:46 180224 --a----c- C:\WINDOWS\system32\dwwin.exe <Not Verified; Microsoft Corporation; Microsoft Application Error Reporting>
2007-10-16 22:10:46 17920 --a----c- C:\WINDOWS\system32\dvdupgrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:46 55296 --a----c- C:\WINDOWS\system32\dvdplay.exe <Not Verified; ; dvdplay Application>
2007-10-16 22:10:45 10752 --a----c- C:\WINDOWS\system32\dumprep.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:44 45568 --a----c- C:\WINDOWS\system32\drwtsn32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:44 249856 --a----c- C:\WINDOWS\system32\drmupgds.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:27 58368 --a----c- C:\WINDOWS\system32\driverquery.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:27 83456 --a----c- C:\WINDOWS\system32\dpvsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:26 18432 --a----c- C:\WINDOWS\system32\dpnsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:26 30208 --a----c- C:\WINDOWS\system32\dplaysvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:25 10752 --a----c- C:\WINDOWS\system32\doskey.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:10:25 15872 --a----c- C:\WINDOWS\system32\dmremote.exe <Not Verified; Microsoft Corp.; Logical Disk Manager for Windows NT>
2007-10-16 22:10:24 4608 --a----c- C:\WINDOWS\system32\dllhst3g.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:43 17920 --a----c- C:\WINDOWS\system32\diskperf.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:43 163840 --a----c- C:\WINDOWS\system32\diskpart.exe <Not Verified; Microsoft Corporation; Microsoft Corporation Diskpart Application>
2007-10-16 22:05:35 85504 --a----c- C:\WINDOWS\system32\diantz.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:34 30208 --a----c- C:\WINDOWS\system32\ddeshare.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:34 5120 --a----c- C:\WINDOWS\system32\dcomcnfg.exe <Not Verified; Microsoft Corporation; COM Services>
2007-10-16 22:05:32 82432 --a----c- C:\WINDOWS\system32\dfrgfat.exe <Not Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter>
2007-10-16 22:05:31 25088 --a----c- C:\WINDOWS\system32\defrag.exe <Not Verified; Microsoft Corp. and Executive Software International, Inc.; Windows Disk Defragmenter>
2007-10-16 22:05:31 13824 --a----c- C:\WINDOWS\system32\convert.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:31 8192 --a----c- C:\WINDOWS\system32\control.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:30 27648 --a----c- C:\WINDOWS\system32\conime.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:26 9728 --a----c- C:\WINDOWS\system32\comsdupd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:25 17408 --a----c- C:\WINDOWS\system32\compact.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:25 15872 --a----c- C:\WINDOWS\system32\comp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:23 63488 --a----c- C:\WINDOWS\system32\cmstp.exe <Not Verified; Microsoft Corporation; Microsoft® Connection Manager>
2007-10-16 22:05:23 39936 --a----c- C:\WINDOWS\system32\cmmon32.exe <Not Verified; Microsoft Corporation; Microsoft® Connection Manager>
2007-10-16 22:05:23 47104 --a----c- C:\WINDOWS\system32\cmdl32.exe <Not Verified; Microsoft Corporation; Microsoft® Connection Manager>
2007-10-16 22:05:22 388608 --a----c- C:\WINDOWS\system32\cmd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:21 5120 --a----c- C:\WINDOWS\system32\bootvrfy.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:21 4608 --a----c- C:\WINDOWS\system32\bootok.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:20 136704 --a----c- C:\WINDOWS\system32\bootcfg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:20 71680 --a----c- C:\WINDOWS\system32\blastcln.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:19 25088 --a----c- C:\WINDOWS\system32\at.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:18 32768 --a----c- C:\WINDOWS\system32\asr_pfu.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:18 32256 --a----c- C:\WINDOWS\system32\asr_ldm.exe <Not Verified; Microsoft Corp.; Logical Disk Manager for Windows NT>
2007-10-16 22:05:17 30208 --a----c- C:\WINDOWS\system32\asr_fmt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:17 98304 --a----c- C:\WINDOWS\system32\ahui.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:16 13824 --a----c- C:\WINDOWS\system32\rexec.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:15 9728 --a----c- C:\WINDOWS\system32\reset.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:14 12800 --a----c- C:\WINDOWS\system32\replace.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:14 32768 --a----c- C:\WINDOWS\system32\relog.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:08 4608 --a----c- C:\WINDOWS\system32\regwiz.exe <Not Verified; Microsoft; RegWizExe>
2007-10-16 22:05:08 33792 --a----c- C:\WINDOWS\system32\regini.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:07 3584 --a----c- C:\WINDOWS\system32\regedt32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:07 50176 --a----c- C:\WINDOWS\system32\reg.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:07 7168 --a----c- C:\WINDOWS\system32\recover.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:07 67072 --a----c- C:\WINDOWS\system32\rdshost.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:06 13824 --a----c- C:\WINDOWS\system32\rdsaddin.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:04 36864 --a----c- C:\WINDOWS\system32\netstat.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:04 86016 --a----c- C:\WINDOWS\system32\netsh.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:04 331776 --a----c- C:\WINDOWS\system32\netsetup.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:03 8192 --a----c- C:\WINDOWS\system32\lpr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:03 6144 --a----c- C:\WINDOWS\system32\lpq.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:02 514560 --a----c- C:\WINDOWS\system32\logonui.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:02 15360 --a----c- C:\WINDOWS\system32\logoff.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:02 59392 --a----c- C:\WINDOWS\system32\logman.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:01 100864 --a----c- C:\WINDOWS\system32\logagent.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:01 5120 --a----c- C:\WINDOWS\system32\lodctr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:05:00 25088 --a----c- C:\WINDOWS\system32\lnkstub.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:59 11776 --a----c- C:\WINDOWS\system32\winmsd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:59 119808 --a----c- C:\WINDOWS\system32\winmine.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:58 46592 --a----c- C:\WINDOWS\system32\dxdllreg.exe <Not Verified; Microsoft Corporation; Microsoft® DirectX for Windows® Operating System>
2007-10-16 22:04:58 33280 --a----c- C:\WINDOWS\system32\clipsrv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:57 102912 --a----c- C:\WINDOWS\system32\clipbrd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:57 19456 --a----c- C:\WINDOWS\system32\arp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:56 64000 --a------ C:\WINDOWS\system32\cleanmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:55 7680 --a----c- C:\WINDOWS\system32\ckcnv.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:55 56320 --a----c- C:\WINDOWS\system32\cipher.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:55 8192 --a----c- C:\WINDOWS\system32\cidaemon.exe <Not Verified; Microsoft Corporation; Microso
  • 0

#8
nekropsycho
Posted 30 October 2007 - 02:44 AM

nekropsycho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
uh oh! looks like it got cut off, ill post from the last line that got cut off and then paste the EXTRA.TXT right after

2007-10-16 22:04:55 8192 --a----c- C:\WINDOWS\system32\cidaemon.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:54 11264 --a----c- C:\WINDOWS\system32\chkntfs.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:54 11776 --a----c- C:\WINDOWS\system32\chkdsk.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:54 80384 --a----c- C:\WINDOWS\system32\charmap.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:53 407552 --a----c- C:\WINDOWS\system32\mstsc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:53 12288 --a----c- C:\WINDOWS\system32\mstinit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:52 6656 --a----c- C:\WINDOWS\system32\msswchx.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:51 16896 --a----c- C:\WINDOWS\system32\upnpcont.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:50 4096 --a----c- C:\WINDOWS\system32\unlodctr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:50 15360 --a----c- C:\WINDOWS\system32\pentnt.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:50 21504 --a----c- C:\WINDOWS\system32\pathping.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:49 58368 --a----c- C:\WINDOWS\system32\packager.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:49 40448 --a----c- C:\WINDOWS\system32\osuninst.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:48 215552 --a----c- C:\WINDOWS\system32\osk.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:48 67584 --a----c- C:\WINDOWS\system32\openfiles.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:42 23040 --a----c- C:\WINDOWS\system32\fltmc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:41 3072 --a----c- C:\WINDOWS\system32\fixmapi.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:41 9216 --a----c- C:\WINDOWS\system32\finger.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:41 27136 --a----c- C:\WINDOWS\system32\findstr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:40 9216 --a----c- C:\WINDOWS\system32\find.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:40 14848 --a----c- C:\WINDOWS\system32\fc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:40 20992 --a----c- C:\WINDOWS\system32\faxpatch.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:39 45568 --a----c- C:\WINDOWS\system32\extrac32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:39 4096 --a----c- C:\WINDOWS\system32\actmovie.exe <Not Verified; Microsoft Corporation; DirectShow>
2007-10-16 22:04:38 183808 --a----c- C:\WINDOWS\system32\accwiz.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:04:09 32768 -------c- C:\WINDOWS\slrundll.exe <Not Verified; Smart Link; Soft Modem>
2007-10-16 22:04:07 69120 --a----c- C:\WINDOWS\notepad.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 22:02:17 700416 --a------ C:\StubInstaller.exe <Not Verified; LimeWire; LimeWire swarmed installer>
2007-10-16 21:16:41 47104 --a----c- C:\WINDOWS\system32\ssmypics.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 21:16:41 220672 --a----c- C:\WINDOWS\system32\logon.scr <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 21:16:39 343040 --a----c- C:\WINDOWS\system32\mspaint.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 21:16:06 1298432 --a----c- C:\WINDOWS\system32\dxdiag.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 21:15:57 31744 --a----c- C:\WINDOWS\system32\ntsd.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 21:15:56 24576 --a----c- C:\WINDOWS\system32\userinit.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 21:15:56 42496 --a----c- C:\WINDOWS\system32\shmgrate.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 21:15:56 11776 --a----c- C:\WINDOWS\system32\regsvr32.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 21:15:56 29184 --a----c- C:\WINDOWS\system32\mshta.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 21:15:55 289792 --a----c- C:\WINDOWS\system32\vssvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 21:15:55 32768 --a----c- C:\WINDOWS\system32\mnmsrvc.exe <Not Verified; Microsoft Corporation; Windows® NetMeeting®>
2007-10-16 21:15:54 89600 --a----c- C:\WINDOWS\system32\smlogsvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 21:15:54 78848 --a----c- C:\WINDOWS\system32\msiexec.exe <Not Verified; Microsoft Corporation; Windows Installer - Unicode>
2007-10-16 21:15:53 18432 --a----c- C:\WINDOWS\system32\ups.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 21:15:53 73216 --a----c- C:\WINDOWS\system32\tlntsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 21:15:53 95744 --a----c- C:\WINDOWS\system32\scardsvr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 21:15:53 6144 --a----c- C:\WINDOWS\system32\msdtc.exe <Not Verified; Microsoft Corporation; Microsoft Distributed Transaction Coordinator>
2007-10-16 21:15:53 224768 --a----c- C:\WINDOWS\system32\dmadmin.exe <Not Verified; Microsoft Corp., Veritas Software; Logical Disk Manager for Windows NT>
2007-10-16 21:15:53 5632 --a----c- C:\WINDOWS\system32\cisvc.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 21:15:52 140800 --a----c- C:\WINDOWS\system32\sessmgr.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 21:15:52 132608 --a----c- C:\WINDOWS\system32\rsvp.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 21:15:52 75264 --a----c- C:\WINDOWS\system32\locator.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 21:15:52 150016 --a----c- C:\WINDOWS\system32\imapi.exe <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2007-10-16 21:00:16 0 d-------- C:\Program Files\Google
2007-10-16 20:57:48 0 d-------- C:\Program Files\Common Files\Adobe
2007-10-16 16:23:24 0 d-------- C:\Program Files\OpenOffice.org1.1.4
2007-10-16 16:21:32 0 d-------- C:\Program Files\AIM
2007-10-16 16:19:38 0 d-------- C:\Program Files\QuickTime
2007-10-16 13:40:33 0 d-------- C:\Documents and Settings\Dan\Application Data\Adobe
2007-10-16 02:53:47 0 d-------- C:\Program Files\Winamp
2007-09-15 14:19:19 0 d-------- C:\Program Files\Apple Software Update
2007-09-14 03:41:56 0 d-------- C:\Program Files\Soulseek-Test
2007-09-12 22:52:19 0 d-------- C:\Program Files\Common Files\xing shared
2007-09-12 22:52:16 0 d-------- C:\Program Files\Common Files\Real
2007-09-11 19:55:18 0 d-------- C:\Program Files\NuGardt Software
2007-09-11 02:17:30 81920 --a------ C:\WINDOWS\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>
2007-09-07 01:55:55 0 d-------- C:\Program Files\Teamspeak2_RC2


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [07/12/2005 03:35 PM]
"DiskeeperSystray"="C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" [10/16/2007 09:15 PM]
"NVMixerTray"="C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [10/16/2007 09:15 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/27/2007 08:14 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [09/12/2007 10:51 PM]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/17/2007 12:29 AM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 02:25 AM]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/16/2007 09:15 PM]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [09/11/2002 06:01 PM]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [07/19/2007 10:54 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [04/27/2007 02:17 PM]

C:\Documents and Settings\Dan\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [03/16/2005 8:16:50 PM]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [10/24/2007 3:13:12 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddayy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dan^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=C:\Documents and Settings\Dan\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=C:\WINDOWS\pss\HotSync Manager.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
"C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft upnp Update]
msie.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
C:\WINDOWS\System32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\System]
mah.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe

*Newly Created Service* - GTNDIS5



-- End of Deckard's System Scanner: finished at 2007-10-30 01:28:08 ------------

EXTRA.TXT

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Unable to create WMI object.

Architecture: X86; Language: English

Percentage of Memory in Use: 42%
Physical Memory (total/avail): 1023.49 MiB / 585.56 MiB
Pagefile Memory (total/avail): 2459.84 MiB / 2092.59 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1937.02 MiB

C: is Fixed (NTFS) - 57.27 GiB total, 18.39 GiB free.
E: is Removable (No Media)
F: is CDROM (No Media)
G: is Removable (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

Unable to create WMI object.

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Dan\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_01\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=BRYANT
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Dan
LOGONSERVER=\\BRYANT
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Program Files\Mozilla Firefox;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\Executive Software\Diskeeper\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Omni-Bot
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 10 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0a00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_01\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Dan\LOCALS~1\Temp
TMP=C:\DOCUME~1\Dan\LOCALS~1\Temp
tvdumpflags=10
USERDOMAIN=BRYANT
USERNAME=Dan
USERPROFILE=C:\Documents and Settings\Dan
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI


-- User Profiles ---------------------------------------------------------------

Dan (admin)
Administrator (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
7-Zip 4.15 beta --> "C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-6884-0000-0000-000000000103}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Premiere Pro --> RunDll32 "C:\Program Files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll",LaunchSetup "C:\Program Files\InstallShield Installation Information\{084709F7-38C5-4609-B55F-2417939315EB}\setup.exe"
Adobe Stock Photos 1.0 --> MsiExec.exe /I{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}
Ahead InCD --> C:\WINDOWS\NuNInst.exe /UNINSTALL
Ahead InCD EasyWrite Reader --> C:\WINDOWS\unmrw.exe /UNINSTALL
Ahead NeroMediaPlayer --> C:\WINDOWS\UNNMP.exe /UNINSTALL
AIM 6 --> C:\Program Files\AIM6\uninst.exe
Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
AVS Video Tools 5.4 --> "C:\Program Files\AVSMedia\VideoTools\unins000.exe"
Cacheman 5.50 --> C:\PROGRA~1\Cacheman\UNWISE.EXE C:\PROGRA~1\Cacheman\install.dat
Diskeeper Professional Edition --> MsiExec.exe /X{CC7464F1-BE7D-49FD-88B8-49C0AA894233}
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Fraps --> "C:\Fraps\uninstall.exe"
Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "C:\Documents and Settings\Dan\Desktop\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
IGN Download Manager 2.2.2 --> C:\Program Files\IGN\Download Manager\uninst.exe
InterActual Player --> C:\Program Files\InterActual\InterActual Player\inuninst.exe
IsoBuster 1.9.1 --> "C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"
iTunes --> MsiExec.exe /I{ABCE1C63-56ED-41FF-BEAF-57321F70DC49}
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Linksys Wireless-G PCI Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4DDC3BED-CC68-44AA-B435-D727B620CA5B}\setup.exe" -l0x9
MAIET entertainment - Gunz --> C:\Program Files\MAIET\Gunz\Uninstall.exe
Microsoft AntiSpyware --> MsiExec.exe /I{536F7C74-844B-4683-B0C5-EA39E19A6FE3}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft MPEG-4 VKI Video Codec V1/V2/V3 --> rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\mpg4c32.inf
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Mozilla Firefox (2.0.0.8) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero - Burning Rom (Web installer) --> C:\WINDOWS\UNNERO.exe /UNINSTALL
Norton Security Scan --> MsiExec.exe /I{E5431FB5-B3EB-46C8-8275-F6447131C98A}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuaudio.exe UninstallGUI
NvMixer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D7A6C517-11F2-419F-B5BB-27772B939698}\Setup.exe" -uninstall
Omni-Bot 0.532 STABLE --> C:\Program Files\Omni-Bot\uninst.exe
OpenOffice.org 1.1.4 --> C:\Program Files\OpenOffice.org1.1.4\program\setup.exe -deinstall
Palm Desktop and Synchronization Software --> MsiExec.exe /X{13EDFFFE-DCF2-448A-A653-3C4CD60D99B4}
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{08094E03-AFE4-4853-9D31-6D0743DF5328}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
SoulSeek Client 156c --> "C:\Program Files\Soulseek\uninstall.exe"
SoulSeek Client 157 test 10 --> "C:\Documents and Settings\Dan\Desktop\Soulseek-Test\uninstall.exe"
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
Spybot - Search & Destroy 1.3 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.0 --> C:\Program Files\Spyware Doctor\unins000.exe
SpywareBlaster v3.3 --> "C:\Program Files\SpywareBlaster\unins000.exe"
TeamSpeak 2 RC2 --> "C:\Program Files\Teamspeak2_RC2\unins000.exe"
Viewpoint Manager (Remove Only) --> C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
Viewpoint Media Player --> C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Wolfenstein - Enemy Territory --> C:\PROGRA~1\WOLFEN~1\Uninstall\Unwise.exe /u C:\PROGRA~1\WOLFEN~1\Uninstall\Install.log
XChat 2 (remove only) --> "C:\Program Files\xchat\uninstall.exe"
Xfire (remove only) --> "C:\Program Files\Xfire\uninst.exe"
XviD MPEG-4 Video Codec --> C:\WINDOWS\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\WINDOWS\INF\xvid.inf
ZD Soft Screen Recorder --> "C:\Program Files\ZD Soft\Screen Recorder\Uninstall.exe"
ZD Soft Screen Video Decoder --> rundll32.exe setupapi,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\scrvid.inf
ZoneAlarm --> C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe


-- Application Event Log -------------------------------------------------------

Event Record #/Type14427 / Error
Event Submitted/Written: 10/30/2007 01:22:43 AM
Event ID/Source: 1802 / SecurityCenter
Event Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Event Record #/Type14426 / Error
Event Submitted/Written: 10/30/2007 01:22:43 AM
Event ID/Source: 27 / WinMgmt
Event Description:
WinMgmt could not open the repository file. This could be due to insufficient security access to the "<%SystemRoot%>\System32\WBEM\Repository", insufficient disk space or insufficient memory.

Event Record #/Type14423 / Error
Event Submitted/Written: 10/30/2007 01:18:22 AM
Event ID/Source: 27 / WinMgmt
Event Description:
WinMgmt could not open the repository file. This could be due to insufficient security access to the "<%SystemRoot%>\System32\WBEM\Repository", insufficient disk space or insufficient memory.

Event Record #/Type14419 / Error
Event Submitted/Written: 10/30/2007 01:16:06 AM
Event ID/Source: 1802 / SecurityCenter
Event Description:
The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall.

Event Record #/Type14418 / Error
Event Submitted/Written: 10/30/2007 01:16:06 AM
Event ID/Source: 27 / WinMgmt
Event Description:
WinMgmt could not open the repository file. This could be due to insufficient security access to the "<%SystemRoot%>\System32\WBEM\Repository", insufficient disk space or insufficient memory.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type66235 / Error
Event Submitted/Written: 10/30/2007 01:22:29 AM / 10/30/2007 01:23:00 AM
Event ID/Source: 12294 / ati2mtag
Event Description:
CRT invalid display type

Event Record #/Type66229 / Error
Event Submitted/Written: 10/30/2007 01:17:51 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Event Record #/Type66228 / Error
Event Submitted/Written: 10/30/2007 01:17:46 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type66227 / Error
Event Submitted/Written: 10/30/2007 01:17:44 AM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}

Event Record #/Type66222 / Warning
Event Submitted/Written: 10/30/2007 01:16:04 AM
Event ID/Source: 2504 / Server
Event Description:
The server could not bind to the transport \Device\NetBT_Tcpip_{3A6EB6BF-28F3-4C6D-A950-089A0302C556}.



-- End of Deckard's System Scanner: finished at 2007-10-30 01:28:08 ------------



there ya go! ill check back tomorrow to see what the word is :)
  • 0

#9
MoNsTeReNeRgY22
Posted 30 October 2007 - 11:22 PM

MoNsTeReNeRgY22

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,539 posts
Hey nekropsycho,

Step 1
Please download the OTMoveIt by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\system32\yfjxxguk.dll
    C:\Program Files\3269.exe
    C:\WINDOWS\twunk_32.exe
    C:\WINDOWS\system32\ltwjjwe.dll
    C:\WINDOWS\system32\vt.dll
    C:\WINDOWS\system32\yibhqvbe.tmp

  • Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
  • Click the red Moveit! button.
  • Copy everything on the Results window to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it on your next reply.
  • Close OTMoveIt
*If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine, choose Yes.
**If a reboot was necessary or you needed to Exit before posting the log, you will find a copy of the log at the root of the drive where OTMoveIt is installed, usually at :
C:\_OTMoveIt\MovedFiles\********_******.log
(where "********_******" is the "date_time")

Click "Exit" to close OTMoveIt.

Step 2
Lets run an F-Secure online scan for Viruses, Spyware and RootKits:
  • Go to http://support.f-sec.../home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, check Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post
If Automatic cleaning with Submit samples hangs, click Cancel, then New Scan
  • When the cleaning option is presented, Uncheck Submit samples to F-Secure
  • Click Automatic cleaning
  • When cleaning has finitished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post along with the OTMove It log
Notes:
  • This scan will only work with Internet Explorer
  • You must have administrator rights to run this scan
  • This scan can take several hours, so please be patient
  • 0

#10
nekropsycho
Posted 31 October 2007 - 02:42 PM

nekropsycho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
so i moved these filepaths, fell asleep, woke up and when i tried moving them again they weren't found
here are the results:

File/Folder C:\WINDOWS\system32\yfjxxguk.dll not found.
File/Folder C:\Program Files\3269.exe not found.
File/Folder C:\WINDOWS\twunk_32.exe not found.
File/Folder C:\WINDOWS\system32\ltwjjwe.dll not found.
File/Folder C:\WINDOWS\system32\vt.dll not found.
File/Folder C:\WINDOWS\system32\yibhqvbe.tmp not found.

Created on 10/31/2007 12:35:52

heres the report from the scan:

Scanning Report
Wednesday, October 31, 2007 12:40:44 - 13:39:31

Computer name: BRYANT
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 568 malware found
Adware.BHO(generic) (spyware)

* System (Disinfected)

Delf.ATBB (virus)

* C:\DOCUMENTS AND SETTINGS\DAN\DESKTOP\ADOBE PREMIERE PRO\PREMIERE PRO\KEYGEN.EXE

Tracking Cookie (spyware)

* System (Disinfected)
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System
* System

Trojan-Downloader.Win32.Obfuscated.n (virus)

* C:\_OTMOVEIT\MOVEDFILES\PROGRAM FILES\3269.EXE (Renamed)

Trojan.Win32.Dialer.qn (virus)

* C:\WINDOWS\SYSTEM32\WINJYG32.DLL (Renamed)

Vundo.gen39 (virus)

* C:\WINDOWS\SYSTEM32\KCTUXPRV.INI
* C:\WINDOWS\SYSTEM32\VMAPVFBT.INI
* C:\WINDOWS\SYSTEM32\WMGLLNRY.INI

WindUpdates.MediaPass (spyware)

* System (Disinfected)

Worm.Win32.Mefir.p (virus)

* C:\WINDOWS\WEB\TIP.HTM (Disinfected)
* C:\WINDOWS\WEB\PRINTERS\IPP_0001.ASP (Disinfected)
* C:\WINDOWS\WEB\PRINTERS\IPP_0002.ASP (Disinfected)
* C:\WINDOWS\WEB\PRINTERS\IPP_0005.ASP (Disinfected)
* C:\WINDOWS\WEB\PRINTERS\IPP_0006.ASP (Disinfected)
* C:\WINDOWS\WEB\PRINTERS\IPP_0007.ASP (Disinfected)
* C:\WINDOWS\WEB\PRINTERS\IPP_0010.ASP (Disinfected)
* C:\WINDOWS\WEB\PRINTERS\IPP_0013.ASP (Disinfected)
* C:\WINDOWS\WEB\PRINTERS\IPP_0014.ASP (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ACTSHELL.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\DTSGNUP.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\MSOBSHEL.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\UPDSHELL.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\ACTERROR.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\ACTIVATE.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\ACT_PLCY.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\AUTOUPDT.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\AU_PLCY.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\BADEULA.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\BADPKEY.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\COMPNAME.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\DIALUP.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\DRDYISP.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\DRDYMIG.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\DRDYOEM.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\DRDYREF.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\DTIWAIT.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\FINI.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\HNWPRMPT.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\ICONN.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\ICS.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\IDENT1.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\IDENT2.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\ISP.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\ISPWAIT.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\JNDOMAIN.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\JNDOM_A.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\KEYBD.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\KEYBDCMT.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\MIGDIAL.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\MIGLIST.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\MIGPAGE.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\NEWEULA.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\NEWEULA2.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\OEMPRIV.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\PRODKEY.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\PRVCYMS.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\REFDIAL.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\REG1.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\REG3.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\REGDIAL.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\SECURITY.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\TIMEZONE.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\USERNAME.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\SETUP\WELCOME.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\REGERROR\RCNTERR.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\REGERROR\RDTONE.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\REGERROR\RHNDSHK.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\REGERROR\RNOANSW.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\REGERROR\RNOMDM.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\REGERROR\RPBERR.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\REGERROR\RPULSE.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\REGERROR\RTOOBUSY.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ISPERROR\ISPCNERR.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ISPERROR\ISPDTONE.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ISPERROR\ISPHDSHK.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ISPERROR\ISPINS.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ISPERROR\ISPNOANW.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ISPERROR\ISPPBERR.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ISPERROR\ISPPHBSY.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ISPERROR\ISPSBUSY.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ICSERROR\ICSDC.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\HTML\SCONNECT\SCNTLAST.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\HTML\SCONNECT\SCONNECT.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\HTML\MOUSE\MOUSE.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\HTML\MOUSE\MOUSE_A.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\HTML\MOUSE\MOUSE_B.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\HTML\MOUSE\MOUSE_C.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\HTML\MOUSE\MOUSE_D.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\HTML\MOUSE\MOUSE_E.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\HTML\MOUSE\MOUSE_F.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\HTML\MOUSE\MOUSE_G.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\HTML\MOUSE\MOUSE_H.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\HTML\MOUSE\MOUSE_I.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\HTML\MOUSE\MOUSE_J.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\HTML\MOUSE\MOUSE_K.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\HTML\ISPTYPE\ISPTYPE.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\HTML\ICONNECT\ICNTLAST.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\HTML\ICONNECT\ICONNECT.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\HTML\DSLMAIN\DSLMAIN.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\HTML\DSLMAIN\DSL_A.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\HTML\DSLMAIN\DSL_B.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ERROR\CNNCTERR.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ERROR\DIALTONE.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ERROR\HNDSHAKE.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ERROR\ISP2BUSY.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ERROR\NOANSWER.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ERROR\PBERR.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ERROR\PULSE.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ERROR\TOOBUSY.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ACTSETUP\ACTCONN.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ACTSETUP\ACTDONE.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ACTSETUP\ACTIV.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ACTSETUP\ACTIVERR.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ACTSETUP\ACTIVSVC.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ACTSETUP\ACTLAN.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ACTSETUP\ADESKERR.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ACTSETUP\ADRDYREG.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ACTSETUP\APOLICY.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ACTSETUP\APRVCYMS.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ACTSETUP\AREG1.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ACTSETUP\AREGDIAL.HTM (Disinfected)
* C:\WINDOWS\SYSTEM32\OOBE\ACTSETUP\AREGDONE.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\ACTIV.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\ACTIVSVC.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\ACTLAN.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\ACTSHELL.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\ADESKERR.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\AUTOUPDT.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\AU_PLCY.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\DEFAULT.ASP (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\DTSGNUP.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\ICS.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\IPP_0001.ASP (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\IPP_0002.ASP (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\IPP_0005.ASP (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\IPP_0006.ASP (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\IPP_0007.ASP (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\IPP_0010.ASP (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\IPP_0013.ASP (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\IPP_0014.ASP (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\MSOBSHEL.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\NETMEET.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\NEWEULA.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\SEARCH.ASP (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\TIP.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\TSWEB1.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\UPDSHELL.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\WELCOME.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\XPTHT01W.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\XPTHT05W.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\XPTHT09W.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\XPTHT13W.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\XPTHT15W.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\XPTHT16W.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\XPTHT17W.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\XPTHT18W.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\XPTHT19W.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\XPTHT23W.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\XPTHT24W.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\XPTHT25W.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\XPTHT28W.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\XPTHT29W.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\XPTHT30W.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\XPTHT31W.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\XPTHT33W.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\XPTHT34W.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\XPTHT35W.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\XPTHT36W.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\XPTHT38W.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\XPTHT40W.HTM (Disinfected)
* C:\WINDOWS\SERVICEPACKFILES\I386\XPTHT41W.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\VENDORS\CN=MICROSOFT CORPORATION,L=REDMOND,S=WASHINGTON,C=US\CONNECTION.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\VENDORS\CN=MICROSOFT CORPORATION,L=REDMOND,S=WASHINGTON,C=US\OFFLINEDC.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\VENDORS\CN=MICROSOFT CORPORATION,L=REDMOND,S=WASHINGTON,C=US\PSS_GETTING_WORLDWIDE_HELP.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\VENDORS\CN=MICROSOFT CORPORATION,L=REDMOND,S=WASHINGTON,C=US\REMOTE ASSISTANCE\CONFIRM.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\VENDORS\CN=MICROSOFT CORPORATION,L=REDMOND,S=WASHINGTON,C=US\REMOTE ASSISTANCE\RCSTATUS.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\VENDORS\CN=MICROSOFT CORPORATION,L=REDMOND,S=WASHINGTON,C=US\REMOTE ASSISTANCE\ESCALATION\UNSOLICITED\UNSOLICITEDRCUI.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\VENDORS\CN=MICROSOFT CORPORATION,L=REDMOND,S=WASHINGTON,C=US\REMOTE ASSISTANCE\ESCALATION\EMAIL\ESCALATIONHELP.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\VENDORS\CN=MICROSOFT CORPORATION,L=REDMOND,S=WASHINGTON,C=US\REMOTE ASSISTANCE\ESCALATION\EMAIL\RCDETAILS.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\VENDORS\CN=MICROSOFT CORPORATION,L=REDMOND,S=WASHINGTON,C=US\REMOTE ASSISTANCE\ESCALATION\EMAIL\RCINVITESTATUS.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\VENDORS\CN=MICROSOFT CORPORATION,L=REDMOND,S=WASHINGTON,C=US\REMOTE ASSISTANCE\ESCALATION\EMAIL\RCSCREEN4.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\VENDORS\CN=MICROSOFT CORPORATION,L=REDMOND,S=WASHINGTON,C=US\REMOTE ASSISTANCE\ESCALATION\EMAIL\RCSCREEN5.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\VENDORS\CN=MICROSOFT CORPORATION,L=REDMOND,S=WASHINGTON,C=US\REMOTE ASSISTANCE\ESCALATION\EMAIL\RCSCREEN6.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\VENDORS\CN=MICROSOFT CORPORATION,L=REDMOND,S=WASHINGTON,C=US\REMOTE ASSISTANCE\ESCALATION\EMAIL\RCSCREEN7.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\VENDORS\CN=MICROSOFT CORPORATION,L=REDMOND,S=WASHINGTON,C=US\REMOTE ASSISTANCE\ESCALATION\EMAIL\RCSCREEN8.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\VENDORS\CN=MICROSOFT CORPORATION,L=REDMOND,S=WASHINGTON,C=US\REMOTE ASSISTANCE\ESCALATION\EMAIL\RCSCREEN9.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\VENDORS\CN=MICROSOFT CORPORATION,L=REDMOND,S=WASHINGTON,C=US\REMOTE ASSISTANCE\ESCALATION\EMAIL\SHIELDSUPMSG.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\VENDORS\CN=MICROSOFT CORPORATION,L=REDMOND,S=WASHINGTON,C=US\REMOTE ASSISTANCE\ESCALATION\COMMON\RCCONNECTION.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\VENDORS\CN=MICROSOFT CORPORATION,L=REDMOND,S=WASHINGTON,C=US\REMOTE ASSISTANCE\ESCALATION\COMMON\RCSCREEN2.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\VENDORS\CN=MICROSOFT CORPORATION,L=REDMOND,S=WASHINGTON,C=US\REMOTE ASSISTANCE\COMMON\CONNISSUE.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\VENDORS\CN=MICROSOFT CORPORATION,L=REDMOND,S=WASHINGTON,C=US\REMOTE ASSISTANCE\COMMON\LEARNINTERNET.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\VENDORS\CN=MICROSOFT CORPORATION,L=REDMOND,S=WASHINGTON,C=US\REMOTE ASSISTANCE\COMMON\RAHELP.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\VENDORS\CN=MICROSOFT CORPORATION,L=REDMOND,S=WASHINGTON,C=US\REMOTE ASSISTANCE\COMMON\RCMOREINFO.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\UPDATECTR\ABOUTWU.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\UPDATECTR\LEARNINTERNET.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\UPDATECTR\LEARNWU.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\UPDATECTR\UPDATECENTER.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\SYSINFO\MSINFO.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\SYSINFO\RSOP.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\SYSINFO\SYSCOMPONENTINFO.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\SYSINFO\SYSCONFIGLAUNCH.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\SYSINFO\SYSDISKTS.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\SYSINFO\SYSEVTLOGINFO.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\SYSINFO\SYSHEALTHINFO.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\SYSINFO\SYSINFOLAUNCH.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\SYSINFO\SYSINFOMAIN.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\SYSINFO\SYSINFOSUM.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\SYSINFO\SYSREMOTEINFO.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\SYSINFO\SYSSERVICESINFO.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\SYSINFO\SYSSOFTWAREINFO.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTE ASSISTANCE\INTERACTION\SERVER\DIVIDERBAR1.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTE ASSISTANCE\INTERACTION\SERVER\DIVIDERBAR2.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTE ASSISTANCE\INTERACTION\SERVER\RACHATSERVER.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTE ASSISTANCE\INTERACTION\SERVER\RASERVER.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTE ASSISTANCE\INTERACTION\SERVER\RASERVERTOOLBAR.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTE ASSISTANCE\INTERACTION\SERVER\SETTINGSERVER.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTE ASSISTANCE\INTERACTION\SERVER\TAKECONTROLMSGS.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTE ASSISTANCE\INTERACTION\COMMON\ERRORMSGS.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTE ASSISTANCE\INTERACTION\COMMON\RCFILEXFER.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTE ASSISTANCE\INTERACTION\COMMON\VOICEFIREWALLMSG.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTE ASSISTANCE\INTERACTION\COMMON\VOIPMSGS.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTE ASSISTANCE\INTERACTION\CLIENT\DIVIDERBAR.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTE ASSISTANCE\INTERACTION\CLIENT\RACHATCLIENT.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTE ASSISTANCE\INTERACTION\CLIENT\RACLIENT.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTE ASSISTANCE\INTERACTION\CLIENT\RASTATUSBAR.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTE ASSISTANCE\INTERACTION\CLIENT\RATOOLBAR.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTE ASSISTANCE\INTERACTION\CLIENT\SETTING.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTE ASSISTANCE\COMMON\CONNISSUE.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTE ASSISTANCE\COMMON\LEARNINTERNET.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTE ASSISTANCE\COMMON\RAHELP.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\REMOTE ASSISTANCE\COMMON\RCMOREINFO.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\PANELS\BLANK.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\NETDIAG\DGLOGS.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\NETDIAG\DGLOGSHELP.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\ERRORS\BADURL.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\ERRORS\CONNECTION.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\ERRORS\INDEXFIRSTLEVEL.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\ERRORS\NOTFOUND.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\ERRORS\OFFLINE.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\ERRORS\REDIRECT.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\ERRORS\UNREACHABLE.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\ERRMSG\ERRORMESSAGESOFFLINE.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\COMPATCTR\ABOUTCOMPAT.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\COMPATCTR\COMPATMODE.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\COMPATCTR\COMPATOFFLINE.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\COMPATCTR\LEARNCOMPAT.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\BLURBS\ABOUT_SUPPORT.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\BLURBS\FAVORITES.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\BLURBS\FTSHELP.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\BLURBS\HISTORY.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\BLURBS\INDEX.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\BLURBS\ISUPPORT.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\BLURBS\KEYWORDHELP.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\BLURBS\OPTIONS.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\BLURBS\SEARCHBLURB.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\BLURBS\SEARCHTIPS.HTM (Disinfected)
* C:\WINDOWS\PCHEALTH\HELPCTR\SYSTEM\BLURBS\TOOLS.HTM (Disinfected)
* C:\WINDOWS\HELP\CIADMIN.HTM (Disinfected)
* C:\WINDOWS\HELP\MIGWIZ.HTM (Disinfected)
* C:\WINDOWS\HELP\MIGWIZ2.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\WINDOWSMEDIAPLAYER\CNT\CONTENTS.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\WINDOWSMEDIAPLAYER\AUDIO\SND.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\HTMLTOUR\BEST_ROAD.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\HTMLTOUR\BEST_ROBUST.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\HTMLTOUR\BEST_SECURE.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\HTMLTOUR\CONNECTED_DATA.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\HTMLTOUR\CONNECTED_MULTIPLE.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\HTMLTOUR\CONNECTED_NETWORKS.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\HTMLTOUR\CONNECTED_WIZARD.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\HTMLTOUR\DEFAULT.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\HTMLTOUR\FOOTER.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\HTMLTOUR\SAFE_BETTER.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\HTMLTOUR\SAFE_EASIER.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\HTMLTOUR\SAFE_FASTER.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\HTMLTOUR\START_CONTROL.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\HTMLTOUR\START_DESKTOP.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\HTMLTOUR\START_ENDING.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\HTMLTOUR\START_FILES.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\HTMLTOUR\START_ICONS.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\HTMLTOUR\START_MENU.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\HTMLTOUR\START_TASKBAR.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\HTMLTOUR\START_WINDOWS.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\HTMLTOUR\UNLOCK_BUILT.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\HTMLTOUR\UNLOCK_OPTIMIZED.HTM (Disinfected)
* C:\WINDOWS\HELP\TOURS\HTMLTOUR\UNLOCK_PLAYING.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\ACTIV.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\ACTIVSVC.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\ACTLAN.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\ACTSHELL.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\ADESKERR.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\BEST_ROAD.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\BEST_ROBUST.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\BEST_SECURE.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\CONNECTED_DATA.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\CONNECTED_MULTIPLE.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\CONNECTED_NETWORKS.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\CONNECTED_WIZARD.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\DEFAULT.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\DTSGNUP.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\FOOTER.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\ICS.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\IPP_0001.ASP (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\IPP_0002.ASP (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\IPP_0005.ASP (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\IPP_0006.ASP (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\IPP_0007.ASP (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\IPP_0010.ASP (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\MSOBSHEL.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\NETMEET.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\NEWEULA.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\SAFE_BETTER.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\SAFE_EASIER.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\SAFE_FASTER.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\START_CONTROL.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\START_DESKTOP.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\START_ENDING.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\START_FILES.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\START_ICONS.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\START_MENU.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\START_TASKBAR.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\START_WINDOWS.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\TIP.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\UNLOCK_BUILT.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\UNLOCK_OPTIMIZED.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\UNLOCK_PLAYING.HTM (Disinfected)
* C:\WINDOWS\$NTSERVICEPACKUNINSTALL$\WELCOME.HTM (Disinfected)
* C:\PROGRAM FILES\ZONE LABS\ZONEALARM\README.HTML (Disinfected)
* C:\PROGRAM FILES\XCHAT\FAQ.HTML (Disinfected)
* C:\PROGRAM FILES\XCHAT\PLUGIN20.HTML (Disinfected)
* C:\PROGRAM FILES\XCHAT\README.HTML (Disinfected)
* C:\PROGRAM FILES\WOLFENSTEIN - ENEMY TERRITORY\DOCS\V1.02_README.HTM (Disinfected)
* C:\PROGRAM FILES\WOLFENSTEIN - ENEMY TERRITORY\DOCS\V2.60_README.HTML (Disinfected)
* C:\PROGRAM FILES\WOLFENSTEIN - ENEMY TERRITORY\DOCS\HELP\DEFAULT.HTM (Disinfected)
* C:\PROGRAM FILES\WOLFENSTEIN - ENEMY TERRITORY\DOCS\HELP\_BORDERS\LEFT.HTM (Disinfected)
* C:\PROGRAM FILES\WOLFENSTEIN - ENEMY TERRITORY\DOCS\HELP\_BORDERS\TOP.HTM (Disinfected)
* C:\PROGRAM FILES\WOLFENSTEIN - ENEMY TERRITORY\DOCS\HELP\TECH HELP\DEFAULT.HTM (Disinfected)
* C:\PROGRAM FILES\WOLFENSTEIN - ENEMY TERRITORY\DOCS\HELP\TECH HELP\VENDOR\VENDOR.HTM (Disinfected)
* C:\PROGRAM FILES\WOLFENSTEIN - ENEMY TERRITORY\DOCS\HELP\TECH HELP\INFORMATION\SERVER SETUP.HTM (Disinfected)
* C:\PROGRAM FILES\WOLFENSTEIN - ENEMY TERRITORY\DOCS\HELP\TECH HELP\CUSTOMER SUPPORT\CUSTOMER_SUPPORT.HTM (Disinfected)
* C:\PROGRAM FILES\WOLFENSTEIN - ENEMY TERRITORY\DOCS\HELP\README\README.HTM (Disinfected)
* C:\PROGRAM FILES\WOLFENSTEIN - ENEMY TERRITORY\DOCS\HELP\MANUAL\HTML\MANUAL.HTML (Disinfected)
* C:\PROGRAM FILES\WOLFENSTEIN - ENEMY TERRITORY\DOCS\HELP\MANUAL\HTML\TOC.HTML (Disinfected)
* C:\PROGRAM FILES\WOLFENSTEIN - ENEMY TERRITORY\DOCS\HELP\MANUAL\HTML\TOP.HTML (Disinfected)
* C:\PROGRAM FILES\WOLFENSTEIN - ENEMY TERRITORY\DOCS\HELP\MANUAL\ET-PL\INDEX.HTM (Disinfected)
* C:\PROGRAM FILES\WOLFENSTEIN - ENEMY TERRITORY\DOCS\HELP\MANUAL\ET-AD\INDEX.HTM (Disinfected)
* C:\PROGRAM FILES\WOLFENSTEIN - ENEMY TERRITORY\DOCS\HELP\CREDITS\DEFAULT.HTM (Disinfected)
* C:\PROGRAM FILES\WOLFENSTEIN - ENEMY TERRITORY\DOCS\HELP\COMPATIBILITY\MSR.HTM (Disinfected)
* C:\PROGRAM FILES\VIEWPOINT\VIEWPOINT MANAGER\VIEWCPDATA\VMCTRL.HTML (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\ADMINISTRATION1.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\ADMINREGISTERPLAYERWITHSERVER.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\ALLOWREGISTRATION.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\AUTOOPERATOR.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\AUTOVOICE.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\AWAY.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\BANDWIDTHANDCODECS1.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\BANPLAYER.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\BLOCKWHISPERS.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\CHANNELADMIN.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\CHANNELCOMMANDER.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\CLIENTMANUAL.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\CLOSETEAMSPEAK.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\CLOSINGDOWNTHESERVER4.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\CLOSINGDOWNTHESERVER5.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\CONNECT.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\CREATECHANNEL.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\CREATESUBCHANNEL.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\DELETECHANNEL.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\DISCONNECT.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\EDITCHANNEL.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\FAQ.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\FEATURELIST.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\FREQUENTLYASKEDQUESTIONS.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\FREQUENTLYASKEDQUESTIONS1.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\GENERAL.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\GENERALINFORMATIONABOUTPORTSANDFIREWALLSFORSERVERS.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\GETCONNECTIONINFO.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\GLOSSARYOFTERMS.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\HOWITWORKS.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\HOWTORUNTHETEAMSPEAKSERVERASASERVICEUNDERWINXPAND20001.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\HOWTOSTART.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\HOWTOSTARTTEAMSPEAK.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\INPUTMUTED.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\INSTALLINGTHESERVER4.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\INSTALLINGTHESERVER5.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\KEYSETTINGS.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\KICKPLAYER.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\KICKPLAYERFROMCHANNEL.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\KICKPLAYERWITHREASON.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\LASTNOTES.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\LASTNOTES1.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\LICENSING1.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\LINUXINSTALLING.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\LOCALCONNECTIONINFO.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\LOGGINGIN1.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\LOGOUT1.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\MAINCONFIG1.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\MENUCHANNELS.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\MENUCONNECTION.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\MENUHELP.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\MENUINFO.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\MENUPLAYERS.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\MENURECORDING.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\MENUSELF.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\MENUSETTINGS.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\MISCELLANEOUS1.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\MUTE.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\MUTEMICROPHONE.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\MUTESPEAKERSHEADPHONE.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\OPERATOR.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\OPTIONS.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\OUTPUTMUTED.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\PORTS1.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\QILOSTMYSERVERADMINPASSWORD.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\QUICKCONNECT.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\QWHATPORTSDOESTHESERVERUSE.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\QWHATSUPPORTDOESTEAMSPEAKOFFER.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\RC2SERVERMANUAL-BLANK.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\RC2SERVERMANUAL-INDEX.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\RC2SERVERMANUAL-TOC.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\REGISTERWITHSERVER.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\REMOVEREGISTRATION.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\REQUESTVOICE.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\REQUIREMENTSTORUNTHETEAMSPEAK2SERVER1.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\SENDTEXTMESSAGETOALL.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\SENDTEXTMESSAGETOCHANNEL.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\SENDTEXTMESSAGETOPLAYER.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\SERVERADMIN.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\SERVERCONNECTIONINFO.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\SERVERCONNECTIONINFO1.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\SERVERPERMISSIONS1.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\SERVERSETTINGS1.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\SHOWIPBANS.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\SHOWPERMISSIONS.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\SOUNDINPUTOUTPUTSETTINGS.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\STARTINGTHESERVER1.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\STARTINGUPTHESERVER1.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\STARTSTOPRECORDING.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\SUPERADMIN1.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\SWITCHTOCHANNEL.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\TCPQUERYFUNCTION1.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\TEAMSPEAK2RC2CLIENTMANUAL.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\TEAMSPEAKRC2SERVERMANUAL1.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\THEPERMISSIONSYSTEM.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\THETEAMSPEAKCLIENTGUI.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\TS03-BLANK.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\TS03-INDEX.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\TSRC2-BLANK.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\TSRC2-INDEX.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\TSRC2-TOC.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\USEDCODECSANDSOMEWORDSABOUTQUALITY.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\USERMANAGER1.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\VOICE.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\WEBADMINNINGTHESERVER1.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\WEBPOST2.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\WEBPOST3.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\WHATDOINEEDFORTS.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\WHATISTHETEAMSPEAK2SERVER1.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\WHATISTS.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\WHATSNEWINRC2.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\WHATSNEWINTEAMSPEAKRELEASECANDIDATE21.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\WINDOWSINSTALLING.HTM (Disinfected)
* C:\PROGRAM FILES\TEAMSPEAK2_RC2\MANUAL\YOURIPS1.HTM (Disinfected)
* C:\PROGRAM FILES\SMART PROJECTS\ISOBUSTER\ONLINE\ISOBUSTER ONLINE.HTML (Disinfected)
* C:\PROGRAM FILES\SMART PROJECTS\ISOBUSTER\ONLINE\ORDER NOW.HTML (Disinfected)
* C:\PROGRAM FILES\REAL\REALPLAYER\PLAYRLIC.HTML (Disinfected)
* C:\PROGRAM FILES\REAL\REALPLAYER\README.HTML (Disinfected)
* C:\PROGRAM FILES\REAL\REALPLAYER\REALNETWORKS LICENSE.HTML (Disinfected)
* C:\PROGRAM FILES\REAL\REALPLAYER\FIRSTRUN\CONTEXT.HTML (Disinfected)
* C:\PROGRAM FILES\REAL\REALPLAYER\FIRSTRUN\MEDIABROWSER.HTML (Disinfected)
* C:\PROGRAM FILES\REAL\REALPLAYER\DATACACHE\LOGIN\WELCOME.HTML (Disinfected)
* C:\PROGRAM FILES\REAL\REALPLAYER\DATACACHE\GETMEDIA\404.HTML (Disinfected)
* C:\PROGRAM FILES\REAL\REALPLAYER\DATACACHE\GETMEDIA\CTW.HTML (Disinfected)
* C:\PROGRAM FILES\REAL\REALPLAYER\DATACACHE\GETMEDIA\CUSTSUPPORT.HTML (Disinfected)
* C:\PROGRAM FILES\REAL\REALPLAYER\DATACACHE\GETMEDIA\HOME.HTML (Disinfected)
* C:\PROGRAM FILES\REAL\REALPLAYER\DATACACHE\GETMEDIA\LFR.HTML (Disinfected)
* C:\PROGRAM FILES\REAL\REALPLAYER\DATACACHE\GETMEDIA\MAIN.HTML (Disinfected)
* C:\PROGRAM FILES\REAL\REALPLAYER\DATACACHE\GETMEDIA\MYACCT.HTML (Disinfected)
* C:\PROGRAM FILES\REAL\REALPLAYER\DATACACHE\GETMEDIA\UPSELL.HTM (Disinfected)
* C:\PROGRAM FILES\REAL\REALPLAYER\DATACACHE\DEVICES\DEVICESHOME.HTML (Disinfected)
* C:\PROGRAM FILES\REAL\REALPLAYER\DATACACHE\DEVICES\NODEVICE.HTML (Disinfected)
* C:\PROGRAM FILES\REAL\REALPLAYER\DATACACHE\ADMODULES\BLANK.HTML (Disinfected)
* C:\PROGRAM FILES\REAL\REALPLAYER\DATACACHE\ADMODULES\BOTTOMCHROME_BLANK.HTML (Disinfected)
* C:\PROGRAM FILES\QUICKTIME\QUICKTIME READ ME.HTM (Disinfected)
* C:\PROGRAM FILES\OPENOFFICE.ORG1.1.4\LICENSE.HTML (Disinfected)
* C:\PROGRAM FILES\OPENOFFICE.ORG1.1.4\README.HTML (Disinfected)
* C:\PROGRAM FILES\OPENOFFICE.ORG1.1.4\THIRDPARTYLICENSEREADME.HTML (Disinfected)
* C:\PROGRAM FILES\OPENOFFICE.ORG1.1.4\SHARE\TEMPLATE\ENGLISH\INTERNAL\URL_TRANSFER.HTM (Disinfected)
* C:\PROGRAM FILES\OPENOFFICE.ORG1.1.4\SHARE\README\LICENSE01.HTML (Disinfected)
* C:\PROGRAM FILES\OPENOFFICE.ORG1.1.4\SHARE\README\README01.HTML (Disinfected)
* C:\PROGRAM FILES\OPENOFFICE.ORG1.1.4\SHARE\DTD\MATH\1_01\W3C_IPR_SOFTWARE_NOTICE.HTML (Disinfected)
* C:\PROGRAM FILES\OPENOFFICE.ORG1.1.4\SHARE\CONFIG\WEBCAST\EDITPIC.ASP (Disinfected)
* C:\PROGRAM FILES\OPENOFFICE.ORG1.1.4\SHARE\CONFIG\WEBCAST\POLL.ASP (Disinfected)
* C:\PROGRAM FILES\OPENOFFICE.ORG1.1.4\SHARE\CONFIG\WEBCAST\SHOW.ASP (Disinfected)
* C:\PROGRAM FILES\OPENOFFICE.ORG1.1.4\SHARE\CONFIG\WEBCAST\WEBCAST.ASP (Disinfected)
* C:\PROGRAM FILES\OPENOFFICE.ORG1.1.4\HELP\EN\ERR.HTML (Disinfected)
* C:\PROGRAM FILES\NORTON SECURITY SCAN\HELP.HTM (Disinfected)
* C:\PROGRAM FILES\NETMEETING\NETMEET.HTM (Disinfected)
* C:\PROGRAM FILES\MSN\MSNCOREFILES\MSNREAD.HTM (Disinfected)
* C:\PROGRAM FILES\MAIET\GUNZ\PATCHLOG.HTML (Disinfected)
* C:\PROGRAM FILES\COMMON FILES\SYSTEM\ADO\MDACREADME.HTM (Disinfected)
* C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\UI\MSGOFF.HTM (Disinfected)
* C:\PROGRAM FILES\COMMON FILES\NULLSOFT\ACTIVEX\2.6\AMPXTEST.HTML (Disinfected)
* C:\PROGRAM FILES\AVSMEDIA\VIDEOTOOLS\VIDEOREMAKER\DVDHELP\CONTENT.HTM (Disinfected)
* C:\PROGRAM FILES\AIM6\SERVICES\IMAPP\VER6_1_41_2\CONTENT\PREFS\MESSAGETEMPLATE.HTML (Disinfected)
* C:\PROGRAM FILES\AIM6\SERVICES\IMAPP\VER6_1_41_2\CONTENT\IM\DEFAULT.HTM (Disinfected)
* C:\PROGRAM FILES\AIM6\SERVICES\IMAPP\VER6_1_41_2\CONTENT\IM\TEMPLATE.HTML (Disinfected)
* C:\PROGRAM FILES\AIM6\SERVICES\IMAPP\VER6_1_41_2\CONTENT\IM\TEMPLATEUSER.HTML (Disinfected)
* C:\PROGRAM FILES\AIM\BL_GAMES.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\DAN\DESKTOP\254303.HTML (Disinfected)
* C:\DOCUMENTS AND SETTINGS\DAN\DESKTOP\ADOBE PREMIERE PRO\PREMIERE PRO\ADOBE READER 6.0\README.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\TRITON_SUITE_INSTALL_6.0.28.3\HTML\AREYOUSURE.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\TRITON_SUITE_INSTALL_6.0.28.3\HTML\CANCELEDINSTALL.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\TRITON_SUITE_INSTALL_6.0.28.3\HTML\CANCELINGINSTALL.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\TRITON_SUITE_INSTALL_6.0.28.3\HTML\CLOSERUNNING.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\TRITON_SUITE_INSTALL_6.0.28.3\HTML\CONGRATS1.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\TRITON_SUITE_INSTALL_6.0.28.3\HTML\CONGRATS2.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\TRITON_SUITE_INSTALL_6.0.28.3\HTML\CONGRATS3.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\TRITON_SUITE_INSTALL_6.0.28.3\HTML\CONGRATS4.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\TRITON_SUITE_INSTALL_6.0.28.3\HTML\ERROR_FAILEDDISKSPACECHECK.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\TRITON_SUITE_INSTALL_6.0.28.3\HTML\EULA.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\TRITON_SUITE_INSTALL_6.0.28.3\HTML\EXISTNEWERVERSION.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\TRITON_SUITE_INSTALL_6.0.28.3\HTML\INSTALLINGPROGRESS.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\TRITON_SUITE_INSTALL_6.0.28.3\HTML\LEGAL.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\TRITON_SUITE_INSTALL_6.0.28.3\HTML\LEGALAGREEMENT.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\TRITON_SUITE_INSTALL_6.0.28.3\HTML\NOQUALIFY.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\TRITON_SUITE_INSTALL_6.0.28.3\HTML\NOTHINGTODO.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\TRITON_SUITE_INSTALL_6.0.28.3\HTML\PREPARING.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\TRITON_SUITE_INSTALL_6.0.28.3\HTML\PRIVACY.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\TRITON_SUITE_INSTALL_6.0.28.3\HTML\PRIVACYPOLICY.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\TRITON_SUITE_INSTALL_6.0.28.3\HTML\PRODUCTDETECTED.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\TRITON_SUITE_INSTALL_6.0.28.3\HTML\REBOOTPENDING.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\TRITON_SUITE_INSTALL_6.0.28.3\HTML\TOS.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\TRITON_SUITE_INSTALL_6.0.28.3\HTML\WARNING.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\SUD4131\HTML\AREYOUSURE.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\SUD4131\HTML\CANCELEDINSTALL.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\SUD4131\HTML\CANCELINGINSTALL.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\SUD4131\HTML\CLOSERUNNING.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\SUD4131\HTML\CONGRATS1.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\SUD4131\HTML\CONGRATS2.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\SUD4131\HTML\CONGRATS3.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\SUD4131\HTML\CONGRATS4.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\SUD4131\HTML\ERROR_FAILEDDISKSPACECHECK.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\SUD4131\HTML\EULA.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\SUD4131\HTML\EXISTNEWERVERSION.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\SUD4131\HTML\INSTALLINGPROGRESS.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\SUD4131\HTML\LEGAL.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\SUD4131\HTML\LEGALAGREEMENT.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\SUD4131\HTML\NOQUALIFY.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\SUD4131\HTML\NOTHINGTODO.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\SUD4131\HTML\PREPARING.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\SUD4131\HTML\PRIVACY.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\SUD4131\HTML\PRIVACYPOLICY.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\SUD4131\HTML\PRODUCTDETECTED.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\SUD4131\HTML\REBOOTPENDING.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\SUD4131\HTML\TOS.HTM (Disinfected)
* C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\AOL DOWNLOADS\SUD4131\HTML\WARNING.HTM (Disinfected)

Statistics
Scanned:

* Files: 34386
* System: 4523
* Not scanned: 3

Actions:

* Disinfected: 550
* Renamed: 2
* Deleted: 0
* None: 16
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{DDD52483-12A4-466A-896C-F5F6AC9A2B74}.BIN
  • 0

Advertisements

#11
MoNsTeReNeRgY22
Posted 31 October 2007 - 08:01 PM

MoNsTeReNeRgY22

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,539 posts
Hello again,

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#12
nekropsycho
Posted 01 November 2007 - 12:31 PM

nekropsycho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hey! here's the report (attached)

Attached Files


  • 0

#13
MoNsTeReNeRgY22
Posted 02 November 2007 - 10:36 AM

MoNsTeReNeRgY22

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,539 posts
You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Step 1:
Download the eScan Antivirus Toolkit Here. Save it to the Desktop, it is roughly 10MB in size.
Before running the program we need to update the signature files first in Step 2.

Step 2:
Updating the eScan Antivirus Toolkit with the latest files:

1.) Double-click on the mwav.exe file saved to the Desktop; it will extract the program files to a new folder called Kaspersky at the root of the C:\drive. (C:\Kaspersky.)

2.) Double-click on My Computer, double-click on the Hard Drive (usually the C:\drive), find and double-click on the Kaspersky folder; inside the Kaspersky folder, find and double-click on the kavupd.exe file. Double-clicking on the kavupd.exe file opens the Windows command prompt (DOS screen) and updates the program with all the latest signature files.

3.) After the update is complete, the bottom of the command prompt will read "Press any key to continue", press any key to close the screen. Close eScan for now. You need to also close all Windows Explorer windows (or "My Computer" windows) to allow a refresh.

4.) *Important* : in order to complete the update process, you must now do the following:

- Using Windows Explorer (or "My Computer"), go to C:\Downloads and "Copy" all files present in that folder
- "Paste" the files in C:\Kaspersky
- Allow the overwriting of existing files, when prompted
- Close Windows Explorer

Please do not run a scan with the eScan Antivirus Toolkit utility yet.

Step 3:
Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Step 4:
From Safe Mode, run the eScan Antivirus Toolkit. Please follow these instructions:

1.) To run the eScan Antivirus Toolkit program, look for a file called mwavscan.com inside the C:\Kaspersky folder.

2.) Double-click on the mwavscan.com file; this will open the eScan program.

3.) With the eScan interface on your Desktop, make sure that these boxes under Scan Option are checked : Memory, Registry, Startup Folders, System Folders, Services.

4.) Check the Drive box, this will enable the All Local Drives radio button below it. Make sure it is activated.

5.) Below these boxes, make sure the box Scan All Files is checked, not Program Files.

6.) Click the Scan Clean button and let the utility run until it completes a thorough scan of your hard drive. When the scan has finished it will read Scan Completed. Do not Exit the tool just yet.

7.) Open a new NotePad file (click on "Start" >> "All Programs" >>"Accessories" >> "NotePad"), then Copy/Paste the content of the Virus Log Information window into that file, and save it. eScan also creates a full log inside the C:\Kaspersky folder (named mwav.log), but it is huge and cannot be posted on a forum. Please post the content of the log you have saved (into NotePad) in your next reply, once all steps are completed.

Reboot your computer into normal Windows.
  • 0

#14
nekropsycho
Posted 03 November 2007 - 04:56 PM

nekropsycho

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
hello again :) here's the virus log info

File C:\WINDOWS\system32\WINJYG32.0LL infected by "Trojan.Win32.Dialer.qn" Virus. Action Taken: File Deleted.
File C:\Documents and Settings\Dan\Desktop\backups\backup-20071030-010738-836.dll tagged as not-a-virus:AdWare.Win32.BHO.de. No Action Taken.
File C:\Documents and Settings\Dan\Desktop\Setup(2).exe tagged as not-a-virus:AdTool.Win32.Zango.b. No Action Taken.
File C:\Documents and Settings\Dan\Local Settings\Application Data\Mozilla\Firefox\Profiles\15txl3tw.Dan\Cache\3DBFBE0Fd01 tagged as not-a-virus:AdTool.Win32.Zango.b. No Action Taken.
File C:\Program Files\Adobe\Premiere Pro\Help\0_0_0_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\0_1_0_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\0_2_0_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\0_3_0_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\0_4_0_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\0_5_0_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\0_6_0_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\0_7_0_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_0_0_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_0_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_10_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_10_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_10_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_10_3.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_10_4.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_10_5.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_11_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_11_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_11_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_11_3.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_12_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_13_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_14_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_1_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_2_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_3_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_3_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_3_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_3_3.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_3_4.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_4_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_4_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_4_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_4_3.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_4_4.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_4_5.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_5_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_5_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_5_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_6_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_6_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_6_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_7_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_8_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_8_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_8_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_8_3.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_9_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_9_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_10_9_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_0_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_10_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_1_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_2_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_3_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_4_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_5_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_5_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_5_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_5_3.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_5_4.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_5_5.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_5_6.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_5_7.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_6_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_6_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_6_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_6_3.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_6_4.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_6_5.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_6_6.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_7_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_7_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_7_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_7_3.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_8_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_11_9_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_0_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_10_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_10_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_10_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_11_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_11_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_11_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_11_3.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_11_4.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_11_5.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_11_6.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_11_7.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_11_8.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_12_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_12_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_12_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_13_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_13_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_13_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_14_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_14_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_14_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_15_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_16_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_16_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_16_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_17_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_10.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_11.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_12.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_13.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_14.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_15.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_16.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_17.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_18.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_19.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_20.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_21.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_22.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_23.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_24.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_25.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_26.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_27.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_28.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_29.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_3.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_30.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_31.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_32.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_33.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_34.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_35.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_36.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_37.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_38.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_39.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_4.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_40.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_41.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_42.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_43.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_44.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_45.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_46.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_47.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_48.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_49.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_5.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_50.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_51.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_52.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_53.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_54.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_55.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_56.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_57.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_58.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_59.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_6.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_60.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_61.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_62.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_63.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_64.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_65.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_66.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_67.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_68.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_69.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_7.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_70.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_71.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_72.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_73.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_74.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_75.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_76.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_77.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_78.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_79.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_8.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_80.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_81.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_82.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_83.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_84.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_85.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_86.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_87.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_88.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_89.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_9.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_90.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_91.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_92.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_18_93.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_19_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_19_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_19_10.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_19_11.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_19_12.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_19_13.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_19_14.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_19_15.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_19_16.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_19_17.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_19_18.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_19_19.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_19_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_19_20.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_19_3.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_19_4.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_19_5.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_19_6.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_19_7.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_19_8.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_19_9.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_1_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_20_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_21_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_2_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_3_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_3_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_4_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_5_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_6_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_7_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_7_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_8_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_12_9_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_0_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_10_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_11_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_12_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_13_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_14_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_14_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_14_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_14_3.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_14_4.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_15_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_16_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_17_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_18_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_18_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_18_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_18_3.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_18_4.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_19_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_19_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_19_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_19_3.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_1_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_20_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_2_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_2_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_3_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_3_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_3_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_3_3.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_4_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_4_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_4_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_4_3.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_4_4.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_4_5.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_4_6.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_5_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_6_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_6_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_6_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_6_3.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_7_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_8_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_13_9_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_14_0_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_14_1_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_14_2_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_14_3_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_14_4_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_14_5_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_15_0_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_15_1_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_1_0_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_1_1_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_1_2_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_1_3_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_1_3_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_1_3_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_1_3_3.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_1_3_4.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_1_3_5.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_1_3_6.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_1_3_7.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_1_4_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_1_4_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_1_4_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_1_4_3.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_1_4_4.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_1_5_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_1_6_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_2_0_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_2_1_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_2_2_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_2_3_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_2_4_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_2_5_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_2_6_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_2_7_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_3_0_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_3_1_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_3_2_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_3_3_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_3_4_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_3_5_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_3_6_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_0_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_10_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_11_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_12_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_13_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_14_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_15_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_15_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_15_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_15_3.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_16_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_16_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_16_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_17_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_17_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_17_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_17_3.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_18_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_18_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_18_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_18_3.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_18_4.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_1_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_2_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_3_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_4_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_5_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_6_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_6_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_6_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_6_3.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_6_4.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_7_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_8_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_4_9_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_5_0_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_5_10_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_5_11_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_5_12_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_5_12_1.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_5_12_2.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_5_12_3.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_5_12_4.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_5_13_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_5_14_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_5_15_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_5_16_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adobe\Premiere Pro\Help\1_5_17_0.html.tmp infected by "Worm.Win32.Mefir.p" Virus. Action Taken: File Disinfected.
File C:\Program Files\Adob
  • 0

#15
MoNsTeReNeRgY22
Posted 03 November 2007 - 08:06 PM

MoNsTeReNeRgY22

    Member 2k

  • Member
  • PipPipPipPipPip
  • 2,539 posts
It appears the log got cut off due to being too long, can you please post the rest.

Also please do the following.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Edited by MoNsTeReNeRgY22, 03 November 2007 - 08:06 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP