xxxxxxxx<==Link Removed
also can anyone help me remove drsmartload.exe?
everytime i open my computer, a number of this also pops up:
xxxxxxx<==Link Removed
tnx very much
Edited by Trevuren, 16 April 2006 - 12:00 AM.
[help]remove toolbar888 and popups [RESOLVED]
Started by
masoliar
, Apr 15 2006 11:34 PM
-
This topic is locked
#1
Posted 15 April 2006 - 11:34 PM
masoliar
-
- Member
-
- 24 posts
Member
xxxxxxxx<==Link Removed
also can anyone help me remove drsmartload.exe?
everytime i open my computer, a number of this also pops up:
xxxxxxx<==Link Removed
tnx very much
#2
Posted 16 April 2006 - 12:00 AM
Trevuren
-
- Retired Staff
-
- 18,699 posts
Old Dog
Hi masoliar and welcome to the Geeks to Go Forums.
My name is Trevuren and I will be helping you with your log.
Download and run the following HijackThis autoinstall program from Here . Please choose the default location of C:\Program Files\ as the destination. You will be prompted to create a shortcut on your desktop. ACCEPT. HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!
DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER
Regards,
Trevuren
My name is Trevuren and I will be helping you with your log.
Download and run the following HijackThis autoinstall program from Here . Please choose the default location of C:\Program Files\ as the destination. You will be prompted to create a shortcut on your desktop. ACCEPT. HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!
- Run HijackThis
- Click SCAN and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')
- POST the log into this thread using 'Add Reply' (Ctrl-V to 'paste')
DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER
Regards,
Trevuren
#3
Posted 16 April 2006 - 08:11 PM
masoliar
- Topic Starter
-
- Member
-
- 24 posts
Member
Logfile of HijackThis v1.99.1
Scan saved at 10:17:25 AM, on 4/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network\ipnetwork.exe
C:\WINDOWS\System32\microsloft.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\ssms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\sychost32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Common Files\Windows\services32.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\YSIGet\YSIGet.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\tbu02640\TOOLBA~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\tbu02640\ToolBar888.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - HKLM\..\Run: [Windows Logon 32bit script] c:\oldbag.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\RunServices: [Microsoft Configururation 32] microsloft.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Write a Review... - http://client.alexa....ions/review.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {207048D8-A40B-4505-AE24-92FF13BEB269} (myDancerCTL Class) - http://web.spaceillu...yDancer1020.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...ysb_regular.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.media-mo...s/joysavsht.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangoc...1b37b6906113080
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma...ersion=1,0,0,10
O16 - DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} (SiUpdaterCtrl Class) - http://web.spaceillu...Updater1015.cab
O16 - DPF: {C7B5B451-3E26-43B7-BE07-EF3FAA473E94} (Component Class) - http://login.hanbito.../cab/LSnSSO.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupga...Crypt/npkcx.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dXNlcg\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: windows file explorer (explorer) - Unknown owner - C:\WINDOWS\ssms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: norton (nortons) - Unknown owner - C:\WINDOWS\nvsnav.exe (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)
O23 - Service: Microsoft Windows HelpFile (Windows Helpfile) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: Windows System Host - Unknown owner - C:\WINDOWS\sychost32.exe
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
Scan saved at 10:17:25 AM, on 4/17/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network\ipnetwork.exe
C:\WINDOWS\System32\microsloft.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\ssms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\sychost32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Photoshop CS\Photoshop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Common Files\Windows\services32.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\YSIGet\YSIGet.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.fin...siteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.fin...siteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\tbu02640\TOOLBA~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\tbu02640\ToolBar888.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - HKLM\..\Run: [Windows Logon 32bit script] c:\oldbag.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\RunServices: [Microsoft Configururation 32] microsloft.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Write a Review... - http://client.alexa....ions/review.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {207048D8-A40B-4505-AE24-92FF13BEB269} (myDancerCTL Class) - http://web.spaceillu...yDancer1020.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.co...ysb_regular.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.media-mo...s/joysavsht.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangoc...1b37b6906113080
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma...ersion=1,0,0,10
O16 - DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} (SiUpdaterCtrl Class) - http://web.spaceillu...Updater1015.cab
O16 - DPF: {C7B5B451-3E26-43B7-BE07-EF3FAA473E94} (Component Class) - http://login.hanbito.../cab/LSnSSO.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupga...Crypt/npkcx.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\dXNlcg\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: windows file explorer (explorer) - Unknown owner - C:\WINDOWS\ssms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: norton (nortons) - Unknown owner - C:\WINDOWS\nvsnav.exe (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Performance True Type Font (PerfFont) - Unknown owner - C:\WINDOWS\System32\perfont.exe (file missing)
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)
O23 - Service: Microsoft Windows HelpFile (Windows Helpfile) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: Windows System Host - Unknown owner - C:\WINDOWS\sychost32.exe
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
Edited by masoliar, 16 April 2006 - 08:18 PM.
#4
Posted 16 April 2006 - 08:54 PM
Trevuren
-
- Retired Staff
-
- 18,699 posts
Old Dog
Please download WebRoot SpySweeper from HERE (It's a 14-day trial):
Trevuren
- Click Download Now to download the program.
- Install it. Once the program is installed, it will open.
- It will prompt you to update to the latest definitions, click Yes.
- Once the definitions are installed, click Options on the left side.
- Click the Sweep Options tab.
- Under What to Sweep please put a check next to the following:
- Sweep Memory
- Sweep Registry
- Sweep Cookies
- Sweep All User Accounts
- Enable Direct Disk Sweeping
- Sweep Contents of Compressed Files
- Sweep for Rootkits
- Please UNCHECK Do not Sweep System Restore Folder.
- Click Sweep Now on the left side.
- Click the Start button.
- When it's done scanning, click the Next button.
- Make sure everything has a check next to it, then click the Next button.
- It will remove all of the items found.
- Click Session Log in the upper right corner, copy everything in that window.
- Click the Summary tab and click Finish.
- Paste the contents of the session log you copied into your next reply along with a fresh HJT log.
Trevuren
#5
Posted 18 April 2006 - 03:18 AM
masoliar
- Topic Starter
-
- Member
-
- 24 posts
Member
********
4:01 PM: | Start of Session, Tuesday, April 18, 2006 |
4:01 PM: Spy Sweeper started
4:01 PM: Sweep initiated using definitions version 659
4:01 PM: Starting Memory Sweep
4:04 PM: Found Trojan Horse: trojan downloader matcash
4:04 PM: Detected running threat: C:\Program Files\Common Files\Windows\services32.exe (ID = 184143)
4:04 PM: Found Adware: maxifiles
4:04 PM: Detected running threat: C:\Program Files\Toolbar888\tbu02640\ToolBar888.dll (ID = 244763)
4:04 PM: Memory Sweep Complete, Elapsed Time: 00:03:38
4:04 PM: Starting Registry Sweep
4:04 PM: Found Adware: findthewebsiteyouneed hijack
4:04 PM: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 125241)
4:04 PM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 125242)
4:04 PM: Found Adware: ist istbar
4:04 PM: HKLM\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\ (9 subtraces) (ID = 129103)
4:04 PM: HKCR\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\ (9 subtraces) (ID = 129190)
4:05 PM: Found Adware: elitemediagroup-mediamotor
4:05 PM: HKCR\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\ (5 subtraces) (ID = 140032)
4:05 PM: HKLM\software\microsoft\windows\currentversion\uninstall\media-motor\ (2 subtraces) (ID = 140208)
4:05 PM: HKLM\software\mm\ (1 subtraces) (ID = 140211)
4:05 PM: Found Adware: ist yoursitebar
4:05 PM: HKCR\clsid\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\ (6 subtraces) (ID = 147829)
4:05 PM: HKLM\software\microsoft\code store database\distribution units\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\ (10 subtraces) (ID = 147850)
4:05 PM: Found Adware: ist software
4:05 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/ysbactivex.dll\ (2 subtraces) (ID = 147854)
4:05 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\ysbactivex.dll (ID = 147857)
4:05 PM: Found Adware: winad
4:05 PM: HKCR\mediagatewayx.installer\ (5 subtraces) (ID = 372857)
4:05 PM: HKCR\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 372859)
4:05 PM: HKLM\software\classes\mediagatewayx.installer\ (5 subtraces) (ID = 398902)
4:05 PM: HKLM\software\classes\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 398904)
4:05 PM: HKU\.default\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555438)
4:05 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 763026)
4:05 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028)
4:05 PM: HKCR\clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\ (15 subtraces) (ID = 815132)
4:05 PM: HKLM\software\classes\clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\ (15 subtraces) (ID = 815145)
4:05 PM: Found Adware: 180search assistant/zango
4:05 PM: HKLM\software\microsoft\code store database\distribution units\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\ (10 subtraces) (ID = 832871)
4:05 PM: Found Adware: command
4:05 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ (7 subtraces) (ID = 892523)
4:05 PM: Found Adware: dollarrevenue
4:05 PM: HKLM\software\policies\ || {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} (ID = 916803)
4:05 PM: HKLM\software\classes\clsid\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\ (6 subtraces) (ID = 920458)
4:05 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || nomodify (ID = 958653)
4:05 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || noremove (ID = 958654)
4:05 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || norepair (ID = 958655)
4:05 PM: HKLM\system\currentcontrolset\services\cmdservice\ (12 subtraces) (ID = 958670)
4:05 PM: HKLM\software\policies\ || {6bf52a52-394a-11d3-b153-00c04f79faa6} (ID = 967836)
4:05 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064)
4:05 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072)
4:05 PM: HKCR\mediagatewayx.installer.1\ (3 subtraces) (ID = 1023379)
4:05 PM: HKCR\appid\{d28cd14c-50be-4cfa-951e-b37f25da3472}\ (1 subtraces) (ID = 1023385)
4:05 PM: HKCR\typelib\{981bda1d-c8ad-46ff-be2c-fddd859ac6f5}\ (9 subtraces) (ID = 1023387)
4:05 PM: HKLM\software\classes\typelib\{981bda1d-c8ad-46ff-be2c-fddd859ac6f5}\ (9 subtraces) (ID = 1023399)
4:05 PM: HKLM\software\classes\mediagatewayx.installer.1\ (3 subtraces) (ID = 1023409)
4:05 PM: HKLM\software\policies\ || {645ff040-5081-101b-9f08-00aa002f954e} (ID = 1036890)
4:05 PM: HKCR\appid\activex.dll\ || appid (ID = 1049592)
4:05 PM: HKLM\software\classes\appid\{d28cd14c-50be-4cfa-951e-b37f25da3472}\ (1 subtraces) (ID = 1049593)
4:05 PM: HKLM\software\classes\appid\activex.dll\ || appid (ID = 1049594)
4:05 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be}\ (7 subtraces) (ID = 1110756)
4:05 PM: Found Trojan Horse: trojan-backdoor-netpt
4:05 PM: HKLM\system\currentcontrolset\enum\root\legacy_netpt\ (10 subtraces) (ID = 1125342)
4:05 PM: HKLM\system\currentcontrolset\enum\root\legacy_perffont\ (8 subtraces) (ID = 1125354)
4:05 PM: HKLM\system\currentcontrolset\services\netpt\ (12 subtraces) (ID = 1125365)
4:05 PM: HKLM\system\currentcontrolset\services\perffont\ (12 subtraces) (ID = 1128287)
4:05 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || uninstallstring (ID = 1134952)
4:05 PM: HKCR\xbtb04715.ietoolbar.1\ (3 subtraces) (ID = 1156344)
4:05 PM: HKCR\xbtb04715.ietoolbar\ (5 subtraces) (ID = 1156348)
4:05 PM: HKCR\toolband.xbtb04715.1\ (3 subtraces) (ID = 1156354)
4:05 PM: HKCR\toolband.xbtb04715\ (5 subtraces) (ID = 1156358)
4:05 PM: HKCR\xbtb04715.xbtb04715.1\ (3 subtraces) (ID = 1156364)
4:05 PM: HKCR\xbtb04715.xbtb04715\ (5 subtraces) (ID = 1156368)
4:05 PM: HKCR\clsid\{a8b0bded-64a5-495b-97da-42c0301e229b}\ (11 subtraces) (ID = 1156379)
4:05 PM: HKCR\typelib\{75e46ee7-404b-48ec-9326-c654f21f65bf}\ (9 subtraces) (ID = 1156391)
4:05 PM: HKLM\software\classes\toolband.xbtb04715\ (5 subtraces) (ID = 1156475)
4:05 PM: HKLM\software\classes\xbtb04715.xbtb04715.1\ (3 subtraces) (ID = 1156481)
4:05 PM: HKLM\software\classes\xbtb04715.xbtb04715\ (5 subtraces) (ID = 1156485)
4:05 PM: HKLM\software\classes\clsid\{a8b0bded-64a5-495b-97da-42c0301e229b}\ (11 subtraces) (ID = 1156496)
4:05 PM: HKLM\software\classes\typelib\{75e46ee7-404b-48ec-9326-c654f21f65bf}\ (9 subtraces) (ID = 1156508)
4:05 PM: HKLM\software\microsoft\windows\currentversion\uninstall\xbtb04715.xbtb04715toolbar\ (2 subtraces) (ID = 1156519)
4:05 PM: HKLM\software\classes\xbtb04715.ietoolbar.1\ (3 subtraces) (ID = 1156524)
4:05 PM: HKLM\software\classes\xbtb04715.ietoolbar\ (5 subtraces) (ID = 1156528)
4:05 PM: HKLM\software\classes\toolband.xbtb04715.1\ (3 subtraces) (ID = 1156534)
4:05 PM: Found Adware: cws-aboutblank
4:05 PM: HKU\S-1-5-21-823518204-113007714-682003330-1003\software\microsoft\internet explorer\main\ || homeoldsp (ID = 115923)
4:05 PM: HKU\S-1-5-21-823518204-113007714-682003330-1003\software\microsoft\internet explorer\main\ || default_search_url (ID = 125236)
4:05 PM: HKU\S-1-5-21-823518204-113007714-682003330-1003\software\microsoft\internet explorer\main\ || search bar (ID = 125237)
4:05 PM: HKU\S-1-5-21-823518204-113007714-682003330-1003\software\microsoft\internet explorer\main\ || search page (ID = 125238)
4:05 PM: HKU\S-1-5-21-823518204-113007714-682003330-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
4:05 PM: HKU\S-1-5-21-823518204-113007714-682003330-1003\software\microsoft\internet explorer\main\ || search bar (ID = 790268)
4:05 PM: HKU\S-1-5-21-823518204-113007714-682003330-1003\software\microsoft\internet explorer\main\ || default_search_url (ID = 790269)
4:05 PM: HKU\S-1-5-21-823518204-113007714-682003330-1003\software\xbtb04715\ (71 subtraces) (ID = 1156401)
4:05 PM: Registry Sweep Complete, Elapsed Time:00:00:31
4:05 PM: Starting Cookie Sweep
4:05 PM: Found Spy Cookie: fastclick cookie
4:05 PM: user@fastclick[2].txt (ID = 2651)
4:05 PM: Found Spy Cookie: accoona cookie
4:05 PM: user@accoona[1].txt (ID = 2041)
4:05 PM: Found Spy Cookie: advertising cookie
4:05 PM: user@advertising[1].txt (ID = 2175)
4:05 PM: Found Spy Cookie: bravenet cookie
4:05 PM: user@bravenet[2].txt (ID = 2322)
4:05 PM: Found Spy Cookie: yieldmanager cookie
4:05 PM: [email protected][2].txt (ID = 3751)
4:05 PM: Found Spy Cookie: tribalfusion cookie
4:05 PM: user@tribalfusion[1].txt (ID = 3589)
4:05 PM: Found Spy Cookie: statcounter cookie
4:05 PM: user@statcounter[1].txt (ID = 3447)
4:05 PM: Found Spy Cookie: server.iad.liveperson cookie
4:05 PM: [email protected][2].txt (ID = 3341)
4:05 PM: Found Spy Cookie: aptimus cookie
4:05 PM: [email protected][2].txt (ID = 2235)
4:05 PM: Found Spy Cookie: realmedia cookie
4:05 PM: user@realmedia[2].txt (ID = 3235)
4:05 PM: Found Spy Cookie: rn11 cookie
4:05 PM: user@rn11[2].txt (ID = 3261)
4:05 PM: Found Spy Cookie: atlas dmt cookie
4:05 PM: user@atdmt[2].txt (ID = 2253)
4:05 PM: Found Spy Cookie: hitslink cookie
4:05 PM: [email protected][2].txt (ID = 2790)
4:05 PM: Found Spy Cookie: screensavers.com cookie
4:05 PM: [email protected][1].txt (ID = 3298)
4:05 PM: Found Spy Cookie: 888 cookie
4:05 PM: user@888[1].txt (ID = 2019)
4:05 PM: Found Spy Cookie: azjmp cookie
4:05 PM: user@azjmp[2].txt (ID = 2270)
4:05 PM: [email protected][1].txt (ID = 3298)
4:05 PM: Found Spy Cookie: cassava cookie
4:05 PM: user@cassava[1].txt (ID = 2362)
4:05 PM: Found Spy Cookie: hbmediapro cookie
4:05 PM: [email protected][2].txt (ID = 2768)
4:05 PM: Found Spy Cookie: apmebf cookie
4:05 PM: user@apmebf[2].txt (ID = 2229)
4:05 PM: Found Spy Cookie: findthewebsiteyouneed cookie
4:05 PM: [email protected][1].txt (ID = 2673)
4:05 PM: Found Spy Cookie: domainsponsor cookie
4:05 PM: [email protected][1].txt (ID = 2535)
4:05 PM: [email protected][2].txt (ID = 2652)
4:05 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
4:05 PM: Starting File Sweep
4:05 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
4:05 PM: Found Adware: zquest
4:05 PM: sk02.exe (ID = 273586)
4:05 PM: dr140306.exe (ID = 267188)
4:05 PM: uninstall_nmon.vbs (ID = 231442)
4:08 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
4:08 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
4:08 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
4:08 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
4:08 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
4:08 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
4:08 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
4:08 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
4:08 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
4:08 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
4:08 PM: atmtd.dll (ID = 166754)
4:08 PM: atmtd.dll._ (ID = 166754)
4:08 PM: Warning: Failed to open file "c:\windows\system32\drivers\atapi.sys". The process cannot access the file because it is being used by another process
4:13 PM: xrh5w0.vbs (ID = 185675)
4:13 PM: mc-110-12-0000336.exe (ID = 246327)
4:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
4:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:13 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
4:13 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:13 PM: tbfp[1].avi (ID = 244762)
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf9e9e411-4b87-4380-bc4d-a86bb96be454.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb7202c59-221c-40e5-baab-d6575dea1def.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs91285dae-92f0-4017-815f-ca72f380c72f.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfc56b968-195a-44cc-b79d-f6eb185eafb7.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs61c46c88-80d3-43b4-a8ac-3876cf864b36.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3890b03b-f0ce-4869-adcb-290af8cab2a7.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs877a7103-85a8-41ca-9192-a2f66375df98.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3fbae2a2-3318-4fac-bb93-a8e257b183a8.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9ae4de94-5c06-449c-8d3f-b87a702bf6e0.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3837ff5f-f8d7-4ef4-8540-8ab49e058534.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsacff7752-41fd-462d-b4a5-dd610048bd61.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb56f41fe-0493-4440-be76-730975e65e40.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsab1238c6-3c85-43c1-b08a-551ad29c4415.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs365c4268-c5bf-4868-9b12-7cfe93050b5f.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs57ed72aa-fd96-4d67-ab11-6cadf00262cc.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc1610dcc-fc90-41e5-b27a-95a13cbf5c44.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf16020ac-ec57-468d-9f98-91aacd4d15b8.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs44e42745-981d-4dea-887e-639747d8481f.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc1860406-f7b9-4dd4-a278-06104911c6e2.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8d56d0ad-01f4-4765-a8ea-3e2f27b84c22.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs70f53c34-d0ac-4b9e-b4bd-c9da11354e00.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4a7c1ac3-ad37-4193-8b90-19f4d70c0d9d.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs02ef24bb-edc8-413e-ac64-b0ce31d36c43.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9f7b6260-1000-44b7-8252-a827e6e3206a.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs862c8577-e9bc-42b9-93ca-9c001c36585e.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs75ec7219-086b-4d43-a214-7bed75b10f70.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd4aa7d69-6d2c-4603-94b0-806c9fab859a.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs644fe0b6-b773-48de-a7d2-178f2cf34ddf.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs58c5a45e-e0eb-42c9-8ac5-11acd3a7ca1c.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc3afd3a2-bc31-4af5-8ad1-d51c099eaae1.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfab103b1-fe41-4171-91db-b3092d359217.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa62d1718-6c2e-4ab2-8137-e06f0f75dfe5.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc3df3d25-952f-4a85-a90f-82218e5e6ec5.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs29974061-34f6-4d09-9fe0-ffde122ed911.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse07314d1-e5da-449f-b03b-f64badf90a27.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs382bc2a1-a37f-412e-8fb3-419578741db5.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0c93fcfb-360e-4a9b-a08e-518e9934033f.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc0ca81d9-51e8-4518-8b26-74e9964f6434.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsea9cad29-ba84-4b24-b96b-328d5f91f2e3.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs427d212b-87d9-44b9-b973-951656f86b51.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs81525a0e-2f6e-4940-afc7-6e6e0e3782a0.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf128220c-3e9c-4737-b196-07f0753abf41.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs433ec455-4e6b-49de-9c34-dae7f9de7ab3.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs932d249c-a079-4e2c-86de-f644c6e6bf76.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs545b8b0f-e9ae-45e8-a19e-1b412fbeac02.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse01252ae-0872-4c2d-9953-a64e2069b6ef.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb07c43a0-7ebc-46fa-8976-8a361dc45f9f.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsec3363c0-9495-4a4e-aeb9-c21d4b0bb270.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs63144cc4-6d55-45d7-8c5f-638a9a508488.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb38a332d-0df4-4edc-aed7-599fdae38baa.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9d75d164-baaf-4dea-9e61-be5c6ce4a3b0.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf1acb616-9ba5-48cf-a673-2cf880c4f18b.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5ca311a2-eb1a-4754-bd4c-1bb782519b97.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbc89918e-645e-49e1-a8ff-6ee7df903dc5.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5c059b55-180f-4088-87de-6975c0ff63aa.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs880c3e2b-760f-4c9a-95fb-ab53e8a9983b.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3a90f2be-1ecd-4374-8192-e4cf39f210f6.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs55bb667b-0cf5-4ab0-b985-835cd68599de.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa4945525-b9da-4afb-b152-26c4dc842e3e.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsce407a1b-28ee-4594-909c-daacae26081a.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs27147a01-0804-4edc-9e08-11f03ce58aa7.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdbfc43b8-db52-4ce3-bcf5-1b20fe4b1c4c.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa7a45621-ac09-49f1-afb3-d6ce9b11dbe3.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfacbf513-cb01-44cd-a6fc-48e90d590ac0.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb5fdb49b-2604-4939-9f02-57af77eb1b74.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd6a0453c-5413-4614-b95b-a08997d2a75a.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb4204875-a95a-4dbe-b69e-98f2e21011c1.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsff76e4cf-b192-414d-af2a-0caf076e77cf.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs365100d7-c3e6-48e6-adf8-a885bec95104.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs328aa02e-13cb-483d-9be2-9c3c2586f47f.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbbbe1a0d-392a-4665-a258-af6a39b69ffc.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs46643c36-adac-408b-8834-669ae4c9f5d9.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4d2967fd-6312-42b1-990c-3deaaacad450.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs87a2c982-f39f-466a-9f0b-005b89c3a7be.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb212e96a-fbdc-4d03-adb7-9168869b4943.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs520da551-4aa0-4cb2-8fbc-d33d2c214de6.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6583b1a7-986b-45ab-8af3-623918106886.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2c24a262-d89b-4b08-a11c-5de47d7919d7.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs10e9a8b7-27db-4e1a-b45f-7afa2d89fc3c.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs87bc16af-d5e2-4aaf-8cf9-822f3a3d4077.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6ed8004e-0a89-4374-b4cc-fc22f2e6fc1a.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs443a2a16-27a4-48cf-9bf8-d572fb7946f4.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd2d86fea-2ffe-40b9-9aa3-6c4511983db7.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs42417bff-5615-4620-a42c-2ed275875251.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs38100198-1160-429e-8b23-9c1d94b81c5e.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4896dbfd-4fd0-45b4-bb44-b4f00cb13c53.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs293ae751-74e2-49b5-ad9f-e6e476540eed.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd238024c-230b-4f23-8335-3b7363c45c48.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse4a53b4e-99f0-4ebb-a753-1fc9535fe694.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsab40b67f-384a-4d7c-9e6a-e948e4720fdb.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs16b12785-5c34-48fa-9d20-c8ef45c6a3bb.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0a846aaf-e05b-418a-92e4-3912aec79123.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa1ef00a0-7ba2-4c6e-8e43-605cf8a956ef.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2a38888b-d615-419e-b578-97b03a998b24.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs48700618-9459-4edd-8e0f-025e9746f63c.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs85e3e612-6fce-4314-8165-a7856c425085.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs90957850-4c30-42c5-973f-9a756865c858.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs975418e7-b711-4978-a4d1-1bec0c7bbc74.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs99e6239f-d312-4e06-b6cd-60e637279c8f.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3d6a1012-5ef2-4f31-9b82-5d50034126c7.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0ceb6a6d-7330-4eba-a6e2-835091d22273.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9640aeb8-0c1d-462b-9b97-5ac02ab6a045.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa0db29a0-df7c-4f90-b0be-90fa7e7f615d.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse2f7bb4d-efb6-4ce9-abc2-e6d0ebabc753.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\user\ntuser.dat". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\user\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:14 PM: drdata[1].avi (ID = 190798)
4:14 PM: freeprodtb[2].exe (ID = 244762)
4:14 PM: launcher[1].exe (ID = 243410)
4:14 PM: tbfp[1].avi (ID = 244762)
4:14 PM: drdata[1].avi (ID = 190798)
4:14 PM: freeprodtb.exe (ID = 244762)
4:14 PM: Warning: Failed to open file "c:\documents and settings\user\local settings\temp\jet567c.tmp". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\user\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\user\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:17 PM: c:\program files\common files\inetget (2 subtraces) (ID = -2147477182)
4:17 PM: mc-110-12-0000336.exe (ID = 190798)
4:17 PM: freeprodtb.exe (ID = 244762)
4:17 PM: autoit3.exe (ID = 185254)
4:17 PM: services32.exe (ID = 184143)
4:17 PM: mc-110-12-0000336.exe (ID = 190798)
4:18 PM: Found Adware: cydoor peer-to-peer dependency
4:18 PM: cd_clint.dll (ID = 57300)
4:19 PM: Warning: Failed to open file "c:\program files\dap\history\_lasthist.dat". The process cannot access the file because it is being used by another process
4:20 PM: c:\program files\network monitor (ID = -2147459771)
4:22 PM: c:\program files\toolbar888 (19 subtraces) (ID = -2147456311)
4:22 PM: basis.xml (ID = 244764)
4:22 PM: toolbar888.dll (ID = 244763)
4:22 PM: basis.xml (ID = 244764)
4:22 PM: toolbar888.dll (ID = 244763)
4:24 PM: a0170522.exe (ID = 246327)
4:24 PM: Found Trojan Horse: sdbot
4:24 PM: a0170575.exe (ID = 252806)
4:24 PM: a0170577.exe (ID = 252806)
4:24 PM: a0170629.exe (ID = 270021)
4:24 PM: Found Adware: look2me
4:24 PM: a0170631.exe (ID = 65721)
4:24 PM: a0170632.exe (ID = 272212)
4:24 PM: a0170633.exe (ID = 65739)
4:24 PM: a0170634.dll (ID = 266849)
4:24 PM: a0170635.exe (ID = 272214)
4:24 PM: a0170637.exe (ID = 275855)
4:24 PM: a0170638.exe (ID = 168558)
4:24 PM: a0170639.exe (ID = 275853)
4:24 PM: a0170640.exe (ID = 275854)
4:24 PM: a0170644.exe (ID = 282343)
4:24 PM: a0170645.exe (ID = 282345)
4:24 PM: a0170648.exe (ID = 252806)
4:24 PM: a0170652.dll (ID = 159)
4:24 PM: a0170653.dll (ID = 159)
4:24 PM: a0170654.dll (ID = 159)
4:24 PM: a0170655.dll (ID = 159)
4:24 PM: a0170656.dll (ID = 159)
4:24 PM: a0170657.dll (ID = 159)
4:24 PM: a0170658.dll (ID = 159)
4:24 PM: a0170659.dll (ID = 159)
4:24 PM: a0170660.dll (ID = 159)
4:24 PM: a0170661.dll (ID = 159)
4:24 PM: a0170662.dll (ID = 159)
4:24 PM: a0170663.dll (ID = 159)
4:24 PM: a0170664.dll (ID = 159)
4:24 PM: Found Adware: purityscan
4:24 PM: a0170665.exe (ID = 73191)
4:24 PM: a0170666.exe (ID = 185985)
4:24 PM: a0170667.exe (ID = 73191)
4:24 PM: a0170668.exe (ID = 168558)
4:24 PM: a0170669.exe (ID = 282332)
4:24 PM: a0170670.exe (ID = 282416)
4:24 PM: a0170954.exe (ID = 246327)
4:24 PM: a0170674.dll (ID = 144945)
4:24 PM: a0170677.exe (ID = 144946)
4:24 PM: a0170678.exe (ID = 231443)
4:24 PM: a0170679.exe (ID = 258578)
4:24 PM: a0170680.exe (ID = 184143)
4:24 PM: a0170684.dll (ID = 244763)
4:24 PM: a0170699.exe (ID = 246327)
4:24 PM: a0170709.exe (ID = 246327)
4:24 PM: a0170711.exe (ID = 244762)
4:24 PM: a0170728.exe (ID = 190798)
4:24 PM: a0170733.exe (ID = 185254)
4:24 PM: a0170735.exe (ID = 244762)
4:24 PM: a0170763.exe (ID = 246327)
4:24 PM: a0170766.exe (ID = 190798)
4:24 PM: a0170768.exe (ID = 184143)
4:24 PM: a0170769.exe (ID = 185254)
4:24 PM: a0170771.exe (ID = 190798)
4:24 PM: a0170772.exe (ID = 244762)
4:24 PM: a0170773.dll (ID = 244763)
4:24 PM: a0170782.exe (ID = 246327)
4:24 PM: a0170785.exe (ID = 190798)
4:24 PM: a0170788.exe (ID = 184143)
4:24 PM: a0170789.exe (ID = 185254)
4:24 PM: a0170791.exe (ID = 190798)
4:24 PM: a0170792.exe (ID = 244762)
4:24 PM: a0170793.dll (ID = 244763)
4:24 PM: a0170842.exe (ID = 246327)
4:24 PM: a0170845.exe (ID = 190798)
4:24 PM: a0170849.exe (ID = 244762)
4:24 PM: a0170851.dll (ID = 244763)
4:24 PM: a0170862.exe (ID = 246327)
4:24 PM: a0170867.exe (ID = 190798)
4:24 PM: a0170868.exe (ID = 184143)
4:24 PM: a0170869.exe (ID = 185254)
4:24 PM: a0170871.exe (ID = 190798)
4:24 PM: a0170872.exe (ID = 244762)
4:24 PM: a0170873.dll (ID = 244763)
4:24 PM: a0170883.exe (ID = 246327)
4:24 PM: a0170886.exe (ID = 190798)
4:24 PM: a0170887.exe (ID = 184143)
4:24 PM: a0170888.exe (ID = 185254)
4:24 PM: a0170890.exe (ID = 190798)
4:24 PM: a0170891.exe (ID = 244762)
4:24 PM: a0170892.dll (ID = 244763)
4:24 PM: a0170905.exe (ID = 246327)
4:24 PM: a0170908.exe (ID = 190798)
4:24 PM: a0170912.exe (ID = 184143)
4:24 PM: a0170913.exe (ID = 185254)
4:24 PM: a0170915.exe (ID = 190798)
4:24 PM: a0170916.exe (ID = 244762)
4:24 PM: a0170917.dll (ID = 244763)
4:24 PM: a0170959.exe (ID = 190798)
4:24 PM: a0170960.exe (ID = 184143)
4:24 PM: a0170961.exe (ID = 185254)
4:24 PM: a0170963.exe (ID = 190798)
4:24 PM: a0170964.exe (ID = 244762)
4:24 PM: a0170965.dll (ID = 244763)
4:24 PM: a0171955.exe (ID = 246327)
4:24 PM: a0171958.exe (ID = 190798)
4:24 PM: a0171960.exe (ID = 184143)
4:24 PM: a0171961.exe (ID = 185254)
4:24 PM: a0171963.exe (ID = 190798)
4:25 PM: a0171964.exe (ID = 244762)
4:25 PM: a0171966.dll (ID = 244763)
4:25 PM: a0171995.exe (ID = 246327)
4:25 PM: a0171999.exe (ID = 190798)
4:25 PM: a0172000.exe (ID = 184143)
4:25 PM: a0172001.exe (ID = 185254)
4:25 PM: a0172003.exe (ID = 190798)
4:25 PM: a0172004.exe (ID = 244762)
4:25 PM: a0172012.exe (ID = 246327)
4:25 PM: a0172015.exe (ID = 243410)
4:25 PM: a0172053.exe (ID = 246327)
4:25 PM: a0173060.exe (ID = 246327)
4:25 PM: a0173077.exe (ID = 246327)
4:25 PM: a0173089.exe (ID = 246327)
4:25 PM: a0174100.exe (ID = 246327)
4:25 PM: a0175100.exe (ID = 246327)
4:25 PM: a0175103.exe (ID = 190798)
4:25 PM: a0175128.exe (ID = 184143)
4:25 PM: a0175129.exe (ID = 185254)
4:25 PM: a0175131.exe (ID = 190798)
4:25 PM: a0175133.dll (ID = 244763)
4:25 PM: a0175142.exe (ID = 246327)
4:25 PM: a0175146.exe (ID = 190798)
4:25 PM: a0175151.exe (ID = 184143)
4:25 PM: a0175152.exe (ID = 185254)
4:25 PM: a0175154.exe (ID = 190798)
4:25 PM: a0175156.exe (ID = 244762)
4:25 PM: a0175159.dll (ID = 244763)
4:25 PM: a0176142.exe (ID = 246327)
4:25 PM: a0176180.exe (ID = 246327)
4:25 PM: a0176184.exe (ID = 190798)
4:25 PM: a0176189.exe (ID = 184143)
4:25 PM: a0176190.exe (ID = 185254)
4:25 PM: a0176192.exe (ID = 190798)
4:25 PM: a0176193.dll (ID = 244763)
4:25 PM: a0176217.exe (ID = 246327)
4:25 PM: a0176220.exe (ID = 190798)
4:25 PM: a0176225.exe (ID = 184143)
4:25 PM: a0176226.exe (ID = 185254)
4:25 PM: a0176228.exe (ID = 190798)
4:25 PM: a0176229.exe (ID = 244762)
4:25 PM: a0176230.dll (ID = 244763)
4:28 PM: Warning: Unhandled Archive Type
4:43 PM: File Sweep Complete, Elapsed Time: 00:38:27
4:43 PM: Full Sweep has completed. Elapsed time 00:42:43
4:43 PM: Traces Found: 657
5:09 PM: Removal process initiated
5:09 PM: Quarantining All Traces: 180search assistant/zango
5:09 PM: Quarantining All Traces: cws-aboutblank
5:09 PM: Quarantining All Traces: ist istbar
5:09 PM: Quarantining All Traces: look2me
5:09 PM: Quarantining All Traces: purityscan
5:09 PM: Quarantining All Traces: sdbot
5:09 PM: Quarantining All Traces: trojan downloader matcash
5:10 PM: Quarantining All Traces: dollarrevenue
5:10 PM: Quarantining All Traces: elitemediagroup-mediamotor
5:10 PM: Quarantining All Traces: maxifiles
5:11 PM: Quarantining All Traces: trojan-backdoor-netpt
5:11 PM: Quarantining All Traces: winad
5:11 PM: Quarantining All Traces: zquest
5:11 PM: Quarantining All Traces: command
5:11 PM: Quarantining All Traces: findthewebsiteyouneed hijack
5:11 PM: Quarantining All Traces: ist software
5:11 PM: Quarantining All Traces: ist yoursitebar
5:11 PM: Quarantining All Traces: 888 cookie
5:11 PM: Quarantining All Traces: accoona cookie
5:11 PM: Quarantining All Traces: advertising cookie
5:11 PM: Quarantining All Traces: apmebf cookie
5:11 PM: Quarantining All Traces: aptimus cookie
5:11 PM: Quarantining All Traces: atlas dmt cookie
5:11 PM: Quarantining All Traces: azjmp cookie
5:11 PM: Quarantining All Traces: bravenet cookie
5:11 PM: Quarantining All Traces: cassava cookie
5:11 PM: Quarantining All Traces: domainsponsor cookie
5:11 PM: Quarantining All Traces: fastclick cookie
5:11 PM: Quarantining All Traces: findthewebsiteyouneed cookie
5:11 PM: Quarantining All Traces: hbmediapro cookie
5:11 PM: Quarantining All Traces: hitslink cookie
5:11 PM: Quarantining All Traces: realmedia cookie
5:11 PM: Quarantining All Traces: rn11 cookie
5:11 PM: Quarantining All Traces: screensavers.com cookie
5:11 PM: Quarantining All Traces: server.iad.liveperson cookie
5:11 PM: Quarantining All Traces: statcounter cookie
5:11 PM: Quarantining All Traces: tribalfusion cookie
5:11 PM: Quarantining All Traces: yieldmanager cookie
5:12 PM: Preparing to restart your computer. Please wait...
5:12 PM: Removal process completed. Elapsed time 00:03:17
5:14 PM: The Spy Communication shield has blocked access to: promo.dollarrevenue.com
5:14 PM: The Spy Communication shield has blocked access to: promo.dollarrevenue.com
5:14 PM: The Spy Communication shield has blocked access to: promo.dollarrevenue.com
5:14 PM: The Spy Communication shield has blocked access to: promo.dollarrevenue.com
5:14 PM: The Spy Communication shield has blocked access to: promo.dollarrevenue.com
5:14 PM: The Spy Communication shield has blocked access to: promo.dollarrevenue.com
5:14 PM: The Spy Communication shield has blocked access to: promo.dollarrevenue.com
5:14 PM: The Spy Communication shield has blocked access to: promo.dollarrevenue.com
5:15 PM: Spy Installation Shield: found: Trojan Horse: trojan downloader matcash, version 1.0.0.0 -- Execution Denied
********
3:57 PM: | Start of Session, Tuesday, April 18, 2006 |
3:57 PM: Spy Sweeper started
3:59 PM: BHO Shield: found: TOOLBA~1.DLL-- BHO installation denied at user request
4:00 PM: Your spyware definitions have been updated.
4:01 PM: | End of Session, Tuesday, April 18, 2006 |
Logfile of HijackThis v1.99.1
Scan saved at 5:17:38 PM, on 4/18/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network\ipnetwork.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\microsloft.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\ssms.exe
C:\WINDOWS\zaber.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\sychost32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis\HijackThis.exe
c:\gecko.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKL
4:01 PM: | Start of Session, Tuesday, April 18, 2006 |
4:01 PM: Spy Sweeper started
4:01 PM: Sweep initiated using definitions version 659
4:01 PM: Starting Memory Sweep
4:04 PM: Found Trojan Horse: trojan downloader matcash
4:04 PM: Detected running threat: C:\Program Files\Common Files\Windows\services32.exe (ID = 184143)
4:04 PM: Found Adware: maxifiles
4:04 PM: Detected running threat: C:\Program Files\Toolbar888\tbu02640\ToolBar888.dll (ID = 244763)
4:04 PM: Memory Sweep Complete, Elapsed Time: 00:03:38
4:04 PM: Starting Registry Sweep
4:04 PM: Found Adware: findthewebsiteyouneed hijack
4:04 PM: HKLM\software\microsoft\internet explorer\main\ || search page (ID = 125241)
4:04 PM: HKLM\software\microsoft\internet explorer\search\ || searchassistant (ID = 125242)
4:04 PM: Found Adware: ist istbar
4:04 PM: HKLM\software\classes\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\ (9 subtraces) (ID = 129103)
4:04 PM: HKCR\typelib\{67907b3c-a6ef-4a01-99ad-3fcd5f526429}\ (9 subtraces) (ID = 129190)
4:05 PM: Found Adware: elitemediagroup-mediamotor
4:05 PM: HKCR\clsid\{7149e79c-dc19-4c5e-a53c-a54ddf75eee9}\ (5 subtraces) (ID = 140032)
4:05 PM: HKLM\software\microsoft\windows\currentversion\uninstall\media-motor\ (2 subtraces) (ID = 140208)
4:05 PM: HKLM\software\mm\ (1 subtraces) (ID = 140211)
4:05 PM: Found Adware: ist yoursitebar
4:05 PM: HKCR\clsid\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\ (6 subtraces) (ID = 147829)
4:05 PM: HKLM\software\microsoft\code store database\distribution units\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\ (10 subtraces) (ID = 147850)
4:05 PM: Found Adware: ist software
4:05 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/ysbactivex.dll\ (2 subtraces) (ID = 147854)
4:05 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\ysbactivex.dll (ID = 147857)
4:05 PM: Found Adware: winad
4:05 PM: HKCR\mediagatewayx.installer\ (5 subtraces) (ID = 372857)
4:05 PM: HKCR\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 372859)
4:05 PM: HKLM\software\classes\mediagatewayx.installer\ (5 subtraces) (ID = 398902)
4:05 PM: HKLM\software\classes\mediagatewayx.installer\clsid\ (1 subtraces) (ID = 398904)
4:05 PM: HKU\.default\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555438)
4:05 PM: HKLM\software\microsoft\windows\currentversion\moduleusage\c:/windows/downloaded program files/mediagatewayx.dll\ (2 subtraces) (ID = 763026)
4:05 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\mediagatewayx.dll (ID = 763028)
4:05 PM: HKCR\clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\ (15 subtraces) (ID = 815132)
4:05 PM: HKLM\software\classes\clsid\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\ (15 subtraces) (ID = 815145)
4:05 PM: Found Adware: 180search assistant/zango
4:05 PM: HKLM\software\microsoft\code store database\distribution units\{8fcdf9d9-a28b-480f-8c3d-581f119a8ab8}\ (10 subtraces) (ID = 832871)
4:05 PM: Found Adware: command
4:05 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ (7 subtraces) (ID = 892523)
4:05 PM: Found Adware: dollarrevenue
4:05 PM: HKLM\software\policies\ || {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} (ID = 916803)
4:05 PM: HKLM\software\classes\clsid\{42f2c9ba-614f-47c0-b3e3-ecfd34eed658}\ (6 subtraces) (ID = 920458)
4:05 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || nomodify (ID = 958653)
4:05 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || noremove (ID = 958654)
4:05 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || norepair (ID = 958655)
4:05 PM: HKLM\system\currentcontrolset\services\cmdservice\ (12 subtraces) (ID = 958670)
4:05 PM: HKLM\software\policies\ || {6bf52a52-394a-11d3-b153-00c04f79faa6} (ID = 967836)
4:05 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\0000\ (6 subtraces) (ID = 1016064)
4:05 PM: HKLM\system\currentcontrolset\enum\root\legacy_cmdservice\ (8 subtraces) (ID = 1016072)
4:05 PM: HKCR\mediagatewayx.installer.1\ (3 subtraces) (ID = 1023379)
4:05 PM: HKCR\appid\{d28cd14c-50be-4cfa-951e-b37f25da3472}\ (1 subtraces) (ID = 1023385)
4:05 PM: HKCR\typelib\{981bda1d-c8ad-46ff-be2c-fddd859ac6f5}\ (9 subtraces) (ID = 1023387)
4:05 PM: HKLM\software\classes\typelib\{981bda1d-c8ad-46ff-be2c-fddd859ac6f5}\ (9 subtraces) (ID = 1023399)
4:05 PM: HKLM\software\classes\mediagatewayx.installer.1\ (3 subtraces) (ID = 1023409)
4:05 PM: HKLM\software\policies\ || {645ff040-5081-101b-9f08-00aa002f954e} (ID = 1036890)
4:05 PM: HKCR\appid\activex.dll\ || appid (ID = 1049592)
4:05 PM: HKLM\software\classes\appid\{d28cd14c-50be-4cfa-951e-b37f25da3472}\ (1 subtraces) (ID = 1049593)
4:05 PM: HKLM\software\classes\appid\activex.dll\ || appid (ID = 1049594)
4:05 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{a394e835-c8d6-4b4b-884b-d2709059f3be}\ (7 subtraces) (ID = 1110756)
4:05 PM: Found Trojan Horse: trojan-backdoor-netpt
4:05 PM: HKLM\system\currentcontrolset\enum\root\legacy_netpt\ (10 subtraces) (ID = 1125342)
4:05 PM: HKLM\system\currentcontrolset\enum\root\legacy_perffont\ (8 subtraces) (ID = 1125354)
4:05 PM: HKLM\system\currentcontrolset\services\netpt\ (12 subtraces) (ID = 1125365)
4:05 PM: HKLM\system\currentcontrolset\services\perffont\ (12 subtraces) (ID = 1128287)
4:05 PM: HKLM\software\microsoft\windows\currentversion\uninstall\{3877c2cd-f137-4144-bdb2-0a811492f920}\ || uninstallstring (ID = 1134952)
4:05 PM: HKCR\xbtb04715.ietoolbar.1\ (3 subtraces) (ID = 1156344)
4:05 PM: HKCR\xbtb04715.ietoolbar\ (5 subtraces) (ID = 1156348)
4:05 PM: HKCR\toolband.xbtb04715.1\ (3 subtraces) (ID = 1156354)
4:05 PM: HKCR\toolband.xbtb04715\ (5 subtraces) (ID = 1156358)
4:05 PM: HKCR\xbtb04715.xbtb04715.1\ (3 subtraces) (ID = 1156364)
4:05 PM: HKCR\xbtb04715.xbtb04715\ (5 subtraces) (ID = 1156368)
4:05 PM: HKCR\clsid\{a8b0bded-64a5-495b-97da-42c0301e229b}\ (11 subtraces) (ID = 1156379)
4:05 PM: HKCR\typelib\{75e46ee7-404b-48ec-9326-c654f21f65bf}\ (9 subtraces) (ID = 1156391)
4:05 PM: HKLM\software\classes\toolband.xbtb04715\ (5 subtraces) (ID = 1156475)
4:05 PM: HKLM\software\classes\xbtb04715.xbtb04715.1\ (3 subtraces) (ID = 1156481)
4:05 PM: HKLM\software\classes\xbtb04715.xbtb04715\ (5 subtraces) (ID = 1156485)
4:05 PM: HKLM\software\classes\clsid\{a8b0bded-64a5-495b-97da-42c0301e229b}\ (11 subtraces) (ID = 1156496)
4:05 PM: HKLM\software\classes\typelib\{75e46ee7-404b-48ec-9326-c654f21f65bf}\ (9 subtraces) (ID = 1156508)
4:05 PM: HKLM\software\microsoft\windows\currentversion\uninstall\xbtb04715.xbtb04715toolbar\ (2 subtraces) (ID = 1156519)
4:05 PM: HKLM\software\classes\xbtb04715.ietoolbar.1\ (3 subtraces) (ID = 1156524)
4:05 PM: HKLM\software\classes\xbtb04715.ietoolbar\ (5 subtraces) (ID = 1156528)
4:05 PM: HKLM\software\classes\toolband.xbtb04715.1\ (3 subtraces) (ID = 1156534)
4:05 PM: Found Adware: cws-aboutblank
4:05 PM: HKU\S-1-5-21-823518204-113007714-682003330-1003\software\microsoft\internet explorer\main\ || homeoldsp (ID = 115923)
4:05 PM: HKU\S-1-5-21-823518204-113007714-682003330-1003\software\microsoft\internet explorer\main\ || default_search_url (ID = 125236)
4:05 PM: HKU\S-1-5-21-823518204-113007714-682003330-1003\software\microsoft\internet explorer\main\ || search bar (ID = 125237)
4:05 PM: HKU\S-1-5-21-823518204-113007714-682003330-1003\software\microsoft\internet explorer\main\ || search page (ID = 125238)
4:05 PM: HKU\S-1-5-21-823518204-113007714-682003330-1003\software\microsoft\internet explorer\search\searchassistant explorer\main\ || default_search_url (ID = 555437)
4:05 PM: HKU\S-1-5-21-823518204-113007714-682003330-1003\software\microsoft\internet explorer\main\ || search bar (ID = 790268)
4:05 PM: HKU\S-1-5-21-823518204-113007714-682003330-1003\software\microsoft\internet explorer\main\ || default_search_url (ID = 790269)
4:05 PM: HKU\S-1-5-21-823518204-113007714-682003330-1003\software\xbtb04715\ (71 subtraces) (ID = 1156401)
4:05 PM: Registry Sweep Complete, Elapsed Time:00:00:31
4:05 PM: Starting Cookie Sweep
4:05 PM: Found Spy Cookie: fastclick cookie
4:05 PM: user@fastclick[2].txt (ID = 2651)
4:05 PM: Found Spy Cookie: accoona cookie
4:05 PM: user@accoona[1].txt (ID = 2041)
4:05 PM: Found Spy Cookie: advertising cookie
4:05 PM: user@advertising[1].txt (ID = 2175)
4:05 PM: Found Spy Cookie: bravenet cookie
4:05 PM: user@bravenet[2].txt (ID = 2322)
4:05 PM: Found Spy Cookie: yieldmanager cookie
4:05 PM: [email protected][2].txt (ID = 3751)
4:05 PM: Found Spy Cookie: tribalfusion cookie
4:05 PM: user@tribalfusion[1].txt (ID = 3589)
4:05 PM: Found Spy Cookie: statcounter cookie
4:05 PM: user@statcounter[1].txt (ID = 3447)
4:05 PM: Found Spy Cookie: server.iad.liveperson cookie
4:05 PM: [email protected][2].txt (ID = 3341)
4:05 PM: Found Spy Cookie: aptimus cookie
4:05 PM: [email protected][2].txt (ID = 2235)
4:05 PM: Found Spy Cookie: realmedia cookie
4:05 PM: user@realmedia[2].txt (ID = 3235)
4:05 PM: Found Spy Cookie: rn11 cookie
4:05 PM: user@rn11[2].txt (ID = 3261)
4:05 PM: Found Spy Cookie: atlas dmt cookie
4:05 PM: user@atdmt[2].txt (ID = 2253)
4:05 PM: Found Spy Cookie: hitslink cookie
4:05 PM: [email protected][2].txt (ID = 2790)
4:05 PM: Found Spy Cookie: screensavers.com cookie
4:05 PM: [email protected][1].txt (ID = 3298)
4:05 PM: Found Spy Cookie: 888 cookie
4:05 PM: user@888[1].txt (ID = 2019)
4:05 PM: Found Spy Cookie: azjmp cookie
4:05 PM: user@azjmp[2].txt (ID = 2270)
4:05 PM: [email protected][1].txt (ID = 3298)
4:05 PM: Found Spy Cookie: cassava cookie
4:05 PM: user@cassava[1].txt (ID = 2362)
4:05 PM: Found Spy Cookie: hbmediapro cookie
4:05 PM: [email protected][2].txt (ID = 2768)
4:05 PM: Found Spy Cookie: apmebf cookie
4:05 PM: user@apmebf[2].txt (ID = 2229)
4:05 PM: Found Spy Cookie: findthewebsiteyouneed cookie
4:05 PM: [email protected][1].txt (ID = 2673)
4:05 PM: Found Spy Cookie: domainsponsor cookie
4:05 PM: [email protected][1].txt (ID = 2535)
4:05 PM: [email protected][2].txt (ID = 2652)
4:05 PM: Cookie Sweep Complete, Elapsed Time: 00:00:01
4:05 PM: Starting File Sweep
4:05 PM: Warning: Failed to open file "c:\pagefile.sys". Access is denied
4:05 PM: Found Adware: zquest
4:05 PM: sk02.exe (ID = 273586)
4:05 PM: dr140306.exe (ID = 267188)
4:05 PM: uninstall_nmon.vbs (ID = 231442)
4:08 PM: Warning: Failed to open file "c:\windows\system32\config\system.log". The process cannot access the file because it is being used by another process
4:08 PM: Warning: Failed to open file "c:\windows\system32\config\software.log". The process cannot access the file because it is being used by another process
4:08 PM: Warning: Failed to open file "c:\windows\system32\config\default.log". The process cannot access the file because it is being used by another process
4:08 PM: Warning: Failed to open file "c:\windows\system32\config\security". The process cannot access the file because it is being used by another process
4:08 PM: Warning: Failed to open file "c:\windows\system32\config\sam". The process cannot access the file because it is being used by another process
4:08 PM: Warning: Failed to open file "c:\windows\system32\config\sam.log". The process cannot access the file because it is being used by another process
4:08 PM: Warning: Failed to open file "c:\windows\system32\config\security.log". The process cannot access the file because it is being used by another process
4:08 PM: Warning: Failed to open file "c:\windows\system32\config\system". The process cannot access the file because it is being used by another process
4:08 PM: Warning: Failed to open file "c:\windows\system32\config\software". The process cannot access the file because it is being used by another process
4:08 PM: Warning: Failed to open file "c:\windows\system32\config\default". The process cannot access the file because it is being used by another process
4:08 PM: atmtd.dll (ID = 166754)
4:08 PM: atmtd.dll._ (ID = 166754)
4:08 PM: Warning: Failed to open file "c:\windows\system32\drivers\atapi.sys". The process cannot access the file because it is being used by another process
4:13 PM: xrh5w0.vbs (ID = 185675)
4:13 PM: mc-110-12-0000336.exe (ID = 246327)
4:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat". The process cannot access the file because it is being used by another process
4:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:13 PM: Warning: Failed to open file "c:\documents and settings\networkservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:13 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat". The process cannot access the file because it is being used by another process
4:13 PM: Warning: Failed to open file "c:\documents and settings\localservice\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:13 PM: tbfp[1].avi (ID = 244762)
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf9e9e411-4b87-4380-bc4d-a86bb96be454.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb7202c59-221c-40e5-baab-d6575dea1def.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs91285dae-92f0-4017-815f-ca72f380c72f.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfc56b968-195a-44cc-b79d-f6eb185eafb7.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs61c46c88-80d3-43b4-a8ac-3876cf864b36.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3890b03b-f0ce-4869-adcb-290af8cab2a7.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs877a7103-85a8-41ca-9192-a2f66375df98.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3fbae2a2-3318-4fac-bb93-a8e257b183a8.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9ae4de94-5c06-449c-8d3f-b87a702bf6e0.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3837ff5f-f8d7-4ef4-8540-8ab49e058534.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsacff7752-41fd-462d-b4a5-dd610048bd61.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb56f41fe-0493-4440-be76-730975e65e40.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsab1238c6-3c85-43c1-b08a-551ad29c4415.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs365c4268-c5bf-4868-9b12-7cfe93050b5f.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs57ed72aa-fd96-4d67-ab11-6cadf00262cc.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc1610dcc-fc90-41e5-b27a-95a13cbf5c44.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf16020ac-ec57-468d-9f98-91aacd4d15b8.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs44e42745-981d-4dea-887e-639747d8481f.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc1860406-f7b9-4dd4-a278-06104911c6e2.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs8d56d0ad-01f4-4765-a8ea-3e2f27b84c22.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs70f53c34-d0ac-4b9e-b4bd-c9da11354e00.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4a7c1ac3-ad37-4193-8b90-19f4d70c0d9d.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs02ef24bb-edc8-413e-ac64-b0ce31d36c43.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9f7b6260-1000-44b7-8252-a827e6e3206a.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs862c8577-e9bc-42b9-93ca-9c001c36585e.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs75ec7219-086b-4d43-a214-7bed75b10f70.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd4aa7d69-6d2c-4603-94b0-806c9fab859a.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs644fe0b6-b773-48de-a7d2-178f2cf34ddf.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs58c5a45e-e0eb-42c9-8ac5-11acd3a7ca1c.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc3afd3a2-bc31-4af5-8ad1-d51c099eaae1.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfab103b1-fe41-4171-91db-b3092d359217.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa62d1718-6c2e-4ab2-8137-e06f0f75dfe5.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc3df3d25-952f-4a85-a90f-82218e5e6ec5.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs29974061-34f6-4d09-9fe0-ffde122ed911.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse07314d1-e5da-449f-b03b-f64badf90a27.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs382bc2a1-a37f-412e-8fb3-419578741db5.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0c93fcfb-360e-4a9b-a08e-518e9934033f.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsc0ca81d9-51e8-4518-8b26-74e9964f6434.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsea9cad29-ba84-4b24-b96b-328d5f91f2e3.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs427d212b-87d9-44b9-b973-951656f86b51.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs81525a0e-2f6e-4940-afc7-6e6e0e3782a0.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf128220c-3e9c-4737-b196-07f0753abf41.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs433ec455-4e6b-49de-9c34-dae7f9de7ab3.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs932d249c-a079-4e2c-86de-f644c6e6bf76.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs545b8b0f-e9ae-45e8-a19e-1b412fbeac02.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse01252ae-0872-4c2d-9953-a64e2069b6ef.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb07c43a0-7ebc-46fa-8976-8a361dc45f9f.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsec3363c0-9495-4a4e-aeb9-c21d4b0bb270.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs63144cc4-6d55-45d7-8c5f-638a9a508488.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb38a332d-0df4-4edc-aed7-599fdae38baa.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9d75d164-baaf-4dea-9e61-be5c6ce4a3b0.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsf1acb616-9ba5-48cf-a673-2cf880c4f18b.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5ca311a2-eb1a-4754-bd4c-1bb782519b97.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbc89918e-645e-49e1-a8ff-6ee7df903dc5.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs5c059b55-180f-4088-87de-6975c0ff63aa.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs880c3e2b-760f-4c9a-95fb-ab53e8a9983b.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3a90f2be-1ecd-4374-8192-e4cf39f210f6.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs55bb667b-0cf5-4ab0-b985-835cd68599de.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa4945525-b9da-4afb-b152-26c4dc842e3e.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsce407a1b-28ee-4594-909c-daacae26081a.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs27147a01-0804-4edc-9e08-11f03ce58aa7.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsdbfc43b8-db52-4ce3-bcf5-1b20fe4b1c4c.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa7a45621-ac09-49f1-afb3-d6ce9b11dbe3.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsfacbf513-cb01-44cd-a6fc-48e90d590ac0.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb5fdb49b-2604-4939-9f02-57af77eb1b74.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd6a0453c-5413-4614-b95b-a08997d2a75a.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb4204875-a95a-4dbe-b69e-98f2e21011c1.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsff76e4cf-b192-414d-af2a-0caf076e77cf.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs365100d7-c3e6-48e6-adf8-a885bec95104.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs328aa02e-13cb-483d-9be2-9c3c2586f47f.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsbbbe1a0d-392a-4665-a258-af6a39b69ffc.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs46643c36-adac-408b-8834-669ae4c9f5d9.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4d2967fd-6312-42b1-990c-3deaaacad450.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs87a2c982-f39f-466a-9f0b-005b89c3a7be.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsb212e96a-fbdc-4d03-adb7-9168869b4943.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs520da551-4aa0-4cb2-8fbc-d33d2c214de6.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6583b1a7-986b-45ab-8af3-623918106886.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2c24a262-d89b-4b08-a11c-5de47d7919d7.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs10e9a8b7-27db-4e1a-b45f-7afa2d89fc3c.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs87bc16af-d5e2-4aaf-8cf9-822f3a3d4077.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs6ed8004e-0a89-4374-b4cc-fc22f2e6fc1a.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs443a2a16-27a4-48cf-9bf8-d572fb7946f4.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd2d86fea-2ffe-40b9-9aa3-6c4511983db7.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs42417bff-5615-4620-a42c-2ed275875251.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs38100198-1160-429e-8b23-9c1d94b81c5e.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs4896dbfd-4fd0-45b4-bb44-b4f00cb13c53.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs293ae751-74e2-49b5-ad9f-e6e476540eed.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsd238024c-230b-4f23-8335-3b7363c45c48.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse4a53b4e-99f0-4ebb-a753-1fc9535fe694.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsab40b67f-384a-4d7c-9e6a-e948e4720fdb.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs16b12785-5c34-48fa-9d20-c8ef45c6a3bb.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0a846aaf-e05b-418a-92e4-3912aec79123.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa1ef00a0-7ba2-4c6e-8e43-605cf8a956ef.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs2a38888b-d615-419e-b578-97b03a998b24.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs48700618-9459-4edd-8e0f-025e9746f63c.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs85e3e612-6fce-4314-8165-a7856c425085.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs90957850-4c30-42c5-973f-9a756865c858.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs975418e7-b711-4978-a4d1-1bec0c7bbc74.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs99e6239f-d312-4e06-b6cd-60e637279c8f.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs3d6a1012-5ef2-4f31-9b82-5d50034126c7.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs0ceb6a6d-7330-4eba-a6e2-835091d22273.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscs9640aeb8-0c1d-462b-9b97-5ac02ab6a045.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscsa0db29a0-df7c-4f90-b0be-90fa7e7f615d.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\localservice\application data\webroot\spy sweeper\temp\sscse2f7bb4d-efb6-4ce9-abc2-e6d0ebabc753.tmp". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\user\ntuser.dat". The process cannot access the file because it is being used by another process
4:14 PM: Warning: Failed to open file "c:\documents and settings\user\ntuser.dat.log". The process cannot access the file because it is being used by another process
4:14 PM: drdata[1].avi (ID = 190798)
4:14 PM: freeprodtb[2].exe (ID = 244762)
4:14 PM: launcher[1].exe (ID = 243410)
4:14 PM: tbfp[1].avi (ID = 244762)
4:14 PM: drdata[1].avi (ID = 190798)
4:14 PM: freeprodtb.exe (ID = 244762)
4:14 PM: Warning: Failed to open file "c:\documents and settings\user\local settings\temp\jet567c.tmp". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\user\local settings\application data\microsoft\windows\usrclass.dat". The process cannot access the file because it is being used by another process
4:15 PM: Warning: Failed to open file "c:\documents and settings\user\local settings\application data\microsoft\windows\usrclass.dat.log". The process cannot access the file because it is being used by another process
4:17 PM: c:\program files\common files\inetget (2 subtraces) (ID = -2147477182)
4:17 PM: mc-110-12-0000336.exe (ID = 190798)
4:17 PM: freeprodtb.exe (ID = 244762)
4:17 PM: autoit3.exe (ID = 185254)
4:17 PM: services32.exe (ID = 184143)
4:17 PM: mc-110-12-0000336.exe (ID = 190798)
4:18 PM: Found Adware: cydoor peer-to-peer dependency
4:18 PM: cd_clint.dll (ID = 57300)
4:19 PM: Warning: Failed to open file "c:\program files\dap\history\_lasthist.dat". The process cannot access the file because it is being used by another process
4:20 PM: c:\program files\network monitor (ID = -2147459771)
4:22 PM: c:\program files\toolbar888 (19 subtraces) (ID = -2147456311)
4:22 PM: basis.xml (ID = 244764)
4:22 PM: toolbar888.dll (ID = 244763)
4:22 PM: basis.xml (ID = 244764)
4:22 PM: toolbar888.dll (ID = 244763)
4:24 PM: a0170522.exe (ID = 246327)
4:24 PM: Found Trojan Horse: sdbot
4:24 PM: a0170575.exe (ID = 252806)
4:24 PM: a0170577.exe (ID = 252806)
4:24 PM: a0170629.exe (ID = 270021)
4:24 PM: Found Adware: look2me
4:24 PM: a0170631.exe (ID = 65721)
4:24 PM: a0170632.exe (ID = 272212)
4:24 PM: a0170633.exe (ID = 65739)
4:24 PM: a0170634.dll (ID = 266849)
4:24 PM: a0170635.exe (ID = 272214)
4:24 PM: a0170637.exe (ID = 275855)
4:24 PM: a0170638.exe (ID = 168558)
4:24 PM: a0170639.exe (ID = 275853)
4:24 PM: a0170640.exe (ID = 275854)
4:24 PM: a0170644.exe (ID = 282343)
4:24 PM: a0170645.exe (ID = 282345)
4:24 PM: a0170648.exe (ID = 252806)
4:24 PM: a0170652.dll (ID = 159)
4:24 PM: a0170653.dll (ID = 159)
4:24 PM: a0170654.dll (ID = 159)
4:24 PM: a0170655.dll (ID = 159)
4:24 PM: a0170656.dll (ID = 159)
4:24 PM: a0170657.dll (ID = 159)
4:24 PM: a0170658.dll (ID = 159)
4:24 PM: a0170659.dll (ID = 159)
4:24 PM: a0170660.dll (ID = 159)
4:24 PM: a0170661.dll (ID = 159)
4:24 PM: a0170662.dll (ID = 159)
4:24 PM: a0170663.dll (ID = 159)
4:24 PM: a0170664.dll (ID = 159)
4:24 PM: Found Adware: purityscan
4:24 PM: a0170665.exe (ID = 73191)
4:24 PM: a0170666.exe (ID = 185985)
4:24 PM: a0170667.exe (ID = 73191)
4:24 PM: a0170668.exe (ID = 168558)
4:24 PM: a0170669.exe (ID = 282332)
4:24 PM: a0170670.exe (ID = 282416)
4:24 PM: a0170954.exe (ID = 246327)
4:24 PM: a0170674.dll (ID = 144945)
4:24 PM: a0170677.exe (ID = 144946)
4:24 PM: a0170678.exe (ID = 231443)
4:24 PM: a0170679.exe (ID = 258578)
4:24 PM: a0170680.exe (ID = 184143)
4:24 PM: a0170684.dll (ID = 244763)
4:24 PM: a0170699.exe (ID = 246327)
4:24 PM: a0170709.exe (ID = 246327)
4:24 PM: a0170711.exe (ID = 244762)
4:24 PM: a0170728.exe (ID = 190798)
4:24 PM: a0170733.exe (ID = 185254)
4:24 PM: a0170735.exe (ID = 244762)
4:24 PM: a0170763.exe (ID = 246327)
4:24 PM: a0170766.exe (ID = 190798)
4:24 PM: a0170768.exe (ID = 184143)
4:24 PM: a0170769.exe (ID = 185254)
4:24 PM: a0170771.exe (ID = 190798)
4:24 PM: a0170772.exe (ID = 244762)
4:24 PM: a0170773.dll (ID = 244763)
4:24 PM: a0170782.exe (ID = 246327)
4:24 PM: a0170785.exe (ID = 190798)
4:24 PM: a0170788.exe (ID = 184143)
4:24 PM: a0170789.exe (ID = 185254)
4:24 PM: a0170791.exe (ID = 190798)
4:24 PM: a0170792.exe (ID = 244762)
4:24 PM: a0170793.dll (ID = 244763)
4:24 PM: a0170842.exe (ID = 246327)
4:24 PM: a0170845.exe (ID = 190798)
4:24 PM: a0170849.exe (ID = 244762)
4:24 PM: a0170851.dll (ID = 244763)
4:24 PM: a0170862.exe (ID = 246327)
4:24 PM: a0170867.exe (ID = 190798)
4:24 PM: a0170868.exe (ID = 184143)
4:24 PM: a0170869.exe (ID = 185254)
4:24 PM: a0170871.exe (ID = 190798)
4:24 PM: a0170872.exe (ID = 244762)
4:24 PM: a0170873.dll (ID = 244763)
4:24 PM: a0170883.exe (ID = 246327)
4:24 PM: a0170886.exe (ID = 190798)
4:24 PM: a0170887.exe (ID = 184143)
4:24 PM: a0170888.exe (ID = 185254)
4:24 PM: a0170890.exe (ID = 190798)
4:24 PM: a0170891.exe (ID = 244762)
4:24 PM: a0170892.dll (ID = 244763)
4:24 PM: a0170905.exe (ID = 246327)
4:24 PM: a0170908.exe (ID = 190798)
4:24 PM: a0170912.exe (ID = 184143)
4:24 PM: a0170913.exe (ID = 185254)
4:24 PM: a0170915.exe (ID = 190798)
4:24 PM: a0170916.exe (ID = 244762)
4:24 PM: a0170917.dll (ID = 244763)
4:24 PM: a0170959.exe (ID = 190798)
4:24 PM: a0170960.exe (ID = 184143)
4:24 PM: a0170961.exe (ID = 185254)
4:24 PM: a0170963.exe (ID = 190798)
4:24 PM: a0170964.exe (ID = 244762)
4:24 PM: a0170965.dll (ID = 244763)
4:24 PM: a0171955.exe (ID = 246327)
4:24 PM: a0171958.exe (ID = 190798)
4:24 PM: a0171960.exe (ID = 184143)
4:24 PM: a0171961.exe (ID = 185254)
4:24 PM: a0171963.exe (ID = 190798)
4:25 PM: a0171964.exe (ID = 244762)
4:25 PM: a0171966.dll (ID = 244763)
4:25 PM: a0171995.exe (ID = 246327)
4:25 PM: a0171999.exe (ID = 190798)
4:25 PM: a0172000.exe (ID = 184143)
4:25 PM: a0172001.exe (ID = 185254)
4:25 PM: a0172003.exe (ID = 190798)
4:25 PM: a0172004.exe (ID = 244762)
4:25 PM: a0172012.exe (ID = 246327)
4:25 PM: a0172015.exe (ID = 243410)
4:25 PM: a0172053.exe (ID = 246327)
4:25 PM: a0173060.exe (ID = 246327)
4:25 PM: a0173077.exe (ID = 246327)
4:25 PM: a0173089.exe (ID = 246327)
4:25 PM: a0174100.exe (ID = 246327)
4:25 PM: a0175100.exe (ID = 246327)
4:25 PM: a0175103.exe (ID = 190798)
4:25 PM: a0175128.exe (ID = 184143)
4:25 PM: a0175129.exe (ID = 185254)
4:25 PM: a0175131.exe (ID = 190798)
4:25 PM: a0175133.dll (ID = 244763)
4:25 PM: a0175142.exe (ID = 246327)
4:25 PM: a0175146.exe (ID = 190798)
4:25 PM: a0175151.exe (ID = 184143)
4:25 PM: a0175152.exe (ID = 185254)
4:25 PM: a0175154.exe (ID = 190798)
4:25 PM: a0175156.exe (ID = 244762)
4:25 PM: a0175159.dll (ID = 244763)
4:25 PM: a0176142.exe (ID = 246327)
4:25 PM: a0176180.exe (ID = 246327)
4:25 PM: a0176184.exe (ID = 190798)
4:25 PM: a0176189.exe (ID = 184143)
4:25 PM: a0176190.exe (ID = 185254)
4:25 PM: a0176192.exe (ID = 190798)
4:25 PM: a0176193.dll (ID = 244763)
4:25 PM: a0176217.exe (ID = 246327)
4:25 PM: a0176220.exe (ID = 190798)
4:25 PM: a0176225.exe (ID = 184143)
4:25 PM: a0176226.exe (ID = 185254)
4:25 PM: a0176228.exe (ID = 190798)
4:25 PM: a0176229.exe (ID = 244762)
4:25 PM: a0176230.dll (ID = 244763)
4:28 PM: Warning: Unhandled Archive Type
4:43 PM: File Sweep Complete, Elapsed Time: 00:38:27
4:43 PM: Full Sweep has completed. Elapsed time 00:42:43
4:43 PM: Traces Found: 657
5:09 PM: Removal process initiated
5:09 PM: Quarantining All Traces: 180search assistant/zango
5:09 PM: Quarantining All Traces: cws-aboutblank
5:09 PM: Quarantining All Traces: ist istbar
5:09 PM: Quarantining All Traces: look2me
5:09 PM: Quarantining All Traces: purityscan
5:09 PM: Quarantining All Traces: sdbot
5:09 PM: Quarantining All Traces: trojan downloader matcash
5:10 PM: Quarantining All Traces: dollarrevenue
5:10 PM: Quarantining All Traces: elitemediagroup-mediamotor
5:10 PM: Quarantining All Traces: maxifiles
5:11 PM: Quarantining All Traces: trojan-backdoor-netpt
5:11 PM: Quarantining All Traces: winad
5:11 PM: Quarantining All Traces: zquest
5:11 PM: Quarantining All Traces: command
5:11 PM: Quarantining All Traces: findthewebsiteyouneed hijack
5:11 PM: Quarantining All Traces: ist software
5:11 PM: Quarantining All Traces: ist yoursitebar
5:11 PM: Quarantining All Traces: 888 cookie
5:11 PM: Quarantining All Traces: accoona cookie
5:11 PM: Quarantining All Traces: advertising cookie
5:11 PM: Quarantining All Traces: apmebf cookie
5:11 PM: Quarantining All Traces: aptimus cookie
5:11 PM: Quarantining All Traces: atlas dmt cookie
5:11 PM: Quarantining All Traces: azjmp cookie
5:11 PM: Quarantining All Traces: bravenet cookie
5:11 PM: Quarantining All Traces: cassava cookie
5:11 PM: Quarantining All Traces: domainsponsor cookie
5:11 PM: Quarantining All Traces: fastclick cookie
5:11 PM: Quarantining All Traces: findthewebsiteyouneed cookie
5:11 PM: Quarantining All Traces: hbmediapro cookie
5:11 PM: Quarantining All Traces: hitslink cookie
5:11 PM: Quarantining All Traces: realmedia cookie
5:11 PM: Quarantining All Traces: rn11 cookie
5:11 PM: Quarantining All Traces: screensavers.com cookie
5:11 PM: Quarantining All Traces: server.iad.liveperson cookie
5:11 PM: Quarantining All Traces: statcounter cookie
5:11 PM: Quarantining All Traces: tribalfusion cookie
5:11 PM: Quarantining All Traces: yieldmanager cookie
5:12 PM: Preparing to restart your computer. Please wait...
5:12 PM: Removal process completed. Elapsed time 00:03:17
5:14 PM: The Spy Communication shield has blocked access to: promo.dollarrevenue.com
5:14 PM: The Spy Communication shield has blocked access to: promo.dollarrevenue.com
5:14 PM: The Spy Communication shield has blocked access to: promo.dollarrevenue.com
5:14 PM: The Spy Communication shield has blocked access to: promo.dollarrevenue.com
5:14 PM: The Spy Communication shield has blocked access to: promo.dollarrevenue.com
5:14 PM: The Spy Communication shield has blocked access to: promo.dollarrevenue.com
5:14 PM: The Spy Communication shield has blocked access to: promo.dollarrevenue.com
5:14 PM: The Spy Communication shield has blocked access to: promo.dollarrevenue.com
5:15 PM: Spy Installation Shield: found: Trojan Horse: trojan downloader matcash, version 1.0.0.0 -- Execution Denied
********
3:57 PM: | Start of Session, Tuesday, April 18, 2006 |
3:57 PM: Spy Sweeper started
3:59 PM: BHO Shield: found: TOOLBA~1.DLL-- BHO installation denied at user request
4:00 PM: Your spyware definitions have been updated.
4:01 PM: | End of Session, Tuesday, April 18, 2006 |
Logfile of HijackThis v1.99.1
Scan saved at 5:17:38 PM, on 4/18/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network\ipnetwork.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\microsloft.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\ssms.exe
C:\WINDOWS\zaber.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\sychost32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hijackthis\HijackThis.exe
c:\gecko.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - (no file)
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKL
Edited by masoliar, 18 April 2006 - 03:20 AM.
#6
Posted 18 April 2006 - 03:21 AM
masoliar
- Topic Starter
-
- Member
-
- 24 posts
Member
M\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - HKLM\..\Run: [Windows Logon 32bit script] c:\oldbag.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [Microsoft Configururation 32] microsloft.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Write a Review... - http://client.alexa....ions/review.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {207048D8-A40B-4505-AE24-92FF13BEB269} (myDancerCTL Class) - http://web.spaceillu...yDancer1020.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.media-mo...s/joysavsht.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma...ersion=1,0,0,10
O16 - DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} (SiUpdaterCtrl Class) - http://web.spaceillu...Updater1015.cab
O16 - DPF: {C7B5B451-3E26-43B7-BE07-EF3FAA473E94} (Component Class) - http://login.hanbito.../cab/LSnSSO.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupga...Crypt/npkcx.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: windows file explorer (explorer) - Unknown owner - C:\WINDOWS\ssms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Windows System32 - Unknown owner - C:\WINDOWS\zaber.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: norton (nortons) - Unknown owner - C:\WINDOWS\nvsnav.exe (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)
O23 - Service: Microsoft Windows HelpFile (Windows Helpfile) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: Windows System Host - Unknown owner - C:\WINDOWS\sychost32.exe
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - HKLM\..\Run: [Windows Logon 32bit script] c:\oldbag.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [Microsoft Configururation 32] microsloft.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Write a Review... - http://client.alexa....ions/review.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {207048D8-A40B-4505-AE24-92FF13BEB269} (myDancerCTL Class) - http://web.spaceillu...yDancer1020.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.media-mo...s/joysavsht.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma...ersion=1,0,0,10
O16 - DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} (SiUpdaterCtrl Class) - http://web.spaceillu...Updater1015.cab
O16 - DPF: {C7B5B451-3E26-43B7-BE07-EF3FAA473E94} (Component Class) - http://login.hanbito.../cab/LSnSSO.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupga...Crypt/npkcx.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: windows file explorer (explorer) - Unknown owner - C:\WINDOWS\ssms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Windows System32 - Unknown owner - C:\WINDOWS\zaber.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: norton (nortons) - Unknown owner - C:\WINDOWS\nvsnav.exe (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)
O23 - Service: Microsoft Windows HelpFile (Windows Helpfile) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: Windows System Host - Unknown owner - C:\WINDOWS\sychost32.exe
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
#7
Posted 18 April 2006 - 10:31 AM
Trevuren
-
- Retired Staff
-
- 18,699 posts
Old Dog
1. You are missing one important program on that computer: An antivirus.
You need to install an antivirus program as soon as you can and run a complete scan of the computer.
I suggest AVG - it's free!
AVG Free AntiVirus
Choose one, install it, and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.
2. It is important that you also use a software firewall, to prevent unauthorised traffic both out of and into your computer.
Your log doesn't show a firewall running. If you have disabled it, please re-enable it.
If you do not have a firewall installed, please download and install : Zone Alarm. It is the one I have on my system and works fine for me.
It is important to note that you should only have one firewall installed at a time.
3. Once you have both of these installed, please post back a fresh HJT log.
Regards,
Trevuren
You need to install an antivirus program as soon as you can and run a complete scan of the computer.
I suggest AVG - it's free!
AVG Free AntiVirus
Choose one, install it, and then run a full scan. Let it quarantine/delete anything it finds. Let me know if there is anything that it reports but can not remove.
2. It is important that you also use a software firewall, to prevent unauthorised traffic both out of and into your computer.
Your log doesn't show a firewall running. If you have disabled it, please re-enable it.
If you do not have a firewall installed, please download and install : Zone Alarm. It is the one I have on my system and works fine for me.
It is important to note that you should only have one firewall installed at a time.
3. Once you have both of these installed, please post back a fresh HJT log.
Regards,
Trevuren
Edited by Trevuren, 18 April 2006 - 10:32 AM.
#8
Posted 19 April 2006 - 09:57 PM
masoliar
- Topic Starter
-
- Member
-
- 24 posts
Member
Well, it says that there are 43 infected that werent given action.
Logfile of HijackThis v1.99.1
Scan saved at 11:56:57 AM, on 4/20/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network\ipnetwork.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\ssms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\YSIGet\YSIGet.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\tbu02640\TOOLBA~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\tbu02640\ToolBar888.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - HKLM\..\Run: [Windows Logon 32bit script] c:\oldbag.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [Microsoft Configururation 32] microsloft.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Write a Review... - http://client.alexa....ions/review.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {207048D8-A40B-4505-AE24-92FF13BEB269} (myDancerCTL Class) - http://web.spaceillu...yDancer1020.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.media-mo...s/joysavsht.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma...ersion=1,0,0,10
O16 - DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} (SiUpdaterCtrl Class) - http://web.spaceillu...Updater1015.cab
O16 - DPF: {C7B5B451-3E26-43B7-BE07-EF3FAA473E94} (Component Class) - http://login.hanbito.../cab/LSnSSO.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupga...Crypt/npkcx.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: windows file explorer (explorer) - Unknown owner - C:\WINDOWS\ssms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Windows System32 - Unknown owner - C:\WINDOWS\zaber.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: norton (nortons) - Unknown owner - C:\WINDOWS\nvsnav.exe (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)
O23 - Service: Microsoft Windows HelpFile (Windows Helpfile) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: Windows System Host - Unknown owner - C:\WINDOWS\sychost32.exe (file missing)
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 11:56:57 AM, on 4/20/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network\ipnetwork.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\ssms.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\YSIGet\YSIGet.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\tbu02640\TOOLBA~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\tbu02640\ToolBar888.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - HKLM\..\Run: [Windows Logon 32bit script] c:\oldbag.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [Microsoft Configururation 32] microsloft.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Write a Review... - http://client.alexa....ions/review.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {207048D8-A40B-4505-AE24-92FF13BEB269} (myDancerCTL Class) - http://web.spaceillu...yDancer1020.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.media-mo...s/joysavsht.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma...ersion=1,0,0,10
O16 - DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} (SiUpdaterCtrl Class) - http://web.spaceillu...Updater1015.cab
O16 - DPF: {C7B5B451-3E26-43B7-BE07-EF3FAA473E94} (Component Class) - http://login.hanbito.../cab/LSnSSO.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupga...Crypt/npkcx.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: windows file explorer (explorer) - Unknown owner - C:\WINDOWS\ssms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Windows System32 - Unknown owner - C:\WINDOWS\zaber.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: norton (nortons) - Unknown owner - C:\WINDOWS\nvsnav.exe (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)
O23 - Service: Microsoft Windows HelpFile (Windows Helpfile) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: Windows System Host - Unknown owner - C:\WINDOWS\sychost32.exe (file missing)
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
#9
Posted 19 April 2006 - 10:07 PM
Trevuren
-
- Retired Staff
-
- 18,699 posts
Old Dog
A. Did it produce a list or say why they were not handled?
B. Please print out these instructions for reference, since you will have to restart your computer during the fix. (I am trying to rule out the possibility of a certain type of Rootkit infection)
1. Please download AproposFix from here:
http://swandog46.gee.../aproposfix.exe
2. Save it to your desktop but Do NOT RUN IT YET.
3. Then please Reboot your computer in Safe Mode by doing the following:
4. Once in Safe Mode
Trevuren
B. Please print out these instructions for reference, since you will have to restart your computer during the fix. (I am trying to rule out the possibility of a certain type of Rootkit infection)
1. Please download AproposFix from here:
http://swandog46.gee.../aproposfix.exe
2. Save it to your desktop but Do NOT RUN IT YET.
3. Then please Reboot your computer in Safe Mode by doing the following:
- Restart your computer.
- After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
- Instead of Windows loading as normal, a menu should appear
- Select the first option, to run Windows in Safe Mode.
4. Once in Safe Mode
- Double-click aproposfix.exe and unzip it to the desktop.
- Open the aproposfix folder on your desktop
- Run RunThis.bat.
- Follow the prompts.
- Reboot back into normal mode
- Post a new HijackThis log, along with the entire contents of the log.txt file in the aproposfix folder.
Trevuren
#10
Posted 20 April 2006 - 02:23 AM
masoliar
- Topic Starter
-
- Member
-
- 24 posts
Member
A. no, i didn't see any
Logfile of HijackThis v1.99.1
Scan saved at 4:23:22 PM, on 4/20/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Network\ipnetwork.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\ssms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\tbu02640\TOOLBA~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\tbu02640\ToolBar888.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - HKLM\..\Run: [Windows Logon 32bit script] c:\oldbag.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [Microsoft Configururation 32] microsloft.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Write a Review... - http://client.alexa....ions/review.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {207048D8-A40B-4505-AE24-92FF13BEB269} (myDancerCTL Class) - http://web.spaceillu...yDancer1020.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.media-mo...s/joysavsht.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma...ersion=1,0,0,10
O16 - DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} (SiUpdaterCtrl Class) - http://web.spaceillu...Updater1015.cab
O16 - DPF: {C7B5B451-3E26-43B7-BE07-EF3FAA473E94} (Component Class) - http://login.hanbito.../cab/LSnSSO.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupga...Crypt/npkcx.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: windows file explorer (explorer) - Unknown owner - C:\WINDOWS\ssms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Windows System32 - Unknown owner - C:\WINDOWS\zaber.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: norton (nortons) - Unknown owner - C:\WINDOWS\nvsnav.exe (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)
O23 - Service: Microsoft Windows HelpFile (Windows Helpfile) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: Windows System Host - Unknown owner - C:\WINDOWS\sychost32.exe (file missing)
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
Log of AproposFix v1.1
************
Running from directory:
C:\Documents and Settings\user\Desktop\aproposfix
************
Registry entries found:
************
No service found!
Removing hidden folder:
No folder found!
Deleting files:
Backing up files:
Done!
Removing registry entries:
REGEDIT4
Done!
Finished!
Logfile of HijackThis v1.99.1
Scan saved at 4:23:22 PM, on 4/20/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Network\ipnetwork.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\ssms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: XBTB04715 - {A8B0BDED-64A5-495b-97DA-42C0301E229B} - C:\PROGRA~1\TOOLBA~1\tbu02640\TOOLBA~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\tbu02640\ToolBar888.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - HKLM\..\Run: [Windows Logon 32bit script] c:\oldbag.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [Microsoft Configururation 32] microsloft.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Write a Review... - http://client.alexa....ions/review.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {207048D8-A40B-4505-AE24-92FF13BEB269} (myDancerCTL Class) - http://web.spaceillu...yDancer1020.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.media-mo...s/joysavsht.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma...ersion=1,0,0,10
O16 - DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} (SiUpdaterCtrl Class) - http://web.spaceillu...Updater1015.cab
O16 - DPF: {C7B5B451-3E26-43B7-BE07-EF3FAA473E94} (Component Class) - http://login.hanbito.../cab/LSnSSO.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupga...Crypt/npkcx.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: windows file explorer (explorer) - Unknown owner - C:\WINDOWS\ssms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Windows System32 - Unknown owner - C:\WINDOWS\zaber.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: norton (nortons) - Unknown owner - C:\WINDOWS\nvsnav.exe (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)
O23 - Service: Microsoft Windows HelpFile (Windows Helpfile) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: Windows System Host - Unknown owner - C:\WINDOWS\sychost32.exe (file missing)
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
Log of AproposFix v1.1
************
Running from directory:
C:\Documents and Settings\user\Desktop\aproposfix
************
Registry entries found:
************
No service found!
Removing hidden folder:
No folder found!
Deleting files:
Backing up files:
Done!
Removing registry entries:
REGEDIT4
Done!
Finished!
#11
Posted 20 April 2006 - 11:26 AM
Trevuren
-
- Retired Staff
-
- 18,699 posts
Old Dog
I guess the only way for us to know what was on the list is to do a general in-depth scan of your system. This takes a long time so most users chose to let the program run overnight and they post the results in the morning.
I need you to download MWav to a convenient location.
This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe. This scan only produces a report, it doesn't clean your system. I will analyze the report and recommend a course of action depending on the results.
Put a check next to the below items before scanning:
**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.
On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items", please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.
Regards,
Trevuren
I need you to download MWav to a convenient location.
This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe. This scan only produces a report, it doesn't clean your system. I will analyze the report and recommend a course of action depending on the results.
Put a check next to the below items before scanning:
- Memory
- Startup Folders
- Drive - All Local Drives
- Folder - then click "browse" to change the directory to C: (default is C:\Windows)
- Registry
- System Folders
- Services
- Include Sub-Directory
- Scan All Files
**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.
On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items", please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.
Regards,
Trevuren
#12
Posted 22 April 2006 - 12:16 AM
masoliar
- Topic Starter
-
- Member
-
- 24 posts
Member
the pop ups have stopped when i installed the avg and the firewall, just to let you know, but can i remove the toolbar888 in the add/remove program in control panel? will it harm my computer that way? tnx very much.
I didn't see "infected items" but on the bottom portion of the window like you said MWav is listing "virus log information":
File C:\PROGRA~1\Network\IPNETW~1.EXE tagged as "not-a-virus:AdWare.Win32.Maxifiles.y". Action Taken: No Action Taken.
File C:\PROGRA~1\TOOLBA~1\tbu02640\TOOLBA~1.DLL tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\PROGRA~1\TOOLBA~1\tbu02640\TOOLBA~1.DLL tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\PROGRA~1\Network\IPNETW~1.EXE tagged as "not-a-virus:AdWare.Win32.Maxifiles.y". Action Taken: No Action Taken.
File C:\PROGRA~1\COMMON~1\Windows\MC-110~1.EXE infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\l2mfix\backup.zip tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "network1.popups Adware" found in File System! Action Taken: No Action Taken.
Object "adware.softomate Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "adware.softomate Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "adware.softomate Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "powerstrip Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "powerstrip Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "powerstrip Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mediamotor Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mediamotor Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula toptext Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "precisionpop Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "smitfraud variant Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "smitfraud variant Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "ezula toptext Spyware/Adware" found in File System! Action Taken: No Action Taken.
File C:\WINDOWS\gimmysmileys.exe tagged as "not-a-virus:AdWare.Win32.180Solutions.ak". Action Taken: No Action Taken.
File C:\WINDOWS\System32\ClubboxUninstall.exe tagged as not-a-virus:RiskTool.Win32.PsKill.n. No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\E7E7UDEB\dot[1].exe tagged as "not-a-virus:AdWare.Win32.MediaTickets.x". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ClubboxUninstall.exe tagged as not-a-virus:RiskTool.Win32.PsKill.n. No Action Taken.
File C:\WINDOWS\gimmysmileys.exe tagged as "not-a-virus:AdWare.Win32.180Solutions.ak". Action Taken: No Action Taken.
File C:\WINDOWS\mdrive\drsmartload195a.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\mdrive\elitem.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\mdrive\mediam.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\mdrive\yaz.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\ysbactivex.dll infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDK7YXUV\fixdll[1].exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\27G7ABI5\113[1].avi tagged as "not-a-virus:AdWare.Win32.Maxifiles.y". Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\27G7ABI5\gimmysmileys[1].exe tagged as "not-a-virus:AdWare.Win32.180Solutions.ak". Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\27G7ABI5\freeprodtb[2].exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6L6JYRMT\drdata[1].avi infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6L6JYRMT\fixdll[1].exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UV2D4R09\launcher[1].exe infected by "Trojan-Downloader.NSIS.Agent.p" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Desktop\freeprodtb.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\l2mfix\backup.zip tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\Program Files\Common Files\Windows\services32.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken.
File C:\Program Files\Common Files\InetGet\mc-110-12-0000336.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\Program Files\YSIGet\uninstall.exe tagged as not-a-virus:RiskTool.Win32.PsKill.n. No Action Taken.
File C:\Program Files\Alexa Toolbar\uninstall.exe tagged as "not-a-virus:AdWare.Win32.AlexaBar.b". Action Taken: No Action Taken.
File C:\Program Files\Toolbar888\ToolBar888.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP57\A0087465.exe tagged as "not-a-virus:AdWare.Win32.AlexaBar.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP63\A0092084.exe tagged as "not-a-virus:AdWare.Win32.AlexaBar.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170518.exe infected by "Trojan-Downloader.NSIS.Agent.p" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170520.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170950.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170952.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170953.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170529.dll tagged as "not-a-virus:AdWare.Win32.AlexaBar.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170530.dll tagged as "not-a-virus:AdWare.Win32.AlexaBar.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170675.exe infected by "Trojan-Dropper.Win32.PurityScan.g" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170683.exe infected by "Backdoor.Win32.SdBot.xd" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170696.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170698.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170955.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170705.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170707.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170708.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170710.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170719.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170956.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170724.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170726.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170759.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170761.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170762.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170764.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170778.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170780.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170781.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170783.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170838.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170840.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170841.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170843.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170858.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170860.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170861.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170863.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170864.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170878.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170880.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170882.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170884.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170885.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170901.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170903.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170904.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170906.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170907.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171951.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171953.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171954.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171956.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171957.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171991.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171993.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171994.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171996.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171997.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0172008.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0172010.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0172011.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0172013.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0172014.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176391.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0172049.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0172051.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0172052.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176393.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0172054.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0172056.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176394.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173050.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173056.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173058.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173059.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176396.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173061.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173062.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176397.exe tagged as "not-a-virus:AdWare.Win32.180Solutions.ak". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173072.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173075.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173076.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176398.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173078.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173079.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176400.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173085.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173087.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173088.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173090.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173091.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173096.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176403.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0174098.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0174099.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176404.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0174101.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0174102.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175096.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175098.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175099.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176406.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175101.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175102.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175138.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175140.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175141.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175143.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175144.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176138.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176140.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176141.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176143.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176144.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176176.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176178.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176179.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176181.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176182.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176213.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176215.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176216.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176218.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176219.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176232.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176233.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176234.exe infected by "Trojan-Clicker.Win32.Small.jf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176235.exe infected by "Trojan-Clicker.Win32.Small.jf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176244.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176246.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176247.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176248.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176249.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176255.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176257.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176258.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176260.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176261.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176322.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176324.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176325.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176327.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176328.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176330.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176333.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176336.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176337.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176338.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176364.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176366.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176367.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176368.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176370.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176372.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176374.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176377.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176378.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176389.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176420.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176422.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176424.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176425.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176427.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176429.exe tagged as "not-a-virus:AdWare.Win32.180Solutions.ak". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176431.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176432.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176435.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176436.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176437.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\x22.exe tagged as "not-a-virus:AdWare.Win32.MediaTickets.x". Action Taken: No Action Taken.
File C:\FOUND.016\FILE0003.CHK tagged as not-a-virus:Monitor.Win32.NetMon.a. No Action Taken.
File C:\fixdll.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\My Shared Folder\Pack Zealot Video Software UCF (Converter + Joiner + Sound Extractor + Splitter + AVI 2 VCD SVCD DVD).zip infected by "Email-Worm.VBS.Gedza" Virus! Action Taken: No Action Taken.
File C:\My Shared Folder\YSIGet 0.99c.exe tagged as not-a-virus:RiskTool.Win32.PsKill.n. No Action Taken.
File F:\SG\ClubboxSetup.exe tagged as not-a-virus:RiskTool.Win32.PsKill.n. No Action Taken.
File F:\Software\mIRC\nOORSCRipt.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.603. No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\E7E7UDEB\dot[1].exe tagged as "not-a-virus:AdWare.Win32.MediaTickets.x". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ClubboxUninstall.exe tagged as not-a-virus:RiskTool.Win32.PsKill.n. No Action Taken.
File C:\WINDOWS\gimmysmileys.exe tagged as "not-a-virus:AdWare.Win32.180Solutions.ak". Action Taken: No Action Taken.
File C:\WINDOWS\mdrive\drsmartload195a.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\mdrive\elitem.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\mdrive\mediam.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\mdrive\yaz.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\ysbactivex.dll infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDK7YXUV\fixdll[1].exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\27G7ABI5\113[1].avi tagged as "not-a-virus:AdWare.Win32.Maxifiles.y". Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\27G7ABI5\gimmysmileys[1].exe tagged as "not-a-virus:AdWare.Win32.180Solutions.ak". Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\27G7ABI5\freeprodtb[2].exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6L6JYRMT\drdata[1].avi infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6L6JYRMT\fixdll[1].exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UV2D4R09\launcher[1].exe infected by "Trojan-Downloader.NSIS.Agent.p" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Desktop\freeprodtb.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\l2mfix\backup.zip tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\Program Files\Common Files\Windows\services32.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken.
File C:\Program Files\Common Files\InetGet\mc-110-12-0000336.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\Program Files\YSIGet\uninstall.exe tagged as not-a-virus:RiskTool.Win32.PsKill.n. No Action Taken.
File C:\Program Files\Alexa Toolbar\uninstall.exe tagged as "not-a-virus:AdWare.Win32.AlexaBar.b". Action Taken: No Action Taken.
File C:\Program Files\Toolbar888\ToolBar888.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP57\A0087465.exe tagged as "not-a-virus:AdWare.Win32.AlexaBar.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP63\A0092084.exe tagged as "not-a-virus:AdWare.Win32.AlexaBar.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170518.exe infected by "Trojan-Downloader.NSIS.Agent.p" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170520.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170950.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170952.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170953.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170529.dll tagged as "not-a-virus:AdWare.Win32.AlexaBar.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170530.dll tagged as "not-a-virus:AdWare.Win32.AlexaBar.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170675.exe infected by "Trojan-Dropper.Win32.PurityScan.g" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170683.exe infected by "Backdoor.Win32.SdBot.xd" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170696.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170698.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170955.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170705.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170707.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170708.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170710.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170719.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170956.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170724.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170726.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170759.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170761.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170762.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170764.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170778.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170780.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170781.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170783.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170838.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170840.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170841.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170843.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170858.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170860.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170861.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170863.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170864.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170878.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170880.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170882.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170884.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170885.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170901.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170903.exe
I didn't see "infected items" but on the bottom portion of the window like you said MWav is listing "virus log information":
File C:\PROGRA~1\Network\IPNETW~1.EXE tagged as "not-a-virus:AdWare.Win32.Maxifiles.y". Action Taken: No Action Taken.
File C:\PROGRA~1\TOOLBA~1\tbu02640\TOOLBA~1.DLL tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\PROGRA~1\TOOLBA~1\tbu02640\TOOLBA~1.DLL tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\PROGRA~1\Network\IPNETW~1.EXE tagged as "not-a-virus:AdWare.Win32.Maxifiles.y". Action Taken: No Action Taken.
File C:\PROGRA~1\COMMON~1\Windows\MC-110~1.EXE infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\l2mfix\backup.zip tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "network1.popups Adware" found in File System! Action Taken: No Action Taken.
Object "adware.softomate Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "adware.softomate Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "adware.softomate Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "powerstrip Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "powerstrip Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "powerstrip Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mediamotor Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mediamotor Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "istbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "alexa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula toptext Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "limewire Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "precisionpop Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.savenow Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "smitfraud variant Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "smitfraud variant Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "ezula toptext Spyware/Adware" found in File System! Action Taken: No Action Taken.
File C:\WINDOWS\gimmysmileys.exe tagged as "not-a-virus:AdWare.Win32.180Solutions.ak". Action Taken: No Action Taken.
File C:\WINDOWS\System32\ClubboxUninstall.exe tagged as not-a-virus:RiskTool.Win32.PsKill.n. No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\E7E7UDEB\dot[1].exe tagged as "not-a-virus:AdWare.Win32.MediaTickets.x". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ClubboxUninstall.exe tagged as not-a-virus:RiskTool.Win32.PsKill.n. No Action Taken.
File C:\WINDOWS\gimmysmileys.exe tagged as "not-a-virus:AdWare.Win32.180Solutions.ak". Action Taken: No Action Taken.
File C:\WINDOWS\mdrive\drsmartload195a.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\mdrive\elitem.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\mdrive\mediam.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\mdrive\yaz.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\ysbactivex.dll infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDK7YXUV\fixdll[1].exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\27G7ABI5\113[1].avi tagged as "not-a-virus:AdWare.Win32.Maxifiles.y". Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\27G7ABI5\gimmysmileys[1].exe tagged as "not-a-virus:AdWare.Win32.180Solutions.ak". Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\27G7ABI5\freeprodtb[2].exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6L6JYRMT\drdata[1].avi infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6L6JYRMT\fixdll[1].exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UV2D4R09\launcher[1].exe infected by "Trojan-Downloader.NSIS.Agent.p" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Desktop\freeprodtb.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\l2mfix\backup.zip tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\Program Files\Common Files\Windows\services32.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken.
File C:\Program Files\Common Files\InetGet\mc-110-12-0000336.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\Program Files\YSIGet\uninstall.exe tagged as not-a-virus:RiskTool.Win32.PsKill.n. No Action Taken.
File C:\Program Files\Alexa Toolbar\uninstall.exe tagged as "not-a-virus:AdWare.Win32.AlexaBar.b". Action Taken: No Action Taken.
File C:\Program Files\Toolbar888\ToolBar888.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP57\A0087465.exe tagged as "not-a-virus:AdWare.Win32.AlexaBar.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP63\A0092084.exe tagged as "not-a-virus:AdWare.Win32.AlexaBar.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170518.exe infected by "Trojan-Downloader.NSIS.Agent.p" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170520.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170950.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170952.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170953.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170529.dll tagged as "not-a-virus:AdWare.Win32.AlexaBar.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170530.dll tagged as "not-a-virus:AdWare.Win32.AlexaBar.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170675.exe infected by "Trojan-Dropper.Win32.PurityScan.g" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170683.exe infected by "Backdoor.Win32.SdBot.xd" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170696.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170698.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170955.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170705.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170707.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170708.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170710.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170719.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170956.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170724.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170726.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170759.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170761.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170762.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170764.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170778.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170780.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170781.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170783.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170838.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170840.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170841.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170843.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170858.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170860.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170861.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170863.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170864.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170878.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170880.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170882.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170884.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170885.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170901.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170903.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170904.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170906.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170907.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171951.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171953.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171954.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171956.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171957.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171991.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171993.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171994.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171996.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171997.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0172008.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0172010.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0172011.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0172013.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0172014.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176391.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0172049.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0172051.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0172052.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176393.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0172054.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0172056.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176394.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173050.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173056.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173058.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173059.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176396.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173061.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173062.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176397.exe tagged as "not-a-virus:AdWare.Win32.180Solutions.ak". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173072.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173075.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173076.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176398.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173078.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173079.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176400.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173085.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173087.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173088.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173090.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173091.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173096.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176403.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0174098.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0174099.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176404.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0174101.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0174102.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175096.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175098.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175099.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176406.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175101.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175102.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175138.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175140.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175141.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175143.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175144.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176138.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176140.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176141.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176143.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176144.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176176.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176178.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176179.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176181.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176182.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176213.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176215.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176216.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176218.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176219.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176232.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176233.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176234.exe infected by "Trojan-Clicker.Win32.Small.jf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176235.exe infected by "Trojan-Clicker.Win32.Small.jf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176244.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176246.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176247.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176248.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176249.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176255.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176257.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176258.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176260.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176261.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176322.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176324.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176325.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176327.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176328.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176330.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176333.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176336.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176337.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176338.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176364.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176366.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176367.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176368.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176370.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176372.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176374.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176377.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176378.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176389.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176420.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176422.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176424.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176425.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176427.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176429.exe tagged as "not-a-virus:AdWare.Win32.180Solutions.ak". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176431.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176432.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176435.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176436.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176437.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\x22.exe tagged as "not-a-virus:AdWare.Win32.MediaTickets.x". Action Taken: No Action Taken.
File C:\FOUND.016\FILE0003.CHK tagged as not-a-virus:Monitor.Win32.NetMon.a. No Action Taken.
File C:\fixdll.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\My Shared Folder\Pack Zealot Video Software UCF (Converter + Joiner + Sound Extractor + Splitter + AVI 2 VCD SVCD DVD).zip infected by "Email-Worm.VBS.Gedza" Virus! Action Taken: No Action Taken.
File C:\My Shared Folder\YSIGet 0.99c.exe tagged as not-a-virus:RiskTool.Win32.PsKill.n. No Action Taken.
File F:\SG\ClubboxSetup.exe tagged as not-a-virus:RiskTool.Win32.PsKill.n. No Action Taken.
File F:\Software\mIRC\nOORSCRipt.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.603. No Action Taken.
File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\E7E7UDEB\dot[1].exe tagged as "not-a-virus:AdWare.Win32.MediaTickets.x". Action Taken: No Action Taken.
File C:\WINDOWS\system32\ClubboxUninstall.exe tagged as not-a-virus:RiskTool.Win32.PsKill.n. No Action Taken.
File C:\WINDOWS\gimmysmileys.exe tagged as "not-a-virus:AdWare.Win32.180Solutions.ak". Action Taken: No Action Taken.
File C:\WINDOWS\mdrive\drsmartload195a.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\mdrive\elitem.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\mdrive\mediam.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\mdrive\yaz.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\ysbactivex.dll infected by "Trojan-Downloader.Win32.IstBar.gen" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDK7YXUV\fixdll[1].exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\27G7ABI5\113[1].avi tagged as "not-a-virus:AdWare.Win32.Maxifiles.y". Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\27G7ABI5\gimmysmileys[1].exe tagged as "not-a-virus:AdWare.Win32.180Solutions.ak". Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\27G7ABI5\freeprodtb[2].exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6L6JYRMT\drdata[1].avi infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6L6JYRMT\fixdll[1].exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UV2D4R09\launcher[1].exe infected by "Trojan-Downloader.NSIS.Agent.p" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\LocalService\Desktop\freeprodtb.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\Documents and Settings\user\Desktop\Unused Desktop Shortcuts\l2mfix\backup.zip tagged as "not-a-virus:AdWare.Win32.Look2Me.ab". Action Taken: No Action Taken.
File C:\Program Files\Common Files\Windows\services32.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken.
File C:\Program Files\Common Files\InetGet\mc-110-12-0000336.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\Program Files\YSIGet\uninstall.exe tagged as not-a-virus:RiskTool.Win32.PsKill.n. No Action Taken.
File C:\Program Files\Alexa Toolbar\uninstall.exe tagged as "not-a-virus:AdWare.Win32.AlexaBar.b". Action Taken: No Action Taken.
File C:\Program Files\Toolbar888\ToolBar888.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP57\A0087465.exe tagged as "not-a-virus:AdWare.Win32.AlexaBar.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP63\A0092084.exe tagged as "not-a-virus:AdWare.Win32.AlexaBar.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170518.exe infected by "Trojan-Downloader.NSIS.Agent.p" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170520.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170950.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170952.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170953.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170529.dll tagged as "not-a-virus:AdWare.Win32.AlexaBar.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170530.dll tagged as "not-a-virus:AdWare.Win32.AlexaBar.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170675.exe infected by "Trojan-Dropper.Win32.PurityScan.g" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170683.exe infected by "Backdoor.Win32.SdBot.xd" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170696.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170698.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170955.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170705.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170707.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170708.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170710.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170719.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170956.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170724.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170726.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170759.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170761.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170762.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170764.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170778.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170780.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170781.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170783.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170838.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170840.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170841.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170843.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170858.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170860.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170861.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170863.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170864.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170878.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170880.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170882.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170884.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170885.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170901.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170903.exe
Edited by masoliar, 22 April 2006 - 02:48 AM.
#13
Posted 22 April 2006 - 12:20 AM
masoliar
- Topic Starter
-
- Member
-
- 24 posts
Member
nfected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170904.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170906.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170907.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171951.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171953.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171954.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171956.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171957.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171991.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171993.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171994.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171996.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171997.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0172008.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0172010.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0172011.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0172013.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0172014.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176391.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0172049.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0172051.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0172052.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176393.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0172054.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0172056.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176394.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173050.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173056.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173058.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173059.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176396.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173061.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173062.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176397.exe tagged as "not-a-virus:AdWare.Win32.180Solutions.ak". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173072.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173075.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173076.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176398.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173078.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173079.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176400.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173085.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173087.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173088.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173090.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173091.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173096.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176403.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0174098.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0174099.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176404.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0174101.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0174102.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175096.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175098.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175099.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176406.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175101.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175102.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175138.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175140.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175141.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175143.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175144.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176138.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176140.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176141.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176143.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176144.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176176.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176178.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176179.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176181.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176182.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176213.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176215.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176216.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176218.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176219.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176232.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176233.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176234.exe infected by "Trojan-Clicker.Win32.Small.jf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176235.exe infected by "Trojan-Clicker.Win32.Small.jf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176244.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176246.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176247.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176248.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176249.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176255.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176257.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176258.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176260.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176261.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176322.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176324.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176325.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176327.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176328.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176330.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176333.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176336.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176337.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176338.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176364.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176366.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176367.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176368.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176370.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176372.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176374.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176377.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176378.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176389.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176420.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176422.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176424.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176425.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176427.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176429.exe tagged as "not-a-virus:AdWare.Win32.180Solutions.ak". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176431.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176432.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176435.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176436.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176437.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\x22.exe tagged as "not-a-virus:AdWare.Win32.MediaTickets.x". Action Taken: No Action Taken.
File C:\FOUND.016\FILE0003.CHK tagged as not-a-virus:Monitor.Win32.NetMon.a. No Action Taken.
File C:\fixdll.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\My Shared Folder\Pack Zealot Video Software UCF (Converter + Joiner + Sound Extractor + Splitter + AVI 2 VCD SVCD DVD).zip infected by "Email-Worm.VBS.Gedza" Virus! Action Taken: No Action Taken.
File C:\My Shared Folder\YSIGet 0.99c.exe tagged as not-a-virus:RiskTool.Win32.PsKill.n. No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170904.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170906.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0170907.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171951.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171953.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171954.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171956.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171957.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171991.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171993.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171994.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171996.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0171997.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0172008.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0172010.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0172011.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0172013.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP99\A0172014.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176391.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0172049.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0172051.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0172052.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176393.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0172054.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0172056.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176394.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173050.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173056.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173058.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173059.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176396.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173061.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173062.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176397.exe tagged as "not-a-virus:AdWare.Win32.180Solutions.ak". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173072.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173075.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173076.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176398.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173078.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173079.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176400.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173085.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173087.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173088.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173090.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173091.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0173096.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176403.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0174098.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0174099.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176404.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0174101.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0174102.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175096.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175098.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175099.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176406.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175101.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175102.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175138.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175140.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175141.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175143.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0175144.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176138.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176140.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176141.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176143.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176144.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176176.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176178.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176179.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176181.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176182.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176213.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176215.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176216.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176218.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176219.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176232.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176233.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176234.exe infected by "Trojan-Clicker.Win32.Small.jf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176235.exe infected by "Trojan-Clicker.Win32.Small.jf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176244.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176246.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176247.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176248.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176249.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176255.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176257.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176258.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176260.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176261.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176322.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176324.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176325.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176327.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176328.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176330.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176333.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176336.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176337.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176338.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176364.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176366.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176367.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176368.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176370.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176372.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176374.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176377.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176378.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP100\A0176389.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176420.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176422.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176424.exe infected by "Trojan-Downloader.Win32.Adload.ap" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176425.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176427.exe infected by "Trojan.Win32.LowZones.cr" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176429.exe tagged as "not-a-virus:AdWare.Win32.180Solutions.ak". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176431.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176432.exe tagged as "not-a-virus:AdWare.Win32.Maxifiles.h". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176435.exe infected by "Trojan-Dropper.Win32.Agent.aac" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176436.exe tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{8AF9E4B4-48D1-4A82-9AA2-CAD1BF66B827}\RP101\A0176437.dll tagged as "not-a-virus:AdWare.Win32.Softomate.j". Action Taken: No Action Taken.
File C:\x22.exe tagged as "not-a-virus:AdWare.Win32.MediaTickets.x". Action Taken: No Action Taken.
File C:\FOUND.016\FILE0003.CHK tagged as not-a-virus:Monitor.Win32.NetMon.a. No Action Taken.
File C:\fixdll.exe infected by "Trojan.Win32.LowZones.cf" Virus! Action Taken: No Action Taken.
File C:\My Shared Folder\Pack Zealot Video Software UCF (Converter + Joiner + Sound Extractor + Splitter + AVI 2 VCD SVCD DVD).zip infected by "Email-Worm.VBS.Gedza" Virus! Action Taken: No Action Taken.
File C:\My Shared Folder\YSIGet 0.99c.exe tagged as not-a-virus:RiskTool.Win32.PsKill.n. No Action Taken.
#14
Posted 22 April 2006 - 10:36 AM
Trevuren
-
- Retired Staff
-
- 18,699 posts
Old Dog
1. Please unintsall the toolbar through add/remove programs.
2. Please provide a list of uninstallable programs.
To Provide a List of Installed Programs
3. Please post a fresh HJT log
Regards,
Trevuren
2. Please provide a list of uninstallable programs.
To Provide a List of Installed Programs
- Run HijackThis.
- Click Config>>Miscellaneous Tools>>Open Uninstall Manager>>Save List
- Save list to Desktop
- Copy the Notepad list and Paste it into this thread.
3. Please post a fresh HJT log
Regards,
Trevuren
#15
Posted 22 April 2006 - 09:01 PM
masoliar
- Topic Starter
-
- Member
-
- 24 posts
Member
ACE-HIGH MP3 WAV WMA OGG Converter
Ad-Aware SE Personal
Adobe Photoshop CS
Adobe Reader 7.0.5
Alexa Toolbar
All Video Splitter 1.2.4
Audio Splitter Convertor 1.8
AVG Free Edition
AVI & MPEG Splitter 1.48
Azureus
BSPlayer
C-Dilla Licence Management System
Clubbox ÆÄÀÏÀü¼Û°ü¸®ÀÚ
DivX Player
D-Link DFM-562IS HSFi PCI Modem
Download Accelerator Plus
Easy Video Joiner 5.21
Easy Video Splitter 1.28
ewido anti-malware
FLV Player 1.3.3
Genius Scanner
Google Toolbar for Internet Explorer
Hijackthis 1.99.1
HijackThis 1.99.1
hp deskjet 630c series
Indeo® Software
Internet Explorer Q832894
iScrobbler
iTunes
J2SE Runtime Environment 5.0 Update 6
Kazaa Lite v2.1.0 [K++ Edition] [build 3]
Last.fm Player 1.1.4
LimeWire PRO 4.9.23
Macromedia Flash Player 8
Magic ISO Maker v5.1 (build 0185)
Media-motor
Microsoft Office 2000 Premium
Microsoft Tool Web Package : EXCTRLST.EXE
mIRC
mpegable X4
Musicmatch® Jukebox
Nero Suite
NeroVision Express 2 SE
nProtect KeyCrypt
NVIDIA Display Driver
PowerDVD
QuickTime
Ragnarok Online
RealPlayer
Realtek AC'97 Audio
RF Online
Riva FLV Player
Sony Ericsson PC Suite
Spy Sweeper
SpywareBlaster v3.4
VobSub v2.23 (Remove Only)
WinAVI Video Converter 5.6
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Hotfix [See Q828026 for more information]
Windows XP Hotfix - KB826939
Windows XP Hotfix - KB835732
WinRAR archiver
Yahoo! Anti-Spy
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
YSIGet
ZoneAlarm
Logfile of HijackThis v1.99.1
Scan saved at 11:00:46 AM, on 4/23/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network\ipnetwork.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMJB.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_director.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MM_TDM~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - HKLM\..\Run: [Windows Logon 32bit script] c:\oldbag.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [Microsoft Configururation 32] microsloft.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Write a Review... - http://client.alexa....ions/review.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {207048D8-A40B-4505-AE24-92FF13BEB269} (myDancerCTL Class) - http://web.spaceillu...yDancer1020.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.media-mo...s/joysavsht.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma...ersion=1,0,0,10
O16 - DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} (SiUpdaterCtrl Class) - http://web.spaceillu...Updater1015.cab
O16 - DPF: {C7B5B451-3E26-43B7-BE07-EF3FAA473E94} (Component Class) - http://login.hanbito.../cab/LSnSSO.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupga...Crypt/npkcx.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: windows file explorer (explorer) - Unknown owner - C:\WINDOWS\ssms.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Windows System32 - Unknown owner - C:\WINDOWS\zaber.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: norton (nortons) - Unknown owner - C:\WINDOWS\nvsnav.exe (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)
O23 - Service: Microsoft Windows HelpFile (Windows Helpfile) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: Windows System Host - Unknown owner - C:\WINDOWS\sychost32.exe (file missing)
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
Ad-Aware SE Personal
Adobe Photoshop CS
Adobe Reader 7.0.5
Alexa Toolbar
All Video Splitter 1.2.4
Audio Splitter Convertor 1.8
AVG Free Edition
AVI & MPEG Splitter 1.48
Azureus
BSPlayer
C-Dilla Licence Management System
Clubbox ÆÄÀÏÀü¼Û°ü¸®ÀÚ
DivX Player
D-Link DFM-562IS HSFi PCI Modem
Download Accelerator Plus
Easy Video Joiner 5.21
Easy Video Splitter 1.28
ewido anti-malware
FLV Player 1.3.3
Genius Scanner
Google Toolbar for Internet Explorer
Hijackthis 1.99.1
HijackThis 1.99.1
hp deskjet 630c series
Indeo® Software
Internet Explorer Q832894
iScrobbler
iTunes
J2SE Runtime Environment 5.0 Update 6
Kazaa Lite v2.1.0 [K++ Edition] [build 3]
Last.fm Player 1.1.4
LimeWire PRO 4.9.23
Macromedia Flash Player 8
Magic ISO Maker v5.1 (build 0185)
Media-motor
Microsoft Office 2000 Premium
Microsoft Tool Web Package : EXCTRLST.EXE
mIRC
mpegable X4
Musicmatch® Jukebox
Nero Suite
NeroVision Express 2 SE
nProtect KeyCrypt
NVIDIA Display Driver
PowerDVD
QuickTime
Ragnarok Online
RealPlayer
Realtek AC'97 Audio
RF Online
Riva FLV Player
Sony Ericsson PC Suite
Spy Sweeper
SpywareBlaster v3.4
VobSub v2.23 (Remove Only)
WinAVI Video Converter 5.6
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Hotfix [See Q828026 for more information]
Windows XP Hotfix - KB826939
Windows XP Hotfix - KB835732
WinRAR archiver
Yahoo! Anti-Spy
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
YSIGet
ZoneAlarm
Logfile of HijackThis v1.99.1
Scan saved at 11:00:46 AM, on 4/23/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network\ipnetwork.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMJB.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_director.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MM_TDM~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - HKLM\..\Run: [Windows Logon 32bit script] c:\oldbag.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Registry Toolkit] C:\Program Files\Registry Toolkit\RegToolkit.exe /scan
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [Microsoft Configururation 32] microsloft.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Microsoft Configururation 32] microsloft.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Write a Review... - http://client.alexa....ions/review.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {207048D8-A40B-4505-AE24-92FF13BEB269} (myDancerCTL Class) - http://web.spaceillu...yDancer1020.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - http://cabs.media-mo...s/joysavsht.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {938527D1-CDB7-4147-998A-B20FCA5CC976} (Cdmcco Class) - http://cafeimg.hanma...ersion=1,0,0,10
O16 - DPF: {BCA9A936-F557-408E-8301-D5B2B302EFD6} (SiUpdaterCtrl Class) - http://web.spaceillu...Updater1015.cab
O16 - DPF: {C7B5B451-3E26-43B7-BE07-EF3FAA473E94} (Component Class) - http://login.hanbito.../cab/LSnSSO.cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - https://my.levelupga...Crypt/npkcx.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: windows file explorer (explorer) - Unknown owner - C:\WINDOWS\ssms.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Windows System32 - Unknown owner - C:\WINDOWS\zaber.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: norton (nortons) - Unknown owner - C:\WINDOWS\nvsnav.exe (file missing)
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\System32\npkcsvc.exe
O23 - Service: nvidGUIv (nvidGUIv2) - Unknown owner - C:\WINDOWS\nvidGUIv.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
O23 - Service: Win32Sr - Unknown owner - C:\WINDOWS\win32ssr.exe (file missing)
O23 - Service: Microsoft Windows HelpFile (Windows Helpfile) - Unknown owner - C:\WINDOWS\services.exe (file missing)
O23 - Service: Windows System Host - Unknown owner - C:\WINDOWS\sychost32.exe (file missing)
O23 - Service: Microsoft Windows Update Service (Windows Update Service) - Unknown owner - C:\WINDOWS\services.exe (file missing)
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
