Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Popup and Virus Problems!

Started by jlc4675 , Oct 02 2006 02:03 PM

Please log in to reply

#1
jlc4675

Posted 02 October 2006 - 02:03 PM

Member

Member
12 posts

Here is the HijackThis log, please help!

Logfile of HijackThis v1.99.1
Scan saved at 3:48:26 PM, on 10/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\basfipm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\PROGRA~1\Pharos\Bin\CTskMstr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\SYSTEM32\Rpcnet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\system32\ssqro.dll (file missing)
O2 - BHO: (no name) - {3D3A5BD0-8B2D-41E1-A66A-D9BD451AAF3e} - C:\WINDOWS\system32\dcrsmifg.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {759f1cce-d04b-41fe-ad03-0fb073ffafcb} - C:\WINDOWS\system32\dvdt97.dll
O2 - BHO: ATLDistrib Object - {78653A3E-A63F-42A9-A6FE-7524F4058767} - C:\WINDOWS\system32\ddayx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\fgbhdqtv.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O20 - Winlogon Notify: afxhmycn - afxhmycn.dll (file missing)
O20 - Winlogon Notify: ddayx - C:\WINDOWS\system32\ddayx.dll
O20 - Winlogon Notify: dvdt97 - C:\WINDOWS\SYSTEM32\dvdt97.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: jckeirxe - jckeirxe.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: ssqro - ssqro.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\Pharos\Bin\CTskMstr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Unknown owner - C:\WINDOWS\SYSTEM32\Rpcnet.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

#2
Wizard

Posted 02 October 2006 - 05:00 PM

Retired Staff

Retired Staff
5,661 posts

Hi jlc4675 and Welcome to GeekstoGo!

Please download VundoFix.exe to your desktop.

Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Please download Combofix to your desktop.
http://download.blee...Bs/combofix.exe

Doubleclick combo.exe to launch the application.

Follow the prompts that will be displayed on the screen.

Don't click on the window while the fix is running, because that will cause your system to hang.

When finished, it should produce a log, combofix.txt

Please post that log in the next reply.

#3
jlc4675

Posted 02 October 2006 - 06:13 PM

Member

Topic Starter
Member
12 posts

VundoFix V6.1.6

Checking Java version...

Java version is 1.4.2.3

Java version is 1.5.0.3

Scan started at 7:32:49 PM 10/2/2006

Listing files found while scanning....

C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\xyadd.ini
C:\WINDOWS\system32\xyadd.bak1
C:\WINDOWS\system32\xyadd.bak2
C:\WINDOWS\system32\xyadd.ini2
C:\WINDOWS\system32\xyadd.tmp
C:\WINDOWS\system32\duyqtvaf.exe
C:\WINDOWS\system32\evsxwgpc.exe
C:\WINDOWS\system32\hdrfdlvd.exe
C:\WINDOWS\system32\sdnqhhya.exe
C:\WINDOWS\system32\swfkossj.exe
C:\WINDOWS\system32\tccsgycg.exe
C:\WINDOWS\system32\vlruocba.exe
C:\WINDOWS\system32\yagkvebr.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\ddayx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xyadd.ini
C:\WINDOWS\system32\xyadd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\xyadd.bak1
C:\WINDOWS\system32\xyadd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\xyadd.bak2
C:\WINDOWS\system32\xyadd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\xyadd.ini2
C:\WINDOWS\system32\xyadd.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\xyadd.tmp
C:\WINDOWS\system32\xyadd.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\duyqtvaf.exe
C:\WINDOWS\system32\duyqtvaf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\evsxwgpc.exe
C:\WINDOWS\system32\evsxwgpc.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hdrfdlvd.exe
C:\WINDOWS\system32\hdrfdlvd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\sdnqhhya.exe
C:\WINDOWS\system32\sdnqhhya.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\swfkossj.exe
C:\WINDOWS\system32\swfkossj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\tccsgycg.exe
C:\WINDOWS\system32\tccsgycg.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vlruocba.exe
C:\WINDOWS\system32\vlruocba.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\yagkvebr.exe
C:\WINDOWS\system32\yagkvebr.exe Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 8:02:58 PM, on 10/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\basfipm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\PROGRA~1\Pharos\Bin\CTskMstr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\SYSTEM32\Rpcnet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\system32\ssqro.dll (file missing)
O2 - BHO: (no name) - {3D3A5BD0-8B2D-41E1-A66A-D9BD451AAF3e} - C:\WINDOWS\system32\dcrsmifg.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {759f1cce-d04b-41fe-ad03-0fb073ffafcb} - C:\WINDOWS\system32\dvdt97.dll
O2 - BHO: ATLDistrib Object - {78653A3E-A63F-42A9-A6FE-7524F4058767} - C:\WINDOWS\system32\ddayx.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\fgbhdqtv.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O20 - Winlogon Notify: afxhmycn - afxhmycn.dll (file missing)
O20 - Winlogon Notify: dvdt97 - C:\WINDOWS\SYSTEM32\dvdt97.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: jckeirxe - jckeirxe.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: ssqro - ssqro.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\Pharos\Bin\CTskMstr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Unknown owner - C:\WINDOWS\SYSTEM32\Rpcnet.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Administrator - 06-10-02 20:05:42.59 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Administrator\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-02 to 2006-10-02 ))))))))))))))))))))))))))))))))))

2006-09-25 22:17 143,380 --a------ C:\WINDOWS\system32\gngkbmew.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-02 20:02 -------- d-------- C:\Program Files\Hijackthis
2006-10-02 19:59 31232 --a------ C:\WINDOWS\system32\Rpcnet.dll
2006-10-02 19:59 17408 --a------ C:\WINDOWS\system32\rpcnetp.exe
2006-10-02 19:31 17408 --a------ C:\WINDOWS\system32\rpcnetp.dll
2006-10-02 14:26 -------- d-------- C:\Program Files\Lavasoft
2006-10-02 14:26 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2006-10-01 19:59 -------- d-------- C:\Program Files\Windows Defender
2006-09-26 00:07 -------- d-------- C:\Program Files\iTunes
2006-09-26 00:04 -------- d-------- C:\Program Files\iPod
2006-09-25 23:51 -------- d-------- C:\Program Files\QuickTime
2006-09-25 23:34 -------- d-------- C:\Program Files\Apple Software Update
2006-09-25 22:18 -------- d-------- C:\Program Files\VSToolbar
2006-09-25 22:18 -------- d-------- C:\Documents and Settings\Administrator\Application Data\SearchToolbarCorp
2006-09-25 22:17 31232 --a------ C:\WINDOWS\system32\rpcnet.exe
2006-09-25 19:59 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-30 15:36 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-20 22:48 -------- d-------- C:\Program Files\Incomplete
2006-08-19 23:23 -------- d-------- C:\Program Files\Google
2006-08-17 03:08 -------- d-------- C:\Program Files\Internet Explorer
2006-08-15 20:38 12308 --a------ C:\WINDOWS\system32\lyjdwvjj.exe
2006-08-10 15:01 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2006-08-10 14:40 -------- d-------- C:\Program Files\Adobe
2006-07-31 19:06 38912 --a------ C:\WINDOWS\system32\identprv.dll
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-14 14:51 108144 --a------ C:\WINDOWS\system32\GEARAspi.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
@=""
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{20D57A66-F7DF-467d-907B-9B7F4A118AB7}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DVDLauncher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DVDLauncher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UpdateManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sgtray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\afxhmycn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dvdt97
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jckeirxe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqro

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: Mon 10/02/2006 20:07:38.45
ComboFix.txt

#4
Wizard

Posted 03 October 2006 - 02:34 AM

Retired Staff

Retired Staff
5,661 posts

Double-click VundoFix.exe to run it again.
Click the Scan for Vundo button.
Once it's done scanning,Right Click inside the listbox (white box) and click add more files
Copy&Paste the entries below into the open boxes
- C:\WINDOWS\system32\lyjdwvjj.exe
- C:\WINDOWS\system32\gngkbmew.exe
- C:\WINDOWS\system32\dcrsmifg.dll
Click Add Files and Click Close Window
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

If the files above arent added when VundoFix runs at reboot,please add them again.

Scan once more with ComboFix and Save the log.

Post back with C:\vundofix.txt--> ComboFix.txt2 and a fresh HijackThis log.

After posting those 3 logs,Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!

Follow the Instruction on the F-Secure page for proper installation.
Accept the License Agreement.
Once the ActiveX installs,Click Full System Scan
Once the download completes,the scan will begin automatically.
The scan will take some time to finish,so please be patient.
When the scan completes, click the Automatic cleaning (recommended) button.
Click the Show Report button and Copy&Paste the entire report in your next reply.

Edited by Cretemonster, 03 October 2006 - 02:35 AM.

#5
jlc4675

Posted 03 October 2006 - 10:37 AM

Member

Topic Starter
Member
12 posts

VundoFix V6.1.6

Checking Java version...

Java version is 1.4.2.3

Java version is 1.5.0.3

Scan started at 7:32:49 PM 10/2/2006

Listing files found while scanning....

C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\xyadd.ini
C:\WINDOWS\system32\xyadd.bak1
C:\WINDOWS\system32\xyadd.bak2
C:\WINDOWS\system32\xyadd.ini2
C:\WINDOWS\system32\xyadd.tmp
C:\WINDOWS\system32\duyqtvaf.exe
C:\WINDOWS\system32\evsxwgpc.exe
C:\WINDOWS\system32\hdrfdlvd.exe
C:\WINDOWS\system32\sdnqhhya.exe
C:\WINDOWS\system32\swfkossj.exe
C:\WINDOWS\system32\tccsgycg.exe
C:\WINDOWS\system32\vlruocba.exe
C:\WINDOWS\system32\yagkvebr.exe

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddayx.dll
C:\WINDOWS\system32\ddayx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xyadd.ini
C:\WINDOWS\system32\xyadd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\xyadd.bak1
C:\WINDOWS\system32\xyadd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\xyadd.bak2
C:\WINDOWS\system32\xyadd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\xyadd.ini2
C:\WINDOWS\system32\xyadd.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\xyadd.tmp
C:\WINDOWS\system32\xyadd.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\duyqtvaf.exe
C:\WINDOWS\system32\duyqtvaf.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\evsxwgpc.exe
C:\WINDOWS\system32\evsxwgpc.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hdrfdlvd.exe
C:\WINDOWS\system32\hdrfdlvd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\sdnqhhya.exe
C:\WINDOWS\system32\sdnqhhya.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\swfkossj.exe
C:\WINDOWS\system32\swfkossj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\tccsgycg.exe
C:\WINDOWS\system32\tccsgycg.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vlruocba.exe
C:\WINDOWS\system32\vlruocba.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\yagkvebr.exe
C:\WINDOWS\system32\yagkvebr.exe Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.1.6

Checking Java version...

Java version is 1.4.2.3

Java version is 1.5.0.3

Scan started at 11:19:21 AM 10/3/2006

Listing files found while scanning....

No infected files were found.

Beginning removal...

Attempting to delete C:\WINDOWS\system32\lyjdwvjj.exe
C:\WINDOWS\system32\lyjdwvjj.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\gngkbmew.exe
C:\WINDOWS\system32\gngkbmew.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\dcrsmifg.dll
C:\WINDOWS\system32\dcrsmifg.dll Has been deleted!

Performing Repairs to the registry.
Done!

Logfile of HijackThis v1.99.1
Scan saved at 12:22:12 PM, on 10/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\basfipm.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\PROGRA~1\Pharos\Bin\CTskMstr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\SYSTEM32\Rpcnet.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\PhoTags Express\Photags AutoDetect.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\system32\ssqro.dll (file missing)
O2 - BHO: (no name) - {3D3A5BD0-8B2D-41E1-A66A-D9BD451AAF3e} - C:\WINDOWS\system32\dcrsmifg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {759f1cce-d04b-41fe-ad03-0fb073ffafcb} - C:\WINDOWS\system32\dvdt97.dll
O2 - BHO: ATLDistrib Object - {78653A3E-A63F-42A9-A6FE-7524F4058767} - C:\WINDOWS\system32\ddayx.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\fgbhdqtv.dll (file missing)
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Photags AutoDetect.lnk = C:\Program Files\PhoTags Express\Photags AutoDetect.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?LinkID=39204
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O20 - Winlogon Notify: afxhmycn - afxhmycn.dll (file missing)
O20 - Winlogon Notify: dvdt97 - C:\WINDOWS\SYSTEM32\dvdt97.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: jckeirxe - jckeirxe.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: ssqro - ssqro.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Pharos Systems ComTaskMaster - Pharos Systems International - C:\PROGRA~1\Pharos\Bin\CTskMstr.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Unknown owner - C:\WINDOWS\SYSTEM32\Rpcnet.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

Administrator - 06-10-03 12:24:43.09 Service Pack 2
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Administrator\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-09-03 to 2006-10-03 ))))))))))))))))))))))))))))))))))

2006-10-03 11:46 9,216 --a------ C:\WINDOWS\system32\VundoFixSVC.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-03 12:22 -------- d-------- C:\Program Files\Hijackthis
2006-10-03 11:51 31232 --a------ C:\WINDOWS\system32\Rpcnet.dll
2006-10-03 11:51 17408 --a------ C:\WINDOWS\system32\rpcnetp.exe
2006-10-02 19:31 17408 --a------ C:\WINDOWS\system32\rpcnetp.dll
2006-10-02 14:26 -------- d-------- C:\Program Files\Lavasoft
2006-10-02 14:26 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2006-10-01 19:59 -------- d-------- C:\Program Files\Windows Defender
2006-09-26 00:07 -------- d-------- C:\Program Files\iTunes
2006-09-26 00:04 -------- d-------- C:\Program Files\iPod
2006-09-25 23:51 -------- d-------- C:\Program Files\QuickTime
2006-09-25 23:34 -------- d-------- C:\Program Files\Apple Software Update
2006-09-25 22:18 -------- d-------- C:\Program Files\VSToolbar
2006-09-25 22:18 -------- d-------- C:\Documents and Settings\Administrator\Application Data\SearchToolbarCorp
2006-09-25 22:17 31232 --a------ C:\WINDOWS\system32\rpcnet.exe
2006-09-25 19:59 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-30 15:36 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2006-08-21 08:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 05:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 05:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-20 22:48 -------- d-------- C:\Program Files\Incomplete
2006-08-19 23:23 -------- d-------- C:\Program Files\Google
2006-08-17 03:08 -------- d-------- C:\Program Files\Internet Explorer
2006-08-10 15:01 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2006-08-10 14:40 -------- d-------- C:\Program Files\Adobe
2006-07-31 19:06 38912 --a------ C:\WINDOWS\system32\identprv.dll
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-14 14:51 108144 --a------ C:\WINDOWS\system32\GEARAspi.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"updateMgr"="C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Dell QuickSet"="C:\\Program Files\\Dell\\QuickSet\\quickset.exe"
"Apoint"="C:\\Program Files\\Apoint\\Apoint.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~1\\vptray.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_03\\bin\\jusched.exe"
@=""
"IntelWireless"="C:\\Program Files\\Intel\\Wireless\\Bin\\ifrmewrk.exe /tf Intel PROSet/Wireless"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{20D57A66-F7DF-467d-907B-9B7F4A118AB7}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\DVDLauncher]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DVDLauncher"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\DVDLauncher.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\UpdateManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sgtray"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\afxhmycn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dvdt97
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jckeirxe
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqro

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: Tue 10/03/2006 12:26:08.17
ComboFix.txt
ComboFix2.txt

#6
Wizard

Posted 03 October 2006 - 11:29 AM

Retired Staff

Retired Staff
5,661 posts

Whoops,I missed one! :whistling:

Open HijackThis-> Click "Do a System Scan Only" and put a check by these but DO NOT hit the Fix Checked button yet

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: (no name) - {20D57A66-F7DF-467d-907B-9B7F4A118AB7} - C:\WINDOWS\system32\ssqro.dll (file missing)

O2 - BHO: (no name) - {3D3A5BD0-8B2D-41E1-A66A-D9BD451AAF3e} - C:\WINDOWS\system32\dcrsmifg.dll (file missing)

O2 - BHO: (no name) - {759f1cce-d04b-41fe-ad03-0fb073ffafcb} - C:\WINDOWS\system32\dvdt97.dll

O2 - BHO: ATLDistrib Object - {78653A3E-A63F-42A9-A6FE-7524F4058767} - C:\WINDOWS\system32\ddayx.dll (file missing)

O2 - BHO: (no name) - {B7672BAF-E9A3-49B6-86B2-C81719A18A4C} - C:\WINDOWS\system32\fgbhdqtv.dll (file missing)

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab

O20 - Winlogon Notify: afxhmycn - afxhmycn.dll (file missing)

O20 - Winlogon Notify: dvdt97 - C:\WINDOWS\SYSTEM32\dvdt97.dll

O20 - Winlogon Notify: jckeirxe - jckeirxe.dll (file missing)

O20 - Winlogon Notify: ssqro - ssqro.dll (file missing)

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button

Double-click VundoFix.exe to run it again.
Right Click inside the listbox (white box) and click add more files
Copy&Paste the entries below into the open boxes
- C:\WINDOWS\SYSTEM32\dvdt97.dll
Click Add Files and Click Close Window
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Post those 2 logs in the next reply please.

#7
jlc4675

Posted 03 October 2006 - 11:32 AM

Member

Topic Starter
Member
12 posts

Right now, I am running the F-Secure Online Scanner.
Should I stop that and do the above mentioned step first, or just let the scanner finish?

#8
Wizard

Posted 03 October 2006 - 11:42 AM

Retired Staff

Retired Staff
5,661 posts

Let it finish and then go on with the other instructions. :whistling:

#9
jlc4675

Posted 03 October 2006 - 01:21 PM

Member

Topic Starter
Member
12 posts

#10
Wizard

Posted 03 October 2006 - 01:45 PM

Retired Staff

Retired Staff
5,661 posts

OK,now the F-Secure results please.

#11
jlc4675

Posted 03 October 2006 - 03:06 PM

Member

Topic Starter
Member
12 posts

F-Secure Online Scanner 3.0.19 - Scanning Report - Tuesday, October 03, 2006 16:57:28Scanning
Report
Tuesday, October 03, 2006 15:47:47 - 16:57:22
Computer name: FSCZ730-LT
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\

Result: 2 malware found
W32/WinAD.FN.dropper (virus)
C:\TEMP\MEDIAGATEWAY.EXE
W32/WinAd.Q.dropper (virus)
C:\WINDOWS\SYSTEM32\SHELL32.EXE

Statistics
Scanned:
Files: 24178
System: 4066
Not scanned: 3
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 2
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION
DATA\MICROSOFT\WINDOWS
DEFENDER\FILETRACKER\{70895A69-0C41-48AA-A9F4-946EBED77FCE}

Options
Scanning engines:
F-Secure AVP: 6.0.171, 2006-10-03
F-Secure Libra: 2.4.1, 2006-09-29
F-Secure Orion: 1.2.37, 2006-10-03
F-Secure Blacklight: 1.0.31, 0000-00-00
F-Secure Pegasus: 1.19.0, 2006-08-29
F-Secure Draco: 1.0.35, 2006-09-19
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF
VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI
MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0
TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
Use Advanced heuristics

#12
Wizard

Posted 03 October 2006 - 06:07 PM

Retired Staff

Retired Staff
5,661 posts

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Restart in Safe Mode and be sure Windows is Showing Hidden File
http://www.bleepingc...al62.html#winxp

Locate and Delete these files if found:

C:\TEMP\MEDIAGATEWAY.EXE

C:\WINDOWS\SYSTEM32\SHELL32.EXE<--- Be sure to match the name exactly as I have it listed.

Restart Normal and Please go HERE to run Panda's ActiveScan

Once you are on the Panda site click the Scan your PC button
A new window will open...click the Check Now button
Enter your Country
Enter your State/Province
Enter your e-mail address and click send
Select either Home User or Company
Click the big Scan Now button
If it wants to install an ActiveX component allow it
It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
When download is complete, click on My Computer to start the scan
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

#13
jlc4675

Posted 03 October 2006 - 08:10 PM

Member

Topic Starter
Member
12 posts

Panda ActiveScan Results

Adware:adware/ncase
Not disinfected
c:\temp\180SAInstaller.exe

Potentially unwanted tool:application/mywebsearch
Not disinfected
hkey_classes_root\clsid\{9AFB8248-617F-460d-9366-D71CDEDA3179}

Adware:adware/dyfuca
Not disinfected
Windows Registry

Spyware:spyware/virtumonde
Not disinfected
Windows Registry

Adware:Adware/WUpd
Not disinfected
C:\RECYCLER\S-1-5-21-3456346337-537756752-2807889171-500\Dc1.exe

Adware:Adware/WUpd
Not disinfected
C:\temp\Remover.exe

Adware:Adware/SecurityError
Not disinfected
C:\VundoFix Backups\duyqtvaf.exe.bad

Adware:Adware/SystemDoctor
Not disinfected
C:\VundoFix Backups\evsxwgpc.exe.bad

Adware:Adware/SecurityError
Not disinfected
C:\VundoFix Backups\hdrfdlvd.exe.bad

Adware:Adware/SecurityError
Not disinfected
C:\VundoFix Backups\lyjdwvjj.exe.bad

Adware:Adware/SecurityError
Not disinfected
C:\VundoFix Backups\sdnqhhya.exe.bad

Adware:Adware/SystemDoctor
Not disinfected
C:\VundoFix Backups\swfkossj.exe.bad

Adware:Adware/SecurityError
Not disinfected
C:\VundoFix Backups\tccsgycg.exe.bad

Adware:Adware/SecurityError
Not disinfected
C:\VundoFix Backups\vlruocba.exe.bad

Adware:Adware/SecurityError
Not disinfected
C:\VundoFix Backups\yagkvebr.exe.bad

#14
Wizard

Posted 04 October 2006 - 02:59 AM

Retired Staff

Retired Staff
5,661 posts

Please navigate to this folder--> c:\temp

Delete everything thats inside that folder,please.

Delete the C:\VundoFix Backups folder as well,please.

Copy & paste the text in bold below into notepad and save it as recyclerem.bat
(Set filetype to "All Files")

attrib -r -s -h %systemdrive%\Recycler
del %systemdrive%\Recycler
attrib -r -s -h %systemdrive%\Recycled
del %systemdrive%\Recycled
shutdown /r /t 0 /f

Close all programs and doubleclick recyclerem.bat

Your computer will reboot and you will have a shiny new (empty) recycle bin.

Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacools.../downloads.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/...2002/hosts2.htm

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

#15
jlc4675

Posted 04 October 2006 - 12:00 PM

Member

Topic Starter
Member
12 posts

So I thought we were making good progress but I guess I was wrong. I started to run the Kaspersky scan and all of a sudden Symantec kept popping up saying that it found the Hacktool.Spammer virus! :whistling:

Everytime that Symatec quarantined the file, another one would pop up until the scan moved on to another folder. So below is my results from the online scan:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, October 04, 2006 1:58:57 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 4/10/2006
Kaspersky Anti-Virus database records: 228806
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 67497
Number of viruses found: 16
Number of infected objects: 229 / 0
Number of suspicious objects: 0
Duration of the scan process: 01:44:48

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{9702DEC5-378D-4971-B67A-F3DA16314D18} Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{D85248B2-A8B4-4876-A7F5-787725EDC595} Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-10012006-200127.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\ITS\Application Data\desktop.ini Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Intel\Wireless\Settings\Settings.ini Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Intel\Wireless\WLANProfiles\Profiles.enc Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Intel\Wireless\WLANProfiles\Profiles.enc.bak Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Macromedia\Shockwave Player\dirapi.mch Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Macromedia\Shockwave Player\Shockwave Log Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\DirectSound\DirectSound.x32 Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\FlashAsset\Flash Asset.x32 Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\MacroMix\MacroMix.x32 Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SoundControl\Sound Control.x32 Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SWA\swadcmpr.x32 Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Macromedia\Shockwave Player\xtras\download\MacromediaInc\SWA\SWASTRM.X32 Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\CryptnetUrlCache\Content\486CC6AFD08942336C61FCD401C4A1D1 Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\CryptnetUrlCache\Content\74BFD122C0875EC75DBE5C6DB4C59019 Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1 Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\CryptnetUrlCache\MetaData\486CC6AFD08942336C61FCD401C4A1D1 Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\CryptnetUrlCache\MetaData\74BFD122C0875EC75DBE5C6DB4C59019 Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1 Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\HTML Help\hh.dat Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\Internet Explorer\brndlog.bak Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\Internet Explorer\brndlog.txt Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\Internet Explorer\Desktop.htt Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\Internet Explorer\Quick Launch\RecordNow! Plus.lnk Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\Protect\CREDHIST Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\Protect\S-1-5-21-1060284298-308236825-682003330-1003\7f8b2e04-d589-4b9c-9a38-464687f97060 Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\Protect\S-1-5-21-1060284298-308236825-682003330-1003\Preferred Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Microsoft\Windows\Themes\Custom.theme Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\Msg\Category.dat Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\Msg\SCategory.dat Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\cookies.txt Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\ctd.dat Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\db\Backup\iscomplete Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\db\CD.CDX Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\db\CD.DBF Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\db\CDTRAX.CDX Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\db\CDTRAX.DBF Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\db\PLAYGRPS.CDX Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\db\PLAYGRPS.DBF Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\db\PLAYLIST.CDX Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\db\PLAYLIST.DBF Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\db\PLAYLIST.FPT Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\db\PLAYTRAX.CDX Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\db\PLAYTRAX.DBF Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\db\TRACKS.DBF Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\db\TRACKS.FPT Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\db\TRACKS2.CDX Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\db\TRAKINFO.CDX Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\db\TRAKINFO.DBF Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\db\version Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\ErrorLogs\CDBurning.log Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\ErrorLogs\DownloadMgr.log Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\ErrorLogs\GenDevices.log Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\ErrorLogs\pdgenctnomad.log Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\ErrorLogs\pdgenwmdm.log Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\History\firstrun.lnk Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\History\Untitled Document.lnk Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\History\Welcome to RealPlayer.lnk Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\realplayer.ste Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\skins\data\normal\imgcache.dat Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\skins\data\normal\state.ini Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\RealPlayer\viz.ini Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Real\rnadmin\rnsystem.dat Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Sonic\Update Manager\sumdb.dat Object is locked skipped
C:\Documents and Settings\ITS\Application Data\Sun\Java\Deployment\deployment.properties Object is locked skipped
C:\Documents and Settings\ITS\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\ITS\Desktop\Spybot - Search & Destroy.lnk Object is locked skipped
C:\Documents and Settings\ITS\Favorites\Desktop.ini Object is locked skipped
C:\Documents and Settings\ITS\Favorites\Links\Customize Links.url Object is locked skipped
C:\Documents and Settings\ITS\Favorites\Links\Free Hotmail.url Object is locked skipped
C:\Documents and Settings\ITS\Favorites\Links\Windows Marketplace.url Object is locked skipped
C:\Documents and Settings\ITS\Favorites\Links\Windows Media.url Object is locked skipped
C:\Documents and Settings\ITS\Favorites\Links\Windows.url Object is locked skipped
C:\Documents and Settings\ITS\Favorites\MSN.com.url Object is locked skipped
C:\Documents and Settings\ITS\Favorites\Radio Station Guide.url Object is locked skipped
C:\Documents and Settings\ITS\Local Settings\Application Data\ApplicationHistory\cr_ss30.exe.136e4fc9.ini.inuse Object is locked skipped
C:\Documents and Settings\ITS\Local Settings\Application Data\ApplicationHistory\MsiExec.exe.8cb23528.ini.inuse Object is locked skipped
C:\Documents and Settings\ITS\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini Object is locked skipped
C:\Documents and Settings\ITS\Local Settings\Application Data\ApplicationHistory\SL12.tmp.1d4c8d.ini Object is locked skipped
C:\Documents and Settings\ITS\Local Settings\Application Data\ApplicationHistory\SLA.tmp.f064a567.ini Object is locked skipped
C:\Documents and Settings\ITS\Local Settings\Application Data\fusioncache.dat Object is locked skipped
C:\Documents and Settings\ITS\Local Settings\Application Data\GDIPFONTCACHEV1.DAT Object is locked skipped
C:\Documents and Settings\ITS\Local Settings\Application Data\IconCache.db Object is locked skipped
C:\Documents and Settings\ITS\Local Settings\Application Data\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Documents and Settings\ITS\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped
C:\Documents and Settings\ITS\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\ITS\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\ITS\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\ITS\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\ITS\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD Object is locked skipped
C:\Documents and Settings\ITS\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML Object is locked skipped
C:\Documents and Settings\ITS\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\1033.MST Object is locked skipped
C:\Documents and Settings\ITS\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\Java 2 Runtime Environment, SE v1.4.2_03.msi Object is locked skipped
C:\Documents and Settings\ITS\Local Settings\desktop.ini Object is locked skipped
C:\Documents and Settings\ITS\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ITS\Local Settings\History\History.IE5\MSHist012005050520050506\index.dat Object is locked skipped
C:\Documents and Settings\ITS\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ITS\My Documents\desktop.ini Object is locked skipped
C:\Documents and Settings\ITS\My Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\ITS\My Documents\My Music\Sample Music.lnk Object is locked skipped
C:\Documents and Settings\ITS\My Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\ITS\My Documents\My Pictures\Sample Pictures.lnk Object is locked skipped
C:\Documents and Settings\ITS\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\ITS\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\ITS\ntuser.ini Object is locked skipped
C:\Documents and Settings\ITS\Recent\Dell-XP.lnk Object is locked skipped
C:\Documents and Settings\ITS\Recent\Desktop.ini Object is locked skipped
C:\Documents and Settings\ITS\Recent\SysPrep.lnk Object is locked skipped
C:\Documents and Settings\ITS\SendTo\Compressed (zipped) Folder.ZFSendToTarget Object is locked skipped
C:\Documents and Settings\ITS\SendTo\Desktop (create shortcut).DeskLink Object is locked skipped
C:\Documents and Settings\ITS\SendTo\desktop.ini Object is locked skipped
C:\Documents and Settings\ITS\SendTo\Mail Recipient.MAPIMail Object is locked skipped
C:\Documents and Settings\ITS\SendTo\My Documents.mydocs Object is locked skipped
C:\Documents and Settings\ITS\SendTo\RecordNow! Plus.RecordNowSendToExt Object is locked skipped
C:\Documents and Settings\ITS\Start Menu\desktop.ini Object is locked skipped
C:\Documents and Settings\ITS\Start Menu\Programs\Accessories\Accessibility\desktop.ini Object is locked skipped
C:\Documents and Settings\ITS\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk Object is locked skipped
C:\Documents and Settings\ITS\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk Object is locked skipped
C:\Documents and Settings\ITS\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk Object is locked skipped
C:\Documents and Settings\ITS\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk Object is locked skipped
C:\Documents and Settings\ITS\Start Menu\Programs\Accessories\Address Book.lnk Object is locked skipped
C:\Documents and Settings\ITS\Start Menu\Programs\Accessories\Command Prompt.lnk Object is locked skipped
C:\Documents and Settings\ITS\Start Menu\Programs\Accessories\desktop.ini Object is locked skipped
C:\Documents and Settings\ITS\Start Menu\Programs\Accessories\Entertainment\desktop.ini Object is locked skipped
C:\Documents and Settings\ITS\Start Menu\Programs\Accessories\Entertainment\RealPlayer.lnk Object is locked skipped
C:\Documents and Settings\ITS\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\ITS\Start Menu\Programs\Accessories\Notepad.lnk Object is locked skipped
C:\Documents and Settings\ITS\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk Object is locked skipped
C:\Documents and Settings\ITS\Start Menu\Programs\Accessories\Synchronize.lnk Object is locked skipped
C:\Documents and Settings\ITS\Start Menu\Programs\Accessories\Tour Windows XP.lnk Object is locked skipped
C:\Documents and Settings\ITS\Start Menu\Programs\Accessories\Windows Explorer.lnk Object is locked skipped
C:\Documents and Settings\ITS\Start Menu\Programs\desktop.ini Object is locked skipped
C:\Documents and Settings\ITS\Start Menu\Programs\Internet Explorer.lnk Object is locked skipped
C:\Documents and Settings\ITS\Start Menu\Programs\Outlook Express.lnk Object is locked skipped
C:\Documents and Settings\ITS\Start Menu\Programs\Remote Assistance.lnk Object is locked skipped
C:\Documents and Settings\ITS\Start Menu\Programs\Startup\desktop.ini Object is locked skipped
C:\Documents and Settings\ITS\Start Menu\Programs\Windows Media Player.lnk Object is locked skipped
C:\Documents and Settings\ITS\Templates\amipro.sam Object is locked skipped
C:\Documents and Settings\ITS\Templates\excel.xls Object is locked skipped
C:\Documents and Settings\ITS\Templates\excel4.xls Object is locked skipped
C:\Documents and Settings\ITS\Templates\lotus.wk4 Object is locked skipped
C:\Documents and Settings\ITS\Templates\powerpnt.ppt Object is locked skipped
C:\Documents and Settings\ITS\Templates\presenta.shw Object is locked skipped
C:\Documents and Settings\ITS\Templates\quattro.wb2 Object is locked skipped
C:\Documents and Settings\ITS\Templates\sndrec.wav Object is locked skipped
C:\Documents and Settings\ITS\Templates\winword.doc Object is locked skipped
C:\Documents and Settings\ITS\Templates\winword2.doc Object is locked skipped
C:\Documents and Settings\ITS\Templates\wordpfct.wpd Object is locked skipped
C:\Documents and Settings\ITS\Templates\wordpfct.wpg Object is locked skipped
C:\Documents and Settings\ITS\UserData\index.dat Object is locked skipped
C:\Documents and Settings\ITS\UserData\K9KV4XIX\oWindowsUpdate[1].xml Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP277\A0048978.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP277\A0048979.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP277\A0048989.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP277\A0048990.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP278\A0049019.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP278\A0049020.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP278\A0049049.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP278\A0049050.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP278\A0049057.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP278\A0049058.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP278\A0049190.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP278\A0049191.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP278\A0050189.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP278\A0050190.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP278\A0050199.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP278\A0050200.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP278\A0051199.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP278\A0051200.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP278\A0052199.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP278\A0052200.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP279\A0053199.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP279\A0053200.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP279\A0054200.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP279\A0054201.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP279\A0055199.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP279\A0055200.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP280\A0056199.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP280\A0056200.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP281\A0057195.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP281\A0057196.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP281\A0058195.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP281\A0058196.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP283\A0058258.exe/username.exe Infected: Trojan-Downloader.Win32.Small.ya skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP283\A0058258.exe/shell32.exe Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP283\A0058258.exe SetupFactory: infected - 2 skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP283\A0058298.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP283\A0058299.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP283\A0058312.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP283\A0058313.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP283\A0059312.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP283\A0059313.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP283\A0060312.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP283\A0060313.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP284\A0061308.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP284\A0061309.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP285\A0062308.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP285\A0062309.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP285\A0063311.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP285\A0063312.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP286\A0064309.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP286\A0064310.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP286\A0064324.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP286\A0064325.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP287\A0064347.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP287\A0064348.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP287\A0065350.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP287\A0065351.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP287\A0066350.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP287\A0066351.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP287\A0067346.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP287\A0067347.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP288\A0068344.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.aq skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP288\A0068345.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP288\A0068347.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP288\A0068348.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP288\A0068349.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP288\A0068350.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP288\A0068351.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP288\A0068352.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP288\A0068353.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP288\A0068354.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ab skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP288\A0068355.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP288\A0068362.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP288\A0068363.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP288\A0069344.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP288\A0069347.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP288\A0069348.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP288\A0070350.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP288\A0070351.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP288\A0071348.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP288\A0071349.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP289\A0071444.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP289\A0071445.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP289\A0072431.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP289\A0072432.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP289\A0073427.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP289\A0073428.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP290\A0074431.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP290\A0074432.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP290\A0075429.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP290\A0075430.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP290\A0075451.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP290\A0075452.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP291\A0076449.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP291\A0076450.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP291\A0077443.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP291\A0077451.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP291\A0077452.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP291\A0077455.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP291\A0078449.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP291\A0078450.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP293\A0078475.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP293\A0078476.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP293\A0079475.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP293\A0079476.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP293\A0079503.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP293\A0079520.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP293\A0079521.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP294\A0079536.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP294\A0079537.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP295\A0080534.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP295\A0080535.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP295\A0080552.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP295\A0080553.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP295\A0081548.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP295\A0081549.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP296\A0081564.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP296\A0081565.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP296\A0082564.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP296\A0082565.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP296\A0083562.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP296\A0083563.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP296\A0084566.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP296\A0084567.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP297\A0085566.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP297\A0085567.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP297\A0086562.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP297\A0086563.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP297\A0087566.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP297\A0087567.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP297\A0088564.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP297\A0088565.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP298\A0088600.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP298\A0088601.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP299\A0089600.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP299\A0089601.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP299\A0090598.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP299\A0090599.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP299\A0091600.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP299\A0091601.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP299\A0092598.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP299\A0092599.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP299\A0093601.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP299\A0093603.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP299\A0093618.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP299\A0093619.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP300\A0094622.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP300\A0094623.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP301\A0094642.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP301\A0094648.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP301\A0094650.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP301\A0094656.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP302\A0094851.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP302\A0094852.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP302\A0095828.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP302\A0095829.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP302\A0096826.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP302\A0096827.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP302\A0096839.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP302\A0096840.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP302\A0097837.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP302\A0097838.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP303\A0098839.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP303\A0098840.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP303\A0099835.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP303\A0099836.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP303\A0099844.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP303\A0099845.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP305\A0100843.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP305\A0100853.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP305\A0100854.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP306\A0100862.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP306\A0100863.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP309\A0100919.dll Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP309\A0100925.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP309\A0100940.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP309\A0100941.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP309\A0100942.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP310\A0100950.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP310\A0100951.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP311\A0100958.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP311\A0100966.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP311\A0100967.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP311\A0101960.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP311\A0101968.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP311\A0101969.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP312\A0101970.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP312\A0101972.exe Infected: Trojan.Win32.Small.ju skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP312\A0101973.exe Infected: Trojan.Win32.Small.ju skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP312\A0101974.exe Infected: Trojan.Win32.Small.ju skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP312\A0101975.exe Infected: Trojan.Win32.Small.ju skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP312\A0101976.exe Infected: Trojan.Win32.Small.ju skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP312\A0101977.exe Infected: Trojan.Win32.Small.ju skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP312\A0101978.exe Infected: Trojan.Win32.Small.ju skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP312\A0101979.exe Infected: Trojan.Win32.Small.ju skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP312\A0101986.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP312\A0101987.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP313\A0102031.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP313\A0102032.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP313\A0102039.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP313\A0102040.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP314\A0102041.exe Infected: Trojan.Win32.Small.ju skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP314\A0102046.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP314\A0102047.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP316\A0102081.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP316\A0102082.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP316\A0102090.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP316\A0102091.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP318\A0102104.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP318\A0102105.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP319\A0102295.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP320\A0102305.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP320\A0102313.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP320\A0102314.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP321\A0102315.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP321\A0102316.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP321\A0102317.exe Infected: not-a-virus:Dialer.Win32.Rpcnet.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP322\A0102320.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP322\A0102321.exe Infected: not-a-virus:AdWare.Win32.WinAD.b skipped
C:\System Volume Information\_restore{729BFA00-8342-498B-B51C-D4CD96D3DBD6}\RP322\A0102326.dll Infected: not-a-virus:Dialer.Win32.Rpcnet.c skipped
C:\S