Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Unable to open this site


  • Please log in to reply

#1
jubbing

jubbing

    Member

  • Member
  • PipPip
  • 38 posts
Logfile of HijackThis v1.99.1
Scan saved at 4:20:37 AM, on 12/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Novadigm\radexecd.exe
C:\Program Files\Novadigm\radsched.exe
C:\Program Files\Novadigm\Radstgms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Novadigm\radtray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\MXOALDR.EXE
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Guest01\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CA8A9780-280D-11CF-A24D-444553540000} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [RUNRADTRAY] C:\PROGRA~1\Novadigm\radtray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferi...36516790_35.exe
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.aka...vex-2.0.6.0.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1144920342390
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C6BEC27-BAD1-47F4-A554-489F39F64D31}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{85F75B23-1BF8-4C05-BC37-C03CD372954F}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAD2F0A3-3DE0-4A26-9F33-B81336B43A6B}: NameServer = 85.255.116.61 85.255.112.218
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)
O20 - Winlogon Notify: winxtx32 - C:\WINDOWS\SYSTEM32\winxtx32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Radia Notify Daemon (radexecd) - Hewlett-Packard Company - C:\Program Files\Novadigm\radexecd.exe
O23 - Service: Radia Scheduler Daemon (radsched) - Novadigm - C:\Program Files\Novadigm\radsched.exe
O23 - Service: Radia MSI Redirector (Radstgms) - Hewlett-Packard - C:\Program Files\Novadigm\Radstgms.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

This is the Hijack This log...

Error message here

http://www.geekstogo...s...st&p=847659
  • 0

Advertisements


#2
jubbing

jubbing

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Can someone please tell me what to do now?
  • 0

#3
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :whistling:


Please download FixWareout from one of these sites:

http://downloads.sub.../Fixwareout.exe
http://www.bleepingc.../Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Finally, please post the contents of the logfile C:\fixwareout\report.txt, along with a new HijackThis log into this topic.
  • 0

#4
jubbing

jubbing

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please

Reg Entries that were deleted
...

Microsoft ® Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Searching by size/names...

»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal

Other suspects.
Directory of C:\WINDOWS\system32

»»»»» Misc files.

»»»»» Checking for older varients covered by the Rem3 tool.
  • 0

#5
jubbing

jubbing

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:46:58 AM, on 12/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Novadigm\radexecd.exe
C:\Program Files\Novadigm\radsched.exe
C:\Program Files\Novadigm\Radstgms.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Novadigm\radtray.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\MXOALDR.EXE
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Guest01\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CA8A9780-280D-11CF-A24D-444553540000} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [RUNRADTRAY] C:\PROGRA~1\Novadigm\radtray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferi...36516790_35.exe
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.aka...vex-2.0.6.0.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1144920342390
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.f...obal/msc311.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C6BEC27-BAD1-47F4-A554-489F39F64D31}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{85F75B23-1BF8-4C05-BC37-C03CD372954F}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAD2F0A3-3DE0-4A26-9F33-B81336B43A6B}: NameServer = 85.255.116.61 85.255.112.218
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)
O20 - Winlogon Notify: winxtx32 - C:\WINDOWS\SYSTEM32\winxtx32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Radia Notify Daemon (radexecd) - Hewlett-Packard Company - C:\Program Files\Novadigm\radexecd.exe
O23 - Service: Radia Scheduler Daemon (radsched) - Novadigm - C:\Program Files\Novadigm\radsched.exe
O23 - Service: Radia MSI Redirector (Radstgms) - Hewlett-Packard - C:\Program Files\Novadigm\Radstgms.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

What do I do next?
  • 0

#6
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: (no name) - {CA8A9780-280D-11CF-A24D-444553540000} - (no file)
O3 - Toolbar: (no name) - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - (no file)
O11 - Options group: [INTERNATIONAL] International*
O17 - HKLM\System\CCS\Services\Tcpip\..\{2C6BEC27-BAD1-47F4-A554-489F39F64D31}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{85F75B23-1BF8-4C05-BC37-C03CD372954F}: NameServer = 85.255.116.61,85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAD2F0A3-3DE0-4A26-9F33-B81336B43A6B}: NameServer = 85.255.116.61 85.255.112.218
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.61 85.255.112.218
O20 - Winlogon Notify: winrkq32 - winrkq32.dll (file missing)
O20 - Winlogon Notify: winwim32 - winwim32.dll (file missing)
O20 - Winlogon Notify: winxtx32 - C:\WINDOWS\SYSTEM32\winxtx32.dll




===========================


Now lets check some settings on your system.
  • Enter your Control Panel and double-click on Network Connections
  • Then right click on your Default Connection
    • Usually Local Area Connection for Cable and DSL
  • Left click on Properties
  • Double-Click on the Internet Protocol (TCP/IP) item
  • Select the radio dial that says Obtain DNS Servers Automatically
  • Press OK twice to get out of the properties screen and reboot if it asks
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)



============================


Please download AVG Anti-Spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware scan report along with a new hijackthis log.

Edited by Buckeye_Sam, 04 December 2006 - 06:01 PM.

  • 0

#7
jubbing

jubbing

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:59:38 AM 12/7/2006

+ Scan result:



C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP415\A0085212.EXE -> Backdoor.Agent.aas : Cleaned.
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP415\A0085213.exe -> Backdoor.Agent.aas : Cleaned.
C:\Documents and Settings\Guest01\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Guest01\Cookies\[email protected][1].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Guest01\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Guest01\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Guest01\Cookies\[email protected][1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Guest01\Cookies\[email protected][2].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Guest01\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Guest01\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Guest01\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Guest01\Cookies\[email protected][1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Guest01\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Guest01\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Guest01\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Guest01\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Guest01\Cookies\[email protected][2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Guest01\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Guest01\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Guest01\Cookies\[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Guest01\Cookies\[email protected][2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Guest01\Cookies\[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Guest01\Cookies\[email protected][1].txt -> TrackingCookie.Weborama : Cleaned.
C:\Documents and Settings\Guest01\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Guest01\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\1024 -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld101C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld102B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1040.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1054.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld108E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld109F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld10F3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld111.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1138.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld11A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld11B3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld11F6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1231.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld126C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld130A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1329.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1349.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld137D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld138A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld13A0.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld13D8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld13ED.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1436.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld145E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld146A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1479.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1487.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld14AA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld14CE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld14DB.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld151.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld152A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1536.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld156F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1570.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1591.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld15AD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld15CD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1657.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld169.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld169A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld16B4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld16C5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld16D4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld16EE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld170E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld173E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1759.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld17A9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld17B1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1828.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld187B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld188F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld18BC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld18BF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld18D3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld18F0.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld190B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1917.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1960.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1981.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld198D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld19B8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld19E6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1A88.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1AD0.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1B1F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1B4E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1B8A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1B99.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1BED.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1C0B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1C16.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1C21.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1C91.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1CA6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1CAF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1CE2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1D0D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1D4D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1D56.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1D9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1DD1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1E25.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1E26.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1E36.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1E84.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1EA4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1F08.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1F36.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1F71.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1F79.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1F9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld1FFF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2054.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2095.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld20AA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld212C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2188.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld219.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld21EC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld220D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld222C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2234.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2257.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld225F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2276.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2283.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld230A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld230E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld231A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld238D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2395.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld239F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld240B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld241C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld242A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld24CB.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld24FF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2546.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2556.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2575.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld25F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld261B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2630.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2633.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2646.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld268A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld26C5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld26C9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld271A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2736.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2739.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2748.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2763.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2780.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld278E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld27BE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld27CB.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld27D8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld27EB.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld280B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld281D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld284C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2901.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld296A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld298F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld299.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld29DF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2A2A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2A63.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2AD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2AFF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2B0D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2B3D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2B69.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2B92.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2BB4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2BED.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2C2C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2C55.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2C8A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2C95.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2CC8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2CC9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2CDB.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2CEF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2CF4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2D0A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2D31.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2D58.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2D91.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2E0B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2E27.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2E33.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2E6A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2EC2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2ED3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2EF8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2F49.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2F83.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2FA7.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld2FB7.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3015.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld302B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3033.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3081.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld309C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3105.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3164.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3177.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld317E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld318E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld31A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld31A9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld31AC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld31FD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3224.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3257.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3278.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld327A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld32F6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld32FF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld331.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3335.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3336.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld333C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld336.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld33B8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld33DC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld33F0.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3405.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3412.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3438.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3447.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld344E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3471.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld34A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld34AF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld34D3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld34D9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3516.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld355E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld35B6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld35BB.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld35D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld35D0.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld35F3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld35F6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3605.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld364F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld368D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld369.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld36A1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld36AA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld36C4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld36ED.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld370C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3763.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld378B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3793.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld37A4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld37F4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld380A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld386D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3874.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld38BE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld38CB.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld38D2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3906.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld390A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld390B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld394B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3992.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld39E2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld39E4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3A16.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3A21.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3A41.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3A8D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3AA9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3AC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3AFD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3B18.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3B64.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3B65.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3B75.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3B76.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3B89.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3BB8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3BC4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3BFC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3C4F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3C51.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3C60.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3D7E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3DA3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3DC6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3DD6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3E07.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3E09.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3E20.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3E2B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3E98.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3EC1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3EE6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3F44.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3F67.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld3FE3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld401.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4024.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld403F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld405C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld40B2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld40B9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld40FD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld413E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4169.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4175.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4193.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld41BD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld41CE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld41EA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld41F2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld422E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld423E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4257.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4270.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4291.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld42AE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld438B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4396.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4427.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld443D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld443F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld446E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4487.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4498.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld44E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4500.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4529.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4548.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld45AF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld464.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4673.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4687.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld46A1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld46A3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld46B9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld46DD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld46F7.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld470D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4769.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld47A3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld47CA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld47CD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld47E1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld47F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld47F6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld480E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4857.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld487E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld488A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4891.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld48B4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld48CA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld48F1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld48F8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4925.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld496C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld497E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld49C3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld49F4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4A10.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4B4A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4B60.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4B82.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4B84.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4B99.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4BA4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4BAC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4BC0.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4BC3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4BE0.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4BFE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4C09.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4C43.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4C5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4C8E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4CBC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4CBD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4CD7.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4CF3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4CFE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4D05.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4D7.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4D8D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4DB5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4DB6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4DC2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4DD0.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4DF1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4E0E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4E1A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4E5E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4EBF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4EDE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4F3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4F60.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4F86.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4F9B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld4FEB.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5034.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5040.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5045.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld508F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld50AA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5139.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5140.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5163.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld519C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld519E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld51C4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld51FB.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld522B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5265.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5283.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5287.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld52CE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld52E6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5351.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld538B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5400.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5436.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5472.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld54B3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld54FB.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld54FC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld550E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5513.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld551C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld551F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld555E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld55A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld55A7.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld55C4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld55D1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld55D3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5624.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld565A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld566.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld56AA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld56AE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld56C1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld56C4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld56D5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld56F5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld56FA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5736.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5747.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld575.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5763.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5767.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld577.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5776.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld57B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld57F6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5827.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5848.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5870.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld58E5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld58F1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5946.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5959.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5968.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld599D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5A15.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5A36.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5A47.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5A68.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5AC2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5AD1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5AF6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5B1E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5B37.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5B44.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5B7B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5C06.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5C13.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5C17.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5C24.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5C50.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5C59.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5C64.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5CAB.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5CB8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5CD9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5D38.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5D45.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5D72.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5D87.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5DA5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5DDC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5E52.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5E67.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5EBE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5ED9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5EE2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5EF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5F37.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5F41.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5F45.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5F4B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5FCE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld5FE2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6009.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6026.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld607F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld609A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld60FD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6153.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6160.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld616A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld61C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld61E8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld61F7.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6236.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6246.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6264.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6271.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld62BF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld62CA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld630C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6354.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6379.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld641C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6420.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6422.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6470.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6488.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld649.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld64B8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld64CA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld64EF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld64F5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6508.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6566.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld65A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld65BD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld65C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6647.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6648.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld66ED.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld677F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld67AA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld67D0.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld67E4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6846.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6852.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld685C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld685F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6863.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld68B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld68BB.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6903.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6975.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld698F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld699E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld69B8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld69BE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld69C3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld69DB.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld69E2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6A4E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6AA2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6AAC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6AAD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6ABE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6AD8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6AFF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6B1E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6B67.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6B6E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6B90.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6B96.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6BA6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6BC5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6C00.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6D30.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6DCE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6DE2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6DF7.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6DF9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6E2C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6E4C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6E6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6E7F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6E80.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6ED9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6F1C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6F3C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6F43.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6F62.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6F85.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6F97.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6FAE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6FB2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld6FFC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7045.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld708B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld70C5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld70DD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld70E9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld711A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7137.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7189.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld71A1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld71C5.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld71CA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld71CD.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld71D4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7239.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7252.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld726F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7287.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7290.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld729F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld72A3.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld72C8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld72C9.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld72DA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld72DF.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld731D.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7347.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7387.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld73A4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld73C1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld73E6.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld73F0.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld743C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7467.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7469.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7485.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7488.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7499.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld750F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld752E.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7536.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7573.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld75A4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld75DA.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld75E0.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7644.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7661.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7691.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld76D8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld76F4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld76F8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7720.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld778C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld77A7.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld782.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7854.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7855.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld78BC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld78C0.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld78D2.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7917.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld792.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7921.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7966.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld798A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld79E8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld79EB.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7A08.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7A4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7A41.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7A8C.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7A9F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7AAE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7AB8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7AC.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7AC0.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7AC4.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7B61.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7B6A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7B72.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7B7A.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7B8.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7BA1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7BD1.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7BE7.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7BEE.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7C41.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7C60.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7C67.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7C7B.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7C84.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7C8F.tmp -> Trojan.Small : Cleaned.
C:\WINDOWS\system32\1024\ld7CD8.tmp -> Trojan.Small : Cleaned.
  • 0

#8
jubbing

jubbing

    Member

  • Topic Starter
  • Member
  • PipPip
  • 38 posts
Logfile of HijackThis v1.99.1
Scan saved at 6:06:09 AM, on 12/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Novadigm\radexecd.exe
C:\Program Files\Novadigm\radsched.exe
C:\Program Files\Novadigm\Radstgms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\Novadigm\radtray.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\MXOALDR.EXE
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Guest01\My Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - (no file)
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [RUNRADTRAY] C:\PROGRA~1\Novadigm\radtray.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {00000000-0000-0000-0000-100005000004} - http://code.trasferi...36516790_35.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://supportapj.de...iler/SysPro.CAB
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.aka...vex-2.0.6.0.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst_current.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1144920342390
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.f...obal/msc311.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAD2F0A3-3DE0-4A26-9F33-B81336B43A6B}: NameServer = 202.188.0.133 202.188.1.5
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Radia Notify Daemon (radexecd) - Hewlett-Packard Company - C:\Program Files\Novadigm\radexecd.exe
O23 - Service: Radia Scheduler Daemon (radsched) - Novadigm - C:\Program Files\Novadigm\radsched.exe
O23 - Service: Radia MSI Redirector (Radstgms) - Hewlett-Packard - C:\Program Files\Novadigm\Radstgms.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

What now please?
  • 0

#9
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Run Hijackthis again, click scan, and Put a checkmark next to each of the lines listed below. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O3 - Toolbar: (no name) - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - (no file)


We need to update your version of Java.
  • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 10 from HERE
    • Scroll down to where it says Java Runtime Environment (JRE) 5.0 Update 10
    • Click the "Download" button to the right.
    • Accept the license agreement.
    • Click Windows Offline Installation, Multi-language to download the file.
  • Once the program has finished downloading:
    • Close any programs you may have running - especially your web browser.
    • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
    • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
      • It should have next icon next to it: Posted Image
    • Click the Remove or Change/Remove button.
    • Repeat as many times as necessary to remove each Java versions.
    • Reboot your computer once all Java components are removed.
    • Then from your desktop double-click on jre-1_5_0_10-windowsi586-p.exe to install the newest version.
  • Go back into the Control Panel and double-click the Java Icon.
    • Under Temporary Internet Files, click the Delete Files button.
    • There are three options in the window to clear the cache - Leave ALL 3 Checked
      • Downloaded Applets
      • Downloaded Applications
      • Other Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Java Control Panel.

Reboot your computer and post a new hijackthis log.
How is your computer working now? Any problems?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP