Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

virus or spyware help [RESOLVED]

Started by rstevens01 , Aug 22 2008 04:53 PM

This topic is locked

#1
rstevens01

Posted 22 August 2008 - 04:53 PM

Member

Member
30 posts

Went through all the steps listed before posting. Malware detected 31 objects and deleted them all. Rebooted and ran norton 360 again, but found nothing. When I click on certain web pages, I am being redirected to "anti-virus doc" and wants to scan my computer. The origianl page i click says "page not found" then redirects me. Any help would be appreciated.

#2
kahdah

Posted 22 August 2008 - 05:26 PM

GeekU Teacher

Retired Staff
15,822 posts

Hello rstevens01

Welcome to G2Go.

=====================
Posted Image

Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

#3
rstevens01

Posted 22 August 2008 - 05:32 PM

Member

Topic Starter
Member
30 posts

Thanks for the quick reply. here it is.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:31:30 PM, on 8/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\AOL\1129387580\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\java.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129387580\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [d0v8RgeEj] adsstrm.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol....oach_core_1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1164169244406
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...3.16/ttinst.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file:///D:/MEMDISC/ALBUM_A/VIEW/PLUGIN/HPODPCFC.CAB
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...ent2.0.20.3.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallMSN.exe
O20 - AppInit_DLLs:
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13719 bytes

#4
kahdah

Posted 22 August 2008 - 06:57 PM

GeekU Teacher

Retired Staff
15,822 posts

You have a downloader trojan called Downloader.Agent.awf or Downloader.Agent.ayy. This trojan replaces legitimate files that are common on most computers with an infected file. It then moves the legitimate file to a "bak" or backup folder. Please follow the directions below to run FindAWF so we can identify the files that have been infected and the backups then restore them.

Download FindAWF.exe from here or here, and save it to your desktop.

Double-click on the FindAWF.exe file to run it.
It will open a command prompt and ask you to "Press any key to continue".
You will be presented with a Menu.

1. Press 1 then Enter to scan for bak folders
2. Press 2 then Enter to restore files from bak folders
3. Press 3 then Enter to remove bak folders
4. Press 4 then Enter to reset domain zones
5. Press E then Enter to EXIT
Press 1, then press Enter
It may take a few minutes to complete so be patient.
When it is complete, it will open a text file in notepad called AWF.txt.
Please copy and paste the contents of the AWF.txt file in your next reply.

#5
rstevens01

Posted 22 August 2008 - 10:02 PM

Member

Topic Starter
Member
30 posts

downloaded, saved and ran. got the menu. chose 1 and enter, got error message.

c:\documents and settings\ralph\findawf.exe
c:\windows\systems32\autoexec.nt. The system file is not suitable for running MS-DOS and microsoft windows. Choose cancel or ignore.

Tried both and all i got on the notepad was

Find AWF report by noahdfear ©2006
Version 1.40

The current date is: Fri 08/22/2008
The current time is: 20:47:19.67

bak folders found
~~~~~~~~~~~

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

end of report

#6
kahdah

Posted 22 August 2008 - 10:14 PM

GeekU Teacher

Retired Staff
15,822 posts

Download OTViewIt to your desktop.

Close all windows and open it
Click Run Scan and let the program run uninterrupted
It will produce a log for you (it gets saved on your desktop as well ), post that log here.

#7
rstevens01

Posted 22 August 2008 - 10:32 PM

Member

Topic Starter
Member
30 posts

OTViewIt logfile created on: 8/22/2008 9:29:25 PM
OTViewIt by OldTimer - Version 1.0.0.6 Folder = C:\Documents and Settings\Ralph\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.98 Mb Total Physical Memory | 150.96 Mb Available Physical Memory | 29.54% Memory free
1.22 Gb Paging File | 0.65 Gb Available in Paging File | 53.53% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.46 Gb Total Space | 6.91 Gb Free Space | 9.28% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RALPH-ZAS0G11BF
Current User Name: Ralph
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user

===== Processes - Non-Microsoft Only =====

[01/09/2007 10:59 PM | 00,108,648 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[01/04/2008 02:27 PM | 00,587,096 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
[06/25/2003 08:32 AM | 00,303,104 | ---- | M] (Lexmark International, Inc.) - C:\WINDOWS\system32\LEXBCES.EXE
[06/25/2003 08:27 AM | 00,174,592 | ---- | M] (Lexmark International, Inc.) - C:\WINDOWS\system32\LEXPPS.EXE
[10/23/2006 05:50 AM | 00,046,640 | R--- | M] (AOL LLC) - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
[07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe
[01/15/2008 10:28 AM | 00,204,800 | ---- | M] () - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
[11/03/2003 01:46 PM | 00,073,728 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe
[08/27/2003 10:29 AM | 00,065,536 | ---- | M] (America Online, Inc.) - C:\WINDOWS\wanmpsvc.exe
[04/12/2007 02:23 PM | 00,042,032 | ---- | M] (AOL LLC) - C:\Program Files\Common Files\AOL\1129387580\ee\aolsoftware.exe
[01/09/2007 10:59 PM | 00,115,816 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[02/22/2008 04:25 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.) - C:\Program Files\iTunes\iTunesHelper.exe
[05/29/2008 05:18 PM | 00,323,216 | ---- | M] (Napster) - C:\Program Files\Napster\napster.exe
[05/30/2007 09:26 AM | 00,068,856 | ---- | M] (Google Inc.) - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[02/22/2008 01:23 AM | 00,135,168 | ---- | M] (Sun Microsystems, Inc.) - C:\WINDOWS\system32\java.exe
[06/01/2006 02:32 PM | 00,094,208 | ---- | M] (Nero AG) - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[06/07/2007 02:08 PM | 00,103,928 | ---- | M] (Yahoo! Inc.) - C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
[03/30/2008 10:36 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe
[02/22/2008 04:25 AM | 00,329,104 | ---- | M] (Sun Microsystems, Inc.) - C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
[01/23/2008 02:09 PM | 01,251,720 | ---- | M] () - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[08/22/2008 09:28 PM | 01,398,784 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Ralph\Desktop\OTViewIt.exe

===== Win32 Services - Non-Microsoft Only =====

(aawservice) Ad-Aware 2007 Service [Auto | Running]
[01/04/2008 02:27 PM | 00,587,096 | ---- | M] (Lavasoft) - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

(Adobe LM Service) Adobe LM Service [On_Demand | Stopped]
[03/20/2006 03:07 AM | 00,068,096 | ---- | M] () - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

(AOL ACS) AOL Connectivity Service [Auto | Running]
[10/23/2006 05:50 AM | 00,046,640 | R--- | M] (AOL LLC) - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

(AOLService) AOL Spyware Protection Service [Auto | Stopped]
File not found - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe

(Apple Mobile Device) Apple Mobile Device [Auto | Running]
[07/22/2008 08:42 PM | 00,116,040 | ---- | M] (Apple Inc.) - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

(Bonjour Service) Bonjour Service [Auto | Running]
[07/24/2007 03:17 PM | 00,229,376 | ---- | M] (Apple Inc.) - C:\Program Files\Bonjour\mDNSResponder.exe

(ccEvtMgr) Symantec Event Manager [Auto | Running]
[01/09/2007 10:59 PM | 00,108,648 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(ccSetMgr) Symantec Settings Manager [Auto | Running]
[01/09/2007 10:59 PM | 00,108,648 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(CLTNetCnService) Symantec Lic NetConnect service [Auto | Running]
[01/09/2007 10:59 PM | 00,108,648 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(comHost) COM Host [On_Demand | Stopped]
[01/12/2007 08:40 PM | 00,049,248 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped]
[08/04/2004 12:56 AM | 00,224,768 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\dmadmin.exe

(gusvc) Google Updater Service [On_Demand | Stopped]
[01/27/2007 12:00 PM | 00,138,168 | ---- | M] (Google) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

(iPod Service) iPod Service [On_Demand | Running]
[03/30/2008 10:36 AM | 00,504,104 | ---- | M] (Apple Inc.) - C:\Program Files\iPod\bin\iPodService.exe

(LexBceS) LexBce Server [Auto | Running]
[06/25/2003 08:32 AM | 00,303,104 | ---- | M] (Lexmark International, Inc.) - C:\WINDOWS\system32\LEXBCES.EXE

(LinksysUpdater) Linksys Updater [Auto | Running]
[01/15/2008 10:28 AM | 00,204,800 | ---- | M] () - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe

(LiveUpdate) LiveUpdate [On_Demand | Stopped]
[09/12/2007 07:27 PM | 02,999,664 | ---- | M] (Symantec Corporation) - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE

(LiveUpdate Notice Ex) LiveUpdate Notice Service Ex [Auto | Running]
[01/09/2007 10:59 PM | 00,108,648 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

(LiveUpdate Notice Service) LiveUpdate Notice Service [Auto | Stopped]
[01/29/2008 06:38 PM | 00,583,048 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

(NVSvc) NVIDIA Driver Helper Service [Auto | Running]
[11/03/2003 01:46 PM | 00,073,728 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\nvsvc32.exe

(Symantec Core LC) Symantec Core LC [On_Demand | Running]
[01/23/2008 02:09 PM | 01,251,720 | ---- | M] () - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

(Symantec RemoteAssist) Symantec RemoteAssist [On_Demand | Stopped]
[01/29/2008 04:09 PM | 00,394,704 | ---- | M] (Symantec, Inc.) - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe

(WANMiniportService) WAN Miniport (ATW) Service [Auto | Running]
[08/27/2003 10:29 AM | 00,065,536 | ---- | M] (America Online, Inc.) - C:\WINDOWS\wanmpsvc.exe

===== Driver Services - Non-Microsoft Only =====

(aeaudio) aeaudio [On_Demand | Running]
[04/01/2002 02:15 PM | 00,004,816 | ---- | M] (Andrea Electronics Corporation) - C:\WINDOWS\system32\drivers\aeaudio.sys

(bvrp_pci) bvrp_pci [On_Demand | Stopped]
[08/28/2003 04:58 PM | 00,004,272 | R--- | M] () - C:\WINDOWS\system32\drivers\bvrp_pci.sys

(dmboot) dmboot [Disabled | Stopped]
[08/03/2004 11:07 PM | 00,799,744 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmboot.sys

(dmio) dmio [Disabled | Stopped]
[08/03/2004 11:07 PM | 00,153,344 | ---- | M] (Microsoft Corp., Veritas Software) - C:\WINDOWS\system32\drivers\dmio.sys

(dmload) dmload [Disabled | Stopped]
[07/16/2003 01:27 PM | 00,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\drivers\dmload.sys

(drvmcdb) drvmcdb [Boot | Running]
[07/31/2003 03:21 AM | 00,084,576 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\drvmcdb.sys

(drvnddm) drvnddm [Auto | Running]
[06/20/2003 02:56 AM | 00,040,448 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\drvnddm.sys

(E100B) Intel® PRO Adapter Driver [On_Demand | Running]
[03/04/2003 12:56 PM | 00,145,408 | ---- | M] (Intel Corporation) - C:\WINDOWS\system32\drivers\e100b325.sys

(eeCtrl) Symantec Eraser Control driver [System | Running]
[08/20/2008 01:00 AM | 00,371,248 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

(EraserUtilRebootDrv) EraserUtilRebootDrv [On_Demand | Running]
[08/20/2008 01:00 AM | 00,099,376 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

(EuMusDesignVirtualAudioCableWdm_jrm) MuvEnum Virtual Cable [On_Demand | Running]
[04/07/2007 12:17 PM | 00,035,624 | ---- | M] () - C:\WINDOWS\system32\drivers\vacjrmkd.sys

(ewdmaudn) ewdmaudn [On_Demand | Stopped]
File not found - C:\DOCUME~1\Rauni\LOCALS~1\Temp\ewdmaudn.sys

(GEARAspiWDM) GEARAspiWDM [On_Demand | Running]
[01/29/2008 12:01 PM | 00,016,168 | ---- | M] (GEAR Software Inc.) - C:\WINDOWS\system32\drivers\GEARAspiWDM.sys

(HSFHWBS2) HSFHWBS2 [On_Demand | Running]
[07/02/2003 08:26 AM | 00,202,368 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSFHWBS2.sys

(HSF_DP) HSF_DP [On_Demand | Running]
[07/02/2003 08:24 AM | 01,063,936 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_DP.sys

(LKJAJDFJ) LKJAJDFJ [Auto | Stopped]
File not found - C:\WINDOWS\system32\lkjajdfj.jpy

(mdmxsdk) mdmxsdk [Auto | Running]
[04/09/2003 11:48 AM | 00,011,043 | ---- | M] (Conexant) - C:\WINDOWS\system32\drivers\mdmxsdk.sys

(NAVENG) NAVENG [On_Demand | Running]
[08/20/2008 01:00 AM | 00,089,104 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080822.003\NAVENG.SYS

(NAVEX15) NAVEX15 [On_Demand | Running]
[08/20/2008 01:00 AM | 00,873,552 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\VirusDefs\20080822.003\NAVEX15.SYS

(ndsdatamax) ndsdatamax [On_Demand | Stopped]
[02/08/2007 05:45 AM | 00,029,184 | R--- | M] (Thesycon GmbH, Germany) - C:\WINDOWS\system32\drivers\ndsdatamax.sys

(nv) nv [On_Demand | Running]
[11/03/2003 01:46 PM | 01,330,940 | ---- | M] (NVIDIA Corporation) - C:\WINDOWS\system32\drivers\nv4_mini.sys

(OMCI) OMCI [System | Running]
[08/22/2001 08:42 AM | 00,013,632 | ---- | M] (Dell Computer Corporation) - C:\WINDOWS\system32\drivers\omci.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running]
[07/16/2003 01:42 PM | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) - C:\WINDOWS\system32\drivers\ptilink.sys

(PxHelp20) PxHelp20 [Boot | Running]
[07/26/2007 03:00 AM | 00,043,872 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\pxhelp20.sys

(Secdrv) Secdrv [Auto | Running]
[10/13/2007 02:19 PM | 00,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) - C:\WINDOWS\system32\drivers\secdrv.sys

(sfdrv01) StarForce Protection Environment Driver (version 1.x) [Boot | Running]
[01/14/2005 09:14 AM | 00,047,616 | ---- | M] (Protection Technology) - C:\WINDOWS\system32\drivers\sfdrv01.sys

(sfhlp02) StarForce Protection Helper Driver (version 2.x) [Boot | Running]
[10/28/2004 03:47 AM | 00,006,656 | ---- | M] (Protection Technology) - C:\WINDOWS\system32\drivers\sfhlp02.sys

(smwdm) smwdm [On_Demand | Running]
[05/06/2003 09:14 AM | 00,580,992 | ---- | M] (Analog Devices, Inc.) - C:\WINDOWS\system32\drivers\smwdm.sys

(SPBBCDrv) SPBBCDrv [System | Running]
[04/14/2007 02:49 AM | 00,418,104 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys

(SRTSP) SRTSP [On_Demand | Running]
[12/01/2007 12:57 AM | 00,279,088 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\srtsp.sys

(SRTSPL) SRTSPL [On_Demand | Stopped]
[12/01/2007 12:57 AM | 00,317,616 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\srtspl.sys

(SRTSPX) SRTSPX [System | Running]
[12/01/2007 12:57 AM | 00,043,696 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\srtspx.sys

(sscdbhk5) sscdbhk5 [System | Running]
[07/14/2003 11:28 AM | 00,005,621 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\sscdbhk5.sys

(ssrtln) ssrtln [System | Running]
[07/14/2003 11:28 AM | 00,023,219 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\drivers\ssrtln.sys

(SYMDNS) SYMDNS [On_Demand | Running]
[01/09/2007 03:32 PM | 00,012,984 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symdns.sys

(SymEvent) SymEvent [On_Demand | Running]
[05/30/2008 02:02 PM | 00,123,952 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\SYMEVENT.SYS

(SYMFW) SYMFW [On_Demand | Running]
[01/09/2007 03:32 PM | 00,145,976 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symfw.sys

(SYMIDS) SYMIDS [On_Demand | Running]
[01/09/2007 03:32 PM | 00,040,120 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symids.sys

(SYMIDSCO) SYMIDSCO [On_Demand | Running]
[02/13/2008 09:18 AM | 00,240,496 | ---- | M] (Symantec Corporation) - C:\Program Files\Common Files\Symantec Shared\SymcData\idsdefs\20080813.002\SymIDSco.sys

(SYMNDIS) SYMNDIS [On_Demand | Running]
[01/09/2007 03:32 PM | 00,035,256 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symndis.sys

(SYMREDRV) SYMREDRV [On_Demand | Running]
[01/09/2007 03:32 PM | 00,027,576 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symredrv.sys

(SYMTDI) SYMTDI [System | Running]
[01/09/2007 03:32 PM | 00,191,544 | ---- | M] (Symantec Corporation) - C:\WINDOWS\system32\drivers\symtdi.sys

(tfsnboio) tfsnboio [Auto | Running]
[08/06/2003 01:04 AM | 00,025,685 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnboio.sys

(tfsncofs) tfsncofs [Auto | Running]
[08/06/2003 01:04 AM | 00,034,837 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsncofs.sys

(tfsndrct) tfsndrct [Auto | Running]
[08/06/2003 01:04 AM | 00,004,117 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsndrct.sys

(tfsndres) tfsndres [Auto | Running]
[08/06/2003 01:04 AM | 00,002,233 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsndres.sys

(tfsnifs) tfsnifs [Auto | Running]
[08/06/2003 01:04 AM | 00,083,284 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnifs.sys

(tfsnopio) tfsnopio [Auto | Running]
[08/06/2003 01:04 AM | 00,014,229 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnopio.sys

(tfsnpool) tfsnpool [Auto | Running]
[08/06/2003 01:04 AM | 00,006,357 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnpool.sys

(tfsnudf) tfsnudf [Auto | Running]
[08/06/2003 01:04 AM | 00,098,068 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnudf.sys

(tfsnudfa) tfsnudfa [Auto | Running]
[08/06/2003 01:04 AM | 00,100,373 | ---- | M] (Sonic Solutions) - C:\WINDOWS\system32\dla\tfsnudfa.sys

(USBAAPL) Apple Mobile USB Driver [On_Demand | Stopped]
[07/10/2008 09:35 AM | 00,032,000 | ---- | M] (Apple, Inc.) - C:\WINDOWS\system32\drivers\usbaapl.sys

(usbbus) LGE CDMA Composite USB Device [On_Demand | Stopped]
[05/26/2005 12:01 PM | 00,021,344 | ---- | M] (LG Electronics Inc.) - C:\WINDOWS\system32\drivers\lgusbbus.sys

(UsbDiag) LGE CDMA USB Serial Port [On_Demand | Stopped]
[05/26/2005 12:01 PM | 00,038,144 | ---- | M] (LG Electronics Inc.) - C:\WINDOWS\system32\drivers\lgusbdiag.sys

(USBModem) LGE CDMA USB Modem [On_Demand | Stopped]
[06/24/2005 07:36 PM | 00,039,036 | ---- | M] (LG Electronics Inc.) - C:\WINDOWS\system32\drivers\lgusbmodem.sys

(VVBETHERNET) Broadband Blaster 8012U Ethernet Driver [On_Demand | Stopped]
[01/28/2002 01:05 PM | 00,015,878 | ---- | M] (Creative Technology, Ltd.) - C:\WINDOWS\system32\drivers\vvbeth.sys

(vvbususb) Broadband Blaster 8012U USB [On_Demand | Stopped]
[01/28/2002 01:05 PM | 00,051,448 | ---- | M] (Creative Technology, Ltd.) - C:\WINDOWS\system32\drivers\vvbususb.sys

(wanatw) WAN Miniport (ATW) [On_Demand | Running]
[01/10/2003 02:13 PM | 00,033,588 | R--- | M] (America Online, Inc.) - C:\WINDOWS\system32\drivers\wanatw4.sys

(winachsf) winachsf [On_Demand | Running]
[07/02/2003 08:25 AM | 00,631,680 | ---- | M] (Conexant Systems, Inc.) - C:\WINDOWS\system32\drivers\HSF_CNXT.sys

===== Run Keys =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"" = File not found
"AppleSyncNotifier" = C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [07/10/2008 09:47 AM | 00,116,040 | ---- | M] (Apple Inc.)
"ccApp" = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/09/2007 10:59 PM | 00,115,816 | ---- | M] (Symantec Corporation)
"HostManager" = C:\Program Files\Common Files\AOL\1129387580\ee\AOLSoftware.exe [04/12/2007 02:23 PM | 00,042,032 | ---- | M] (AOL LLC)
"iTunesHelper" = "C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM | 00,267,048 | ---- | M] (Apple Inc.)
"NapsterShell" = C:\Program Files\Napster\napster.exe /systray [05/29/2008 05:18 PM | 00,323,216 | ---- | M] (Napster)
"NeroFilterCheck" = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [01/12/2006 05:40 PM | 00,155,648 | ---- | M] (Nero AG)
"NvCplDaemon" = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup [11/03/2003 01:46 PM | 04,800,512 | ---- | M] (NVIDIA Corporation)
"NWEReboot" = File not found
"QuickTime Task" = "C:\Program Files\QuickTime\qttask.exe" -atboottime [03/28/2008 11:37 PM | 00,413,696 | ---- | M] (Apple Inc.)
"SunJavaUpdateSched" = "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"Symantec PIF AlertEng" = "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" [01/29/2008 06:38 PM | 00,583,048 | ---- | M] (Symantec Corporation)
"YBrowser" = C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe [07/21/2006 04:19 PM | 00,129,536 | ---- | M] (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed" = 1
"NoChange" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"" = File not found
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}" = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [06/01/2006 02:32 PM | 00,094,208 | ---- | M] (Nero AG)
"d0v8RgeEj" = adsstrm.exe File not found
"swg" = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [05/30/2007 09:26 AM | 00,068,856 | ---- | M] (Google Inc.)
"Yahoo! Pager" = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet [06/07/2007 02:08 PM | 04,670,968 | ---- | M] (Yahoo! Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" =
"run" = Reg Error: Value run does not exist or could not be read.

===== Startup Folders =====

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[11/04/1999 04:06 PM | 00,113,664 | ---- | M] (Adobe Systems, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[12/14/2004 05:44 AM | 00,029,696 | ---- | M] (Adobe Systems Incorporated) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[05/07/2004 04:53 PM | 00,156,784 | -H-- | M] (America Online, Inc.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe

[Ralph Startup Folder - C:\Documents and Settings\Ralph\Start Menu\Programs\Startup]

===== BHO's =====

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
HKLM CLSID: (Yahoo! Toolbar Helper) - [06/07/2006 11:09 AM | 00,399,352 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
HKLM CLSID: (Reg Error: Value does not exist or could not be read.) - [02/18/2007 08:22 PM | 00,097,960 | R--- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
HKLM CLSID: (Yahoo! IE Services Button) - [10/31/2006 03:33 PM | 00,198,136 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\common\yiesrvc.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [02/22/2008 04:25 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77701e16-9bfe-4b63-a5b4-7bd156758a37}]
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}]
HKLM CLSID: (AOL Toolbar Launcher) - [08/02/2005 11:41 AM | 00,524,288 | ---- | M] (America Online, Inc.) C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
HKLM CLSID: (Google Toolbar Helper) - [04/05/2007 12:19 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
HKLM CLSID: (Google Toolbar Notifier BHO) - [04/06/2008 12:33 AM | 00,734,704 | ---- | M] (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D}]
HKLM CLSID: (SidebarAutoLaunch Class) - [02/03/2005 05:07 PM | 00,124,032 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll

===== Toolbars =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [04/05/2007 12:19 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{90222687-F593-4738-B738-FBEE9C7B26DF}"
HKLM CLSID: (Show Norton Toolbar) - [02/18/2007 08:23 PM | 00,609,424 | R--- | M] (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{DE9C389F-3316-41A7-809B-AA305ED9D922}"
HKLM CLSID: (AOL Toolbar) - [08/02/2005 11:41 AM | 00,524,288 | ---- | M] (America Online, Inc.) C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [06/07/2006 11:09 AM | 00,399,352 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]

"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
HKLM CLSID: (&Google) - [04/05/2007 12:19 PM | 02,403,392 | R--- | M] (Google Inc.) c:\Program Files\Google\GoogleToolbar1.dll

"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}"
HKLM CLSID: (Reg Error: Key does not exist or could not be opened.) - File not found Reg Error: Key does not exist or could not be opened.

"{4982D40A-C53B-4615-B15B-B5B5E98D167C}"
HKLM CLSID: (AOL Toolbar) - File not found C:\Program Files\AOL Toolbar\toolbar.dll

"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"
HKLM CLSID: (Yahoo! Toolbar) - [06/07/2006 11:09 AM | 00,399,352 | ---- | M] (Yahoo! Inc.) C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

===== Policies =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum]
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}" = 1
"{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF}" = 1073741857
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}" = 32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername" = 0
"legalnoticecaption" =
"legalnoticetext" =
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 145

===== Desktop Components =====

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"FriendlyName" = "My Current Home Page"
"Source" = "About:Home"
"SubscribedURL" = "About:Home"

===== Shared Task Scheduler =====

===== AppInit_Dlls =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls]
" " - File not found

===== Lsa Authentication Packages =====

===== Lsa Security Packages =====

===== Authorized Applications List =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe [07/29/2006 08:34 PM | 05,354,792 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe [07/29/2006 07:16 PM | 01,002,280 | ---- | M] (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe [08/01/2006 04:35 PM | 00,067,112 | ---- | M] (America Online, Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe [06/20/2006 10:36 PM | 00,187,176 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe [06/20/2006 10:36 PM | 01,207,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe [06/20/2006 10:36 PM | 01,977,128 | ---- | M] (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe [07/29/2006 08:34 PM | 05,354,792 | ---- | M] (Microsoft Corporation)
"C:\Program Files\MSN Messenger\msncall.exe" = C:\Program Files\MSN Messenger\msncall.exe [07/29/2006 07:16 PM | 01,002,280 | ---- | M] (Microsoft Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe [08/01/2006 04:35 PM | 00,067,112 | ---- | M] (America Online, Inc.)
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe [06/20/2006 10:36 PM | 00,187,176 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe [06/20/2006 10:36 PM | 01,207,080 | ---- | M] (Microsoft Corporation)
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe [06/20/2006 10:36 PM | 01,977,128 | ---- | M] (Microsoft Corporation)

===== HKLM Winlogon Settings =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
"Explorer.exe" - [08/04/2004 12:56 AM | 01,032,192 | ---- | M] (Microsoft Corporation) C:\WINDOWS\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System]
"csbvl.exe" - File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
"C:\WINDOWS\system32\userinit.exe" - [08/04/2004 12:56 AM | 00,024,576 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
"logonui.exe" - [08/04/2004 12:56 AM | 00,514,560 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
"rundll32 shell32" - [08/04/2004 12:56 AM | 08,384,000 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
"Control_RunDLL "sysdm.cpl"" - [08/04/2004 12:56 AM | 00,298,496 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

===== User's Winlogon Settings =====

===== Winlogon Notify Settings =====

===== Safeboot Options =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

===== Disabled MsConfig Items =====

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state]

===== DNS Name Servers =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{165604B8-07F0-4E96-B5F3-21E521AD1DE0}]
Servers: | Description: Intel® PRO/100 VE Network Connection

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{45A3F429-BA00-4CBA-81D4-558A0B0D09DF}]
Servers: | Description:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{7E8053AA-7888-47DA-8FCA-6D72D3A3AD64}]
Servers: | Description: 1394 Net Adapter

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{88E7B7DE-3E2B-43CD-8CDC-6166082A3243}]
Servers: | Description: Broadband Blaster 8012U Gateway

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{9A982D2E-97AB-4F5F-B46D-CEA9126B7719}]
Servers: | Description: Windows Mobile-based Device

===== CDRom AutoRun Settings =====

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"DependOnGroup" = SCSI miniport;
"ErrorControl" = 1
"Group" = SCSI CDROM Class
"Start" = 1
"Tag" = 2
"Type" = 1
"DisplayName" = CD-ROM Driver
"ImagePath" = C:\WINDOWS\system32\drivers\cdrom.sys [08/03/2004 10:59 PM | 00,049,536 | ---- | M] (Microsoft Corporation)
"AutoRun" = 1
"AutoRunAlwaysDisable" = NEC MBR-7 ;NEC MBR-7.4 ;PIONEER CHANGR DRM-1804X;PIONEER CD-ROM DRM-6324X;PIONEER CD-ROM DRM-624X ;TORiSAN CD-ROM CDR_C36;

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\Enum]
"0" = IDE\CdRom_NEC_DVD+RW_ND-2100AD___________________103D____\5&33fcab6&0&0.0.0
"Count" = 1
"NextInstance" = 1

===== CDRom AutoRun Settings =====

===== MountPoints2 =====

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F]
"BaseClass" = Drive

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G]
"BaseClass" = Drive

===== Hosts File =====

HOSTS File = (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
localhost 127.0.0.1

[Files/Folders - Created Within 30 days]
[08/22/2008 12:29 PM | ---D | C] - C:\Config.Msi
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/22/2008 02:28 PM | ---D | C] - C:\WINDOWS\ERDNT
[08/12/2008 01:56 PM | 00,001,409 | ---- | M] () - C:\WINDOWS\QTFont.for
[08/22/2008 03:05 PM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/22/2008 02:30 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[07/26/2008 12:27 PM | ---D | C] - C:\Documents and Settings\Ralph\Application Data\InstallShield
[08/22/2008 02:30 PM | ---D | C] - C:\Documents and Settings\Ralph\Application Data\Malwarebytes
[08/12/2008 07:45 AM | ---D | C] - C:\Documents and Settings\Ralph\My Documents\La Paz 2008
[08/04/2008 07:45 AM | ---D | C] - C:\Documents and Settings\Ralph\My Documents\timhawkinsguitar
[08/04/2008 07:44 AM | 06,790,099 | ---- | M] () - C:\Documents and Settings\Ralph\My Documents\timhawkinsguitar.zip
[08/22/2008 02:30 PM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[07/26/2008 12:36 PM | 00,001,544 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Napster.lnk
[08/22/2008 02:41 PM | 00,128,512 | ---- | M] () - C:\Documents and Settings\Ralph\Desktop\directions for virus.doc
[08/22/2008 02:28 PM | 00,000,592 | ---- | M] () - C:\Documents and Settings\Ralph\Desktop\ERUNT.lnk
[08/22/2008 08:51 PM | 00,024,064 | ---- | M] () - C:\Documents and Settings\Ralph\Desktop\Find AWF report by noahdfear.doc
[08/22/2008 09:06 PM | 00,189,750 | ---- | M] (noahdfear ) - C:\Documents and Settings\Ralph\Desktop\FindAWF.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\FindAWF.exe:Zone.Identifier
[08/22/2008 02:15 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\Ralph\Desktop\HijackThis.lnk
[08/22/2008 12:15 PM | 00,812,344 | ---- | M] (Trend Micro Inc.) - C:\Documents and Settings\Ralph\Desktop\HJTInstall.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier
[08/22/2008 02:59 PM | 00,005,995 | ---- | M] () - C:\Documents and Settings\Ralph\Desktop\malware log
[08/22/2008 02:28 PM | 00,000,611 | ---- | M] () - C:\Documents and Settings\Ralph\Desktop\NTREGOPT.lnk
[08/22/2008 09:28 PM | 01,398,784 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Ralph\Desktop\OTViewIt.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTViewIt.exe:Zone.Identifier
[08/22/2008 02:29 PM | ---D | C] - C:\Program Files\Common Files\Download Manager
[07/26/2008 12:35 PM | ---D | C] - C:\Program Files\Common Files\Napster Shared
[07/26/2008 12:35 PM | ---D | C] - C:\Program Files\Common Files\Roxio Shared
[07/24/2008 10:20 AM | ---D | C] - C:\Program Files\AIM6
[08/22/2008 02:28 PM | ---D | C] - C:\Program Files\ERUNT
[08/22/2008 02:30 PM | ---D | C] - C:\Program Files\Malwarebytes' Anti-Malware
[07/26/2008 12:50 PM | ---D | C] - C:\Program Files\Napster
[08/22/2008 12:15 PM | ---D | C] - C:\Program Files\Trend Micro

[Files/Folders - Modified Within 30 days]
[08/22/2008 12:29 PM | ---D | M] - C:\Config.Msi
[08/22/2008 02:59 PM | ---D | M] - C:\Program Files
[07/26/2008 12:26 PM | 00,000,268 | -H-- | M] () - C:\sqmdata13.sqm
[08/12/2008 07:26 AM | 00,000,268 | -H-- | M] () - C:\sqmdata14.sqm
[07/26/2008 12:26 PM | 00,000,244 | -H-- | M] () - C:\sqmnoopt14.sqm
[08/12/2008 07:26 AM | 00,000,244 | -H-- | M] () - C:\sqmnoopt15.sqm
[08/22/2008 02:28 PM | ---D | M] - C:\WINDOWS
[07/30/2008 05:28 PM | 00,010,537 | ---- | M] () - C:\WINDOWS\System32\drivers\COH_Mon.cat
[07/30/2008 05:28 PM | 00,000,706 | ---- | M] () - C:\WINDOWS\System32\drivers\COH_Mon.inf
[07/30/2008 05:42 PM | 00,023,888 | ---- | M] (Symantec Corporation) - C:\WINDOWS\System32\drivers\COH_Mon.sys
[08/22/2008 11:42 AM | ---D | M] - C:\WINDOWS\System32\drivers\etc
[08/17/2008 03:01 PM | 00,017,144 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbam.sys
[08/17/2008 03:01 PM | 00,038,472 | ---- | M] (Malwarebytes Corporation) - C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[08/22/2008 03:24 PM | ---D | M] - C:\WINDOWS\System32\CatRoot2
[1 C:\WINDOWS\System32\*.tmp files]
[08/22/2008 03:03 PM | ---D | M] - C:\WINDOWS\System32\drivers
[08/22/2008 03:04 PM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[08/14/2008 09:27 AM | 00,028,588 | ---- | M] () - C:\WINDOWS\cdplayer.ini
[08/19/2008 11:53 PM | 00,001,033 | ---- | M] () - C:\WINDOWS\DELLSTAT.INI
[08/22/2008 12:10 PM | --SD | M] - C:\WINDOWS\Downloaded Program Files
[08/22/2008 02:28 PM | ---D | M] - C:\WINDOWS\ERDNT
[07/26/2008 12:35 PM | -H-D | M] - C:\WINDOWS\inf
[08/22/2008 08:40 PM | -HSD | M] - C:\WINDOWS\Installer
[08/18/2008 08:05 AM | 00,000,116 | ---- | M] () - C:\WINDOWS\NeroDigital.ini
[08/22/2008 09:15 PM | ---D | M] - C:\WINDOWS\Prefetch
[08/12/2008 01:56 PM | 00,001,409 | ---- | M] () - C:\WINDOWS\QTFont.for
[08/22/2008 03:05 PM | 00,054,156 | -H-- | M] () - C:\WINDOWS\QTFont.qfn
[08/22/2008 03:03 PM | ---D | M] - C:\WINDOWS\system32
[08/22/2008 09:06 PM | ---D | M] - C:\WINDOWS\Temp
[08/20/2008 10:51 AM | 00,000,717 | ---- | M] () - C:\WINDOWS\win.ini
[08/14/2008 10:27 PM | 00,000,284 | ---- | M] () - C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[08/22/2008 03:04 PM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/22/2008 02:30 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Malwarebytes
[07/26/2008 12:35 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Napster
[08/22/2008 08:47 PM | ---D | M] - C:\Documents and Settings\All Users\Application Data\Symantec
[07/28/2008 10:41 PM | ---D | M] - C:\Documents and Settings\Ralph\Application Data\Apple Computer
[07/26/2008 12:27 PM | ---D | M] - C:\Documents and Settings\Ralph\Application Data\InstallShield
[08/22/2008 02:30 PM | ---D | M] - C:\Documents and Settings\Ralph\Application Data\Malwarebytes
[07/24/2008 11:43 PM | ---D | M] - C:\Documents and Settings\Ralph\Local Settings\Application Data\Apple Computer
[08/04/2008 07:45 AM | 00,042,496 | ---- | M] () - C:\Documents and Settings\Ralph\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/12/2008 07:45 AM | ---D | M] - C:\Documents and Settings\Ralph\My Documents\La Paz 2008
[08/07/2008 10:29 AM | R--D | M] - C:\Documents and Settings\Ralph\My Documents\My Music
[08/17/2008 04:24 PM | R--D | M] - C:\Documents and Settings\Ralph\My Documents\My Pictures
[07/28/2008 10:39 PM | ---D | M] - C:\Documents and Settings\Ralph\My Documents\MySpaceIM Pics
[07/28/2008 10:40 PM | 00,355,840 | -HS- | M] () - C:\Documents and Settings\Ralph\My Documents\Thumbs.db
@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
[08/04/2008 07:45 AM | ---D | M] - C:\Documents and Settings\Ralph\My Documents\timhawkinsguitar
[08/04/2008 07:44 AM | 06,790,099 | ---- | M] () - C:\Documents and Settings\Ralph\My Documents\timhawkinsguitar.zip
[08/12/2008 02:37 PM | 00,002,137 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[08/22/2008 02:30 PM | 00,000,696 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[07/26/2008 12:36 PM | 00,001,544 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Napster.lnk
[08/22/2008 02:41 PM | 00,128,512 | ---- | M] () - C:\Documents and Settings\Ralph\Desktop\directions for virus.doc
[08/22/2008 02:28 PM | 00,000,592 | ---- | M] () - C:\Documents and Settings\Ralph\Desktop\ERUNT.lnk
[08/22/2008 08:51 PM | 00,024,064 | ---- | M] () - C:\Documents and Settings\Ralph\Desktop\Find AWF report by noahdfear.doc
[08/22/2008 09:06 PM | 00,189,750 | ---- | M] (noahdfear ) - C:\Documents and Settings\Ralph\Desktop\FindAWF.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\FindAWF.exe:Zone.Identifier
[08/22/2008 02:15 PM | 00,001,734 | ---- | M] () - C:\Documents and Settings\Ralph\Desktop\HijackThis.lnk
[08/22/2008 12:15 PM | 00,812,344 | ---- | M] (Trend Micro Inc.) - C:\Documents and Settings\Ralph\Desktop\HJTInstall.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\HJTInstall.exe:Zone.Identifier
[08/22/2008 02:59 PM | 00,005,995 | ---- | M] () - C:\Documents and Settings\Ralph\Desktop\malware log
[08/22/2008 08:37 PM | 00,005,444 | ---- | M] () - C:\Documents and Settings\Ralph\Desktop\MSN.com.url
@Alternate Data Stream - 1406 bytes -> %UserProfile%\Desktop\MSN.com.url:favicon
[08/22/2008 02:28 PM | 00,000,611 | ---- | M] () - C:\Documents and Settings\Ralph\Desktop\NTREGOPT.lnk
[08/22/2008 09:28 PM | 01,398,784 | ---- | M] (OldTimer Tools) - C:\Documents and Settings\Ralph\Desktop\OTViewIt.exe
@Alternate Data Stream - 26 bytes -> %UserProfile%\Desktop\OTViewIt.exe:Zone.Identifier
[08/22/2008 02:29 PM | ---D | M] - C:\Program Files\Common Files\Download Manager
[07/30/2008 06:04 PM | ---D | M] - C:\Program Files\Common Files\Microsoft Shared
[07/26/2008 12:35 PM | ---D | M] - C:\Program Files\Common Files\Napster Shared
[07/26/2008 12:35 PM | ---D | M] - C:\Program Files\Common Files\Roxio Shared
[08/22/2008 12:48 PM | ---D | M] - C:\Program Files\Common Files\Symantec Shared

< End of report >

#8
kahdah

Posted 23 August 2008 - 05:48 AM

GeekU Teacher

Retired Staff
15,822 posts

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:regedit /e c:\registrybackup.reg
Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.

Please open up Notepad and copy all of the items in the code box below.
Change the "Save As Type" to "All Files". Save it as fixthis.reg on your Desktop.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"d0v8RgeEj"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System]
"csbvl.exe"=-

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

Now double-click fixthis.reg.
A window will come up asking if you want to let it merge with the registry.
Click yes.
============
Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
==============================================
Please do a scan with Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Click on the Accept button and install any components it needs.

The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer
This will start the program and scan your system.
The scan will take a while, so be patient and let it run.
Once the scan is complete, click on View scan report
Now, click on the Save Report as button.
Save the file to your desktop.
Copy and paste that information in your next post.

#9
rstevens01

Posted 23 August 2008 - 02:31 PM

Member

Topic Starter
Member
30 posts

Here is the Kaspersky printout.

KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, August 23, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Saturday, August 23, 2008 13:54:09
Records in database: 1133192

Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\

Scan statistics
Files scanned 129432
Threat name 111
Infected objects 2533
Suspicious objects 10
Duration of the scan 03:18:15

File name Threat name Threats count
C:\Documents and Settings\Rauni\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-33085980.zip Infected: Exploit.Java.Gimsh.b 1

C:\Documents and Settings\Rauni\Desktop\Download programs.exe Infected: Backdoor.Win32.Hupigon.aoyr 1

C:\Documents and Settings\Reilly\Application Data\Sun\Java\Deployment\cache\6.0\35\362cfe3-3769f9d3 Infected: Trojan-Downloader.Java.OpenStream.ac 1

C:\Documents and Settings\Reilly\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-32544273 Infected: Exploit.Java.Gimsh.a 1

C:\Documents and Settings\Reilly\Application Data\Sun\Java\Deployment\cache\6.0\52\1c9644b4-4ea74c21 Infected: Exploit.Java.Gimsh.b 1

C:\Documents and Settings\Reilly\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-4d22c4b9.zip Infected: Exploit.Java.Gimsh.a 1

C:\Documents and Settings\Reilly\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-3d586e9d.zip Infected: Exploit.Java.Gimsh.b 1

C:\Documents and Settings\Reilly\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-16ec03c1-3e76d056.zip Infected: Trojan-Downloader.Java.OpenStream.ac 1

C:\Documents and Settings\Ryan\Desktop\comp ish\Azureus_2.1.0.4_Win32.setup.exe Infected: Trojan.Win32.Qrap 1

C:\Documents and Settings\Ryan\Desktop\comp ish\Azureus_2.1.0.4_Win32.setup.exe Infected: Trojan.Win32.Pakes 1

C:\Documents and Settings\Ryan\Desktop\comp ish\l2mfix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\Ryan\Desktop\comp ish\l2mfix.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1

C:\Documents and Settings\Ryan\My Documents\mirc614.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1

C:\Program Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.614 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\094B153E Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\095E7BEA.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\09693E88.htm Infected: Exploit.HTML.CodeBaseExec 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\09974A17.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\09974A17.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\099C7A38.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\099F26D5.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\09A250D2.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\09A57ACE.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\09A824CA.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\09AB734C.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\09AC4EC7.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\09AF78C3.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\09B222C0.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\09B64CBC.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\09B90E12 Infected: Trojan-Downloader.Win32.Wintool.a 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\09B976B8.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\09BC20B5.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\09BF4AB1.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\09C374AE.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\09CC1728.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\09CF21B6.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\09FE2ACC.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0A013311.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0A061DDC.htm Infected: Exploit.HTML.CodeBaseExec 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0A2E594C.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0A3C30A8.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0A4A23C1.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0A6E522C.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0A6F366E.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0A8F0B47.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0AA946FD.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0AAC70F9.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0ABA44F8.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0AE52A3A.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0AEC756B.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0AF96593 Infected: not-a-virus:AdWare.Win32.WinFetcher.b 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0AF96593 Infected: not-a-virus:AdWare.Win32.WinFetcher.c 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0B242889.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0B3179EA.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0B382624 Infected: not-a-virus:AdWare.Win32.SideFind 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0B40498E.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0B575007.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0B7241A2.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0B7A024F.class Infected: Trojan.Java.ClassLoader.ac 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0B7E2C4B.class Infected: Trojan.Java.Nocheat 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0BAD50F2.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0BD25212.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0BD4389E.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0BF6007D.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0BFA543A.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0BFA543A.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0BFB5C59.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0BFE767E.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0BFE767E.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0C083A33.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0C1012EC.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0C172D1F.bin Infected: Trojan.Win32.StartPage.uh 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0C1E3B2B Infected: Trojan-Downloader.Win32.Wintool.a 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0C44131B Infected: Trojan.Win32.Pakes 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0C473D18 Infected: Trojan-Downloader.Win32.Apropo.ai 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0C4B6714 Infected: Trojan-Downloader.Win32.Apropo.bd 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0C54650A Infected: Trojan.Win32.Pakes 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0C580F06 Infected: Trojan-Downloader.Win32.Agent.ae 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0C624A70.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0C624A70.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0C646849.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0C653D72.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0C6A25C7.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0C6D588B.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0C6E663E.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0C7D7D83.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0C7E2369.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0C7E2369.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0CA2636C.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0CAA111F.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0CAC56D9.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0CBE79E9.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0CC5063F.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0CC72A18.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0CCA5414.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0CDF7E58.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0D3E32B9.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0D3E32B9.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0D5A0063.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0D7850D1.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0D7D6E51.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0D7D6E51.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0D7E2ECE.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0D8718E9.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0DA272A2.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0DB44CD8.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0DB44CD8.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0DDD16A0.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0DE0409D.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0DF25418.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0DF506DC.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0DF93E8B.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0DFF7BE0.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0DFF7BE0.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0E0671BA.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0E090364 Infected: Virus.Win32.Porad.a 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0E0A029A.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0E1917BC.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0E1917BC.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0E2A14E8.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0E2E3274 Infected: Trojan-Clicker.Win32.Femac.e 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0E33052A.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0E3A1E23.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0E437E3E.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0E4F5C42.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0E572343.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0E572343.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0E5C3DF8.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0E616955.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0E616955.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0E672CA9.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0E70540E.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0E7F588A.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0E886ADB.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0E8F30F5.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0EB409DF.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0EBA59FD.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0EC02043.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0EDC0857.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0EDC0857.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0EE12EB3.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0EF56923.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0EF56923.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0EF7023C.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0EFB1402.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F027989.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F042653.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F0511F7.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F065D1E.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F0F7A43 Infected: Virus.Win32.Porad.a 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F16172B.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F17223D.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F2905E0.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F2D2FDC.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F2F088A.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F2F088A.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F2F74EF.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F2F74EF.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F3C0554.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F470CF5.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F4B09A6.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F4C0064 Infected: Trojan-Downloader.Win32.Wintool.a 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F5338EE.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F5C13F2.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F75704B Infected: Trojan-Downloader.Win32.Wintool.f 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F7D352D.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F84005E.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F882167.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F8A5456.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0F9D5BAA.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0FAA039B.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0FAC1E18.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0FAC1E18.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0FBB337B.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0FCA2C8F.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0FDF2362.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0FE95B6C.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0FEC0568.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0FEF5AFA.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0FF17925.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0FF17925.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0FF30AF1.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0FF72986.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0FF72986.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0FF97345.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0FFB2C32.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\0FFB2C32.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\100D64CA Infected: Trojan.Win32.Dialer.ce 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\101308C0 Infected: Trojan-Downloader.Win32.Wintool.a 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\10206B1A.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\102D130C.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\103552A9.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\103D28E9.class Infected: Trojan.Java.ClassLoader.i 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\104152E5.class Infected: Trojan.Java.ClassLoader.k 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\105A267C.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\10645CCE.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\10695D04.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\10761A61.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\107B02B5.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\108422B9.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\108E0B6F.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\1096297A.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\1096297A.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\10A62487.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\10B0227C.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\10B76219.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\10BE4306.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\10BE4306.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\10E710C2.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\10F929D1.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\10FF0874.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\10FF0874.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\110230B9.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\1105637D.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\1119226F.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\1119226F.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\112B4F04.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\113D1B86.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\114A35C4.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\11525ADF.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\115C7FDE.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\116327B6.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\1165057C.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\11753F60.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\11753F60.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\1177094A.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\117E633E.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\1197477D.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\11A8196B.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\11B40D53.class Infected: Trojan.Java.ClassLoader.Dummy.d 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\11C0158C.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\11C0158C.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\11C02AF6.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\11E3751E.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\11E96123.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\11F10B55.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\11F93311.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\11FB44C6.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\11FB44C6.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\121539C0.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\1222168A.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\122A28DB.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\12414EC2.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\124F19A5.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\12633304.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\12633304.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\126C035C.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\126C7093.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\127A0429.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\127C4281.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\128A6696.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\128D11CE.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\12903303.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\12AD384B.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\12B73640.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\12BB4BE1.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\12CB101C.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\12DA0930.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\12EE0003.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\12F62F77.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\12FB27F5.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\12FD1399.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\12FE379B.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\130749EC.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\132D74A0.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\132D74A0.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\133047BB.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\134E648D.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\136C271F.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\136E2539.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\136F4232.class Infected: Trojan.Java.ClassLoader.k 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\13714F35.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\13747931.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\13747931.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\137939A6.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\138D32EF.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\138D32EF.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\139D6811.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\139F6E0A.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\13A046E6.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\13AF2D2F.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\13CB35C6 Infected: not-a-virus:AdWare.Win32.180Solutions 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\13CD639A.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\13D00D96.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\13D839EC.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\13E86297.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\13FC1FA6.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\140F34AC.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\141442C0.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\14153757.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\1415401F.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\1416205C.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\1416205C.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\141644B5.class Infected: Trojan.Java.ClassLoader.ac 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\14533E6D.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\14596A5D.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\145C5E71.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\14623781.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\146E65F0.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\14710FED.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\14714600.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\147439E9.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\147439E9.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\147863E6.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\147863E6.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\148665EC.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\14A7241E.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\14AD293F.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\14BB2009.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\14DA5FA4.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\14DA5FA4.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\14DD45D9.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\14E16FD6.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\14E217DD.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\14E62D7E.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\14EB01D0.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\14EE2BCC.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\14FB13D1.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\14FF0B42.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\150167F6.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\1503353F.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\15251661.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\15287537.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\152A338E.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\152F2370.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\153B5C5E.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\153B5C5E.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\154663AD.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\15577F5C.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\158F491F.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\159B51FA Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\159C6E70.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\159C7111.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\159D65A8.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\15C870A7.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\15CF5DBC.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\15D010D7.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\15DB6CBE.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\15DD38C9.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\15EA65D2.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\15F41498.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\160B3A7F.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\160E143D.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\1612588F.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\161B3B70.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\161F656C.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\16206A96.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\16206A96.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\16222A7D.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\16262B5B.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\16262B5B.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\16470EA4.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\16564A44.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\16636347.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\166560CC.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\166560CC.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\16773DA0.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\16773DA0.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\16891647.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\168A2192 Infected: not-a-virus:AdWare.Win32.WinFetcher.b 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\16946800.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\169C5565.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\169F7F62.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\16A355AD.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\16A355AD.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\16AB0DE6.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\16AD44B2.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\16C03F62.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\16C03F62.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\16C86222 Infected: Trojan-Downloader.Win32.IstBar.gn 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\16D1676A Infected: not-a-virus:AdWare.Win32.WinAD.f 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\16D62FB8.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\16DB5738.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\16E5552D.dll Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\16EB4467.DLL Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\1705788D.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\170E759E.dll Infected: not-a-virus:AdWare.Win32.SearchPage 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\171A216C.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\17216C49 Infected: Trojan.Win32.Pakes 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\17241646 Infected: Trojan-Downloader.Win32.Apropo.ai 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\17241CC0.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\17241F61.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\172513F9.dll Infected: Trojan.Win32.StartPage.uz 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\17284042 Infected: Trojan-Downloader.Win32.Apropo.bd 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\172B6A3E Infected: Trojan.Win32.Pakes 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\172E143B Infected: Trojan.Win32.Pakes 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\172E582A Infected: Trojan-Downloader.Win32.IstBar.gm 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\17313E37 Infected: Trojan-Downloader.JS.IstBar.k 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\173C001A.dll Infected: Trojan.Win32.StartPage.ld 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\17493E5D.bin Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\174D685A.dll Infected: Trojan.Win32.StartPage.vr 1

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\17550A6B.bin Infected: Trojan.Win32.StartPage.is 1

C:\RECYCLER\S-1-5-21-1417001333-1

#10
kahdah

Posted 23 August 2008 - 04:05 PM

GeekU Teacher

Retired Staff
15,822 posts

Hi some was cut off can you post the rest after this line:
C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\17550A6B.bin Infected: Trojan.Win32.StartPage.is 1

#11
rstevens01

Posted 23 August 2008 - 11:09 PM

Member

Topic Starter
Member
30 posts

I attacheched the whole fike. If it does not work, I will send it in parts. thanks.

Attached Files

KASPERSKY_ONLINE_SCANNER_7_REPORT.txt 347.22KB 106 downloads

#12
kahdah

Posted 24 August 2008 - 08:50 AM

GeekU Teacher

Retired Staff
15,822 posts

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately.
If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information,
please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions
to apprise them of your situation.

Please read this for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
==============================
Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\*.*
C:\Documents and Settings\Ryan\Desktop\comp ish\Azureus_2.1.0.4_Win32.setup.exe 
C:\Documents and Settings\Rauni\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-33085980.zip 
C:\Documents and Settings\Rauni\Desktop\Download programs.exe 
C:\Documents and Settings\Reilly\Application Data\Sun\Java\Deployment\cache\6.0\35\362cfe3-3769f9d3 
C:\Documents and Settings\Reilly\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-32544273 
C:\Documents and Settings\Reilly\Application Data\Sun\Java\Deployment\cache\6.0\52\1c9644b4-4ea74c21 
C:\Documents and Settings\Reilly\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-4d22c4b9.zip 
C:\Documents and Settings\Reilly\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-3d586e9d.zip 
C:\Documents and Settings\Reilly\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-16ec03c1-3e76d056.zip 
C:\Documents and Settings\Ryan\Desktop\comp ish\l2mfix

Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light Yellow bar) and choose Paste.
Click the red Moveit! button.
OTMoveit2 will create a log of moved files in the C:\_OTMoveIt\MovedFiles folder. The log's name will appear as the date and time it was created, with the format mmddyyyy_hhmmss.log. Open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
=============
POst the OT MOve it 2 log and a new Hijackthis log and let me know how things are runing?

#13
rstevens01

Posted 24 August 2008 - 09:03 AM

Member

Topic Starter
Member
30 posts

When i tried to move them, I got an error message the application or dll is not a valid windows image. can't close the error message.

#14
kahdah

Posted 24 August 2008 - 09:05 AM

GeekU Teacher

Retired Staff
15,822 posts

Let it sit if it continues try to manually restart the computer and try ti again.

#15
rstevens01

Posted 24 August 2008 - 09:30 AM

Member

Topic Starter
Member
30 posts

When I left off the first file from what you had me cut and paste

C:\RECYCLER\S-1-5-21-1417001333-117609710-839522115-1006\Dc2\Quarantine\*.*

move it ran and i got the following log. I kept getting the error message when it tried to move this file and could not get out of it.

C:\Documents and Settings\Ryan\Desktop\comp ish\Azureus_2.1.0.4_Win32.setup.exe moved successfully.
C:\Documents and Settings\Rauni\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-33085980.zip moved successfully.
C:\Documents and Settings\Rauni\Desktop\Download programs.exe moved successfully.
C:\Documents and Settings\Reilly\Application Data\Sun\Java\Deployment\cache\6.0\35\362cfe3-3769f9d3 moved successfully.
C:\Documents and Settings\Reilly\Application Data\Sun\Java\Deployment\cache\6.0\44\232f2a6c-32544273 moved successfully.
C:\Documents and Settings\Reilly\Application Data\Sun\Java\Deployment\cache\6.0\52\1c9644b4-4ea74c21 moved successfully.
C:\Documents and Settings\Reilly\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-51fad18-4d22c4b9.zip moved successfully.
C:\Documents and Settings\Reilly\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6d3811e3-3d586e9d.zip moved successfully.
C:\Documents and Settings\Reilly\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\OP.jar-16ec03c1-3e76d056.zip moved successfully.
C:\Documents and Settings\Ryan\Desktop\comp ish\l2mfix\regfixes moved successfully.
C:\Documents and Settings\Ryan\Desktop\comp ish\l2mfix\backregs moved successfully.
C:\Documents and Settings\Ryan\Desktop\comp ish\l2mfix moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08242008_082024

here is the HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:23:14 AM, on 8/24/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\1129387580\ee\AOLSoftware.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\System32\java.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_05\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129387580\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AT&T Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol....oach_core_1.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace....ploader1006.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1164169244406
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.co...loadControl.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX Control) - http://download.toon...3.16/ttinst.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file:///D:/MEMDISC/ALBUM_A/VIEW/PLUGIN/HPODPCFC.CAB
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.c...ers/play365.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abac...ent2.0.20.3.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitc...eInstallMSN.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13451 bytes