Hi Cretemonster
Find enclosed a new Hijack this Log,sysclaen Log,Ewido and Panda Log
Any Change?
Cheers joechess99
Hijack this Log
Logfile of HijackThis v1.99.1
Scan saved at 01:57:21, on 21/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\srvany.exe
C:\WINDOWS\system32\resetservice.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.ebay.co.uk/O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...all/xscan60.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: reset5 - C:\WINDOWS\SYSTEM32\reset5.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Mouse Hardware Sync (mousehs) - Unknown owner - C:\WINDOWS\System32\mousehs.exe (file missing)
O23 - Service: Reset 5 - Unknown owner - C:\WINDOWS\system32\srvany.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
Sysclean Log
/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
|
http://www.trendmicro.com |
\--------------------------------------------------------------/
2005-07-20, 22:28:31, Auto-clean mode specified.
2005-07-20, 22:28:31, Running scanner "C:\Documents and Settings\Joe\Desktop\sysclean\TSC.BIN"...
2005-07-20, 22:32:17, Scanner "C:\Documents and Settings\Joe\Desktop\sysclean\TSC.BIN" has finished running.
2005-07-20, 22:32:17, TSC Log:
Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: Service Pack 2)
Start time : Wed Jul 20 2005 22:28:31
Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Joe\Desktop\sysclean\tsc.ptn" (version 628) [success]
Complete time : Wed Jul 20 2005 22:32:17
Execute pattern count(4116), Virus found count(0), Virus clean count(0), Clean failed count(0)
2005-07-20, 22:32:18, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp": Access is denied.
2005-07-20, 22:32:35, An error occurred while scanning file "C:\Documents and Settings\Joe\NTUSER.DAT": Access is denied.
2005-07-20, 22:32:35, An error occurred while scanning file "C:\Documents and Settings\Joe\NTUSER.DAT.LOG": Access is denied.
2005-07-20, 22:32:43, An error occurred while scanning file "C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-07-20, 22:32:43, An error occurred while scanning file "C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-07-20, 22:40:21, An error occurred while scanning file "C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT": Access is denied.
2005-07-20, 22:40:21, An error occurred while scanning file "C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG": Access is denied.
2005-07-20, 22:40:21, An error occurred while scanning file "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-07-20, 22:40:21, An error occurred while scanning file "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-07-20, 22:40:22, An error occurred while scanning file "C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT": Access is denied.
2005-07-20, 22:40:22, An error occurred while scanning file "C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG": Access is denied.
2005-07-20, 22:40:22, An error occurred while scanning file "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-07-20, 22:40:22, An error occurred while scanning file "C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-07-20, 22:43:12, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\ACRORD32.EXE-13285B88.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\ADBERDR70_ENU_FULL.EXE-00F2EED4.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\ADMINSTALLER.EXE-027A89D5.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\ADOBEDOWNLOADMANAGER.EXE-31DFE98E.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGNT.EXE-188461F3.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\AVGUARD.EXE-2C565608.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\AVWIN.EXE-23715147.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\BLITZIN2.EXE-09D90FCF.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\CALC.EXE-02CD573A.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\CLEANUP.EXE-1B0F5664.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\EWIDO-SETUP.EXE-018D5151.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\EWIDOCTRL.EXE-32A93A8D.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\GLB54.TMP-14C84510.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\GLB95.TMP-0701B61A.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\GLJ56.TMP-389629A3.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\GUARDGUI.EXE-1BC0FCA5.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-37AD0A02.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\INETUPD.EXE-1C0995EE.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIMN.EXE-38BA891D.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\MSMSGS.EXE-2B6052DE.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTIFIER.EXE-29E8E223.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\PHOTOSHOPALBUM.EXE-13417431.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\PSA2011SE_US.EXE-2D7CF864.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\PSA2011_YTB01_DLM_ENU_FULL.EX-333BB5A3.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\READER_SL.EXE-3614FA6E.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\REG.EXE-0D2A95F7.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\RESET5.EXE-23A0DD0C.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1831A4F3.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-21D394C8.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-3D97474F.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\SECURITYSUITE.EXE-2F8634CB.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP_WM.EXE-3135CBD6.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\SMC.EXE-2CDB6670.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYWAREBLASTER.EXE-20CF1E62.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\VTPRESET.EXE-335853E8.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEF9D.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA2.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA6.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\WORDPAD.EXE-24533991.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\WSCNTFY.EXE-1B24F5EB.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\WUPDMGR.EXE-2F30BEAB.pf": Access is denied.
2005-07-20, 22:46:35, Could not set file for reading on "C:\WINDOWS\Prefetch\YTB01_EFGSIP.EXE-2F3D90ED.pf": Access is denied.
2005-07-20, 22:48:16, An error occurred while scanning file "C:\WINDOWS\system32\config\default": Access is denied.
2005-07-20, 22:48:16, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Access is denied.
2005-07-20, 22:48:16, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Access is denied.
2005-07-20, 22:48:16, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Access is denied.
2005-07-20, 22:48:16, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Access is denied.
2005-07-20, 22:48:16, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Access is denied.
2005-07-20, 22:48:16, An error occurred while scanning file "C:\WINDOWS\system32\config\software": Access is denied.
2005-07-20, 22:48:16, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Access is denied.
2005-07-20, 22:48:16, An error occurred while scanning file "C:\WINDOWS\system32\config\system": Access is denied.
2005-07-20, 22:48:16, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Access is denied.
2005-07-20, 22:49:18, Running scanner "C:\Documents and Settings\Joe\Desktop\sysclean\VSCANTM.BIN"...
2005-07-20, 23:01:56, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 7/20/2005 22:49:19
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 737 (104825 Patterns) (2005/07/19) (273700)
Command Line: C:\Documents and Settings\Joe\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Joe\Desktop\sysclean
C:\Program Files\AVPersonal\INFECTED\marya.VIR [WORM_SDBOT.BIT]
C:\Program Files\AVPersonal\INFECTED\service.VIR [WORM_RBOT.GEN]
C:\Program Files\AVPersonal\INFECTED\service.VIR00 [WORM_RBOT.GEN]
34531 files have been read.
34531 files have been checked.
30988 files have been scanned.
41040 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/20/2005 23:01:56
---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-20, 23:01:56, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 7/20/2005 22:49:19
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 737 (104825 Patterns) (2005/07/19) (273700)
Command Line: C:\Documents and Settings\Joe\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Joe\Desktop\sysclean
Success Clean [ WORM_SDBOT.BIT]( 1) from C:\Program Files\AVPersonal\INFECTED\marya.VIR
Success Clean [ WORM_RBOT.GEN]( 1) from C:\Program Files\AVPersonal\INFECTED\service.VIR
Success Clean [ WORM_RBOT.GEN]( 1) from C:\Program Files\AVPersonal\INFECTED\service.VIR00
34531 files have been read.
34531 files have been checked.
30988 files have been scanned.
41040 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/20/2005 23:01:56 12 minutes 36 seconds (756.31 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-20, 23:01:56, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 7/20/2005 22:49:19
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 737 (104825 Patterns) (2005/07/19) (273700)
Command Line: C:\Documents and Settings\Joe\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Joe\Desktop\sysclean
34531 files have been read.
34531 files have been checked.
30988 files have been scanned.
41040 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/20/2005 23:01:56 12 minutes 36 seconds (756.31 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-20, 23:01:56, Scanner "C:\Documents and Settings\Joe\Desktop\sysclean\VSCANTM.BIN" has finished running.
Ewido Log
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 23:33:30, 20/07/2005
+ Report-Checksum: A2BB6A16
+ Scan result:
No infected objects found.
::Report End
Panda
Incident Status Location
Adware:adware/wintools No disinfected C:\WINDOWS\hisistheurls.exe
Adware:adware/sahagent No disinfected C:\WINDOWS\unstall.exe
Spyware:spyware/adclicker No disinfected C:\WINDOWS\usta33.ini
Adware:adware/imgiant No disinfected C:\PROGRAM FILES\joystick networks
Virus:W32/Gaobot.ISH.worm Disinfected C:\Program Files\AVPersonal\INFECTED\winssh.VIR
Virus:W32/Gaobot.ISH.worm Disinfected C:\Program Files\AVPersonal\INFECTED\winssh.VIR00
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S87DKHB1\unstall[1].exe
Virus:Trj/Crypt.E Disinfected C:\WINDOWS\system32\sysmon32.exe
Spyware:Spyware/Media-motor No disinfected C:\WINDOWS\unstall.exe