Trouble w/ 0dp, 888, others who knows... [RESOLVED]
Started by
PamPP
, Sep 05 2005 09:32 AM
-
This topic is locked
#16
Posted 05 September 2005 - 03:02 PM
Wizard
-
- Retired Staff
-
- 5,661 posts
Retired Staff
#17
Posted 05 September 2005 - 04:16 PM
PamPP
- Topic Starter
-
- Member
-
- 23 posts
Member
Okay - hey I am learning some new things! 
Thanks, Pam
Here is the log:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 12/21/1999 7:58:02 AM 21312 C:\WINDOWS\choice.exe
UPX! 10/21/2004 3:27:34 PM 536576 C:\WINDOWS\glophone.exe
UPX! 10/21/2004 3:27:36 PM 25600 C:\WINDOWS\glousb.dll
UPX! 10/21/2004 3:27:34 PM 92245 C:\WINDOWS\iaxclient.dll
UPX! 8/27/2005 2:39:12 PM 18944 C:\WINDOWS\icont.exe.tcf
UPX! 8/31/2005 3:06:08 AM 83968 C:\WINDOWS\io2uns.exe
web-nex 8/10/2005 8:36:02 AM 4033 C:\WINDOWS\jhkor.dll
PECompact2 9/1/2005 5:27:36 PM 15716305 C:\WINDOWS\LPT$VPN.813
qoologic 9/1/2005 5:27:36 PM 15716305 C:\WINDOWS\LPT$VPN.813
SAHAgent 9/1/2005 5:27:36 PM 15716305 C:\WINDOWS\LPT$VPN.813
UPX! 9/1/2005 5:27:38 PM 170053 C:\WINDOWS\tsc.exe
PECompact2 9/1/2005 5:27:36 PM 15716305 C:\WINDOWS\VPTNFILE.813
qoologic 9/1/2005 5:27:36 PM 15716305 C:\WINDOWS\VPTNFILE.813
SAHAgent 9/1/2005 5:27:36 PM 15716305 C:\WINDOWS\VPTNFILE.813
UPX! 9/1/2005 5:27:38 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 9/1/2005 5:27:38 PM 1044560 C:\WINDOWS\vsapi32.dll
Checking %System% folder...
UPX! 10/21/2004 3:27:34 PM 222208 C:\WINDOWS\SYSTEM32\actskn43.ocx
Umonitor 9/5/2005 5:23:50 PM R S 417792 C:\WINDOWS\SYSTEM32\CUPBK32.DLL
WinShutDown 9/5/2005 5:23:50 PM R S 417792 C:\WINDOWS\SYSTEM32\CUPBK32.DLL
69.59.186.63 8/31/2005 10:54:54 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
209.66.67.134 8/31/2005 10:54:54 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
66.63.167.97 8/31/2005 10:54:54 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
66.63.167.77 8/31/2005 10:54:54 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
web-nex 8/31/2005 10:54:54 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
winsync 8/31/2005 10:54:54 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
rec2_run 8/31/2005 10:54:54 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
PEC2 8/29/2002 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
UPX! 8/30/2005 2:29:16 PM 68096 C:\WINDOWS\SYSTEM32\fxsvfw.exe
Umonitor 9/5/2005 5:22:22 PM R S 417792 C:\WINDOWS\SYSTEM32\guard.tmp
WinShutDown 9/5/2005 5:22:22 PM R S 417792 C:\WINDOWS\SYSTEM32\guard.tmp
69.59.186.63 9/5/2005 5:30:32 PM 10240 C:\WINDOWS\SYSTEM32\jobnr.dll
209.66.67.134 9/5/2005 5:30:32 PM 10240 C:\WINDOWS\SYSTEM32\jobnr.dll
web-nex 9/5/2005 5:30:32 PM 10240 C:\WINDOWS\SYSTEM32\jobnr.dll
winsync 9/5/2005 5:30:32 PM 10240 C:\WINDOWS\SYSTEM32\jobnr.dll
Umonitor 8/9/2005 12:20:50 PM R S 417792 C:\WINDOWS\SYSTEM32\KSDSW.DLL
WinShutDown 8/9/2005 12:20:50 PM R S 417792 C:\WINDOWS\SYSTEM32\KSDSW.DLL
PTech 7/12/2005 6:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
UPX! 1/13/2005 9:41:48 PM 11254 C:\WINDOWS\SYSTEM32\locate.com
PECompact2 8/4/2005 10:01:54 AM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2005 10:01:54 AM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
UPX! 8/30/2005 10:31:16 AM 68096 C:\WINDOWS\SYSTEM32\ndd1xd.exe
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 9/5/2005 4:41:20 PM R S 417792 C:\WINDOWS\SYSTEM32\nu4_disp.dll
WinShutDown 9/5/2005 4:41:20 PM R S 417792 C:\WINDOWS\SYSTEM32\nu4_disp.dll
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
Umonitor 9/5/2005 4:48:34 PM R S 417792 C:\WINDOWS\SYSTEM32\rKstls.dll
WinShutDown 9/5/2005 4:48:34 PM R S 417792 C:\WINDOWS\SYSTEM32\rKstls.dll
69.59.186.63 9/5/2005 5:30:30 PM 46080 C:\WINDOWS\SYSTEM32\skgjfdk.dll
209.66.67.134 9/5/2005 5:30:30 PM 46080 C:\WINDOWS\SYSTEM32\skgjfdk.dll
web-nex 9/5/2005 5:30:30 PM 46080 C:\WINDOWS\SYSTEM32\skgjfdk.dll
winsync 9/5/2005 5:30:30 PM 46080 C:\WINDOWS\SYSTEM32\skgjfdk.dll
UPX! 1/20/2005 1:47:50 PM 175616 C:\WINDOWS\SYSTEM32\strings.exe
winsync 8/29/2002 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU
69.59.186.63 8/30/2005 1:12:36 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
209.66.67.134 8/30/2005 1:12:36 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
66.63.167.97 8/30/2005 1:12:36 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
66.63.167.77 8/30/2005 1:12:36 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
web-nex 8/30/2005 1:12:36 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
winsync 8/30/2005 1:12:36 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
rec2_run 8/30/2005 1:12:36 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/5/2005 5:34:20 PM S 2048 C:\WINDOWS\BOOTSTAT.DAT
9/5/2005 5:20:04 PM H 54156 C:\WINDOWS\QTFont.qfn
8/9/2005 6:26:12 PM H 10820 C:\WINDOWS\Help\nocontnt.GID
8/16/2005 7:49:10 AM RHS 286777 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_61.cab
9/5/2005 5:23:50 PM R S 417792 C:\WINDOWS\SYSTEM32\CUPBK32.DLL
9/5/2005 5:34:38 PM R S 417792 C:\WINDOWS\SYSTEM32\dxprop.dll
9/5/2005 5:22:22 PM R S 417792 C:\WINDOWS\SYSTEM32\guard.tmp
8/9/2005 12:20:50 PM R S 417792 C:\WINDOWS\SYSTEM32\KSDSW.DLL
9/5/2005 4:41:20 PM R S 417792 C:\WINDOWS\SYSTEM32\nu4_disp.dll
9/5/2005 4:48:34 PM R S 417792 C:\WINDOWS\SYSTEM32\rKstls.dll
9/5/2005 5:16:18 PM R S 417792 C:\WINDOWS\SYSTEM32\wvasf.dll
7/8/2005 4:23:18 PM S 12143 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893756.cat
7/19/2005 7:18:10 PM S 18913 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
9/5/2005 5:34:40 PM H 32768 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
9/5/2005 5:34:36 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
9/5/2005 5:34:22 PM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
9/5/2005 5:34:40 PM H 159744 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
9/5/2005 5:34:32 PM H 995328 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
8/10/2005 3:18:44 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\USERDIFF.LOG
8/29/2005 9:15:42 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
8/16/2005 4:09:20 PM S 7652 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C
8/16/2005 4:09:20 PM S 134 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C
8/21/2005 3:30:02 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\afa15143-1bd8-43ff-b2a0-e0fd6edcfd13
8/21/2005 3:30:02 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
9/4/2005 11:06:58 AM HS 192 C:\WINDOWS\Tasks\RUTASK.job
9/5/2005 5:33:24 PM H 6 C:\WINDOWS\Tasks\SA.DAT
8/10/2005 7:50:20 PM HS 113 C:\WINDOWS\Temp\History\History.IE5\desktop.ini
8/10/2005 7:50:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
8/10/2005 7:50:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\33CH9QMU\desktop.ini
8/10/2005 7:50:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\5AE9MRF7\desktop.ini
8/10/2005 7:50:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KUWDUIWL\desktop.ini
8/10/2005 7:50:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\S3OXQZ0P\desktop.ini
Checking for CPL files...
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
8/31/2005 10:54:54 PM 31232 C:\WINDOWS\SYSTEM32\conres.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 4/7/2003 1:14:30 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 3:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 3:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 8/26/1996 2:12:00 AM R 341504 C:\WINDOWS\SYSTEM32\QTW32.CPL
Apple Computer, Inc. 1/6/2004 5:02:36 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 3:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
8/30/2005 1:12:36 PM 31744 C:\WINDOWS\SYSTEM32\vgactl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Intel Corporation 4/7/2003 1:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxcpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
1/5/2005 1:04:56 PM 823 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online Tray Icon.lnk
8/3/2003 8:49:14 PM 1647 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
9/3/2002 10:00:00 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
7/30/2003 7:56:06 AM 567 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
7/30/2003 7:58:56 AM 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
9/5/2005 5:16:26 PM 91648 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nptk.exe
8/3/2003 8:49:14 PM 675 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
8/3/2003 8:49:14 PM 675 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/3/2002 9:50:46 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
8/10/2005 8:58:14 PM 3 C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
Checking files in %USERPROFILE%\Startup folder...
9/3/2002 10:00:00 AM HS 84 C:\Documents and Settings\Pam\Start Menu\Programs\Startup\DESKTOP.INI
Checking files in %USERPROFILE%\Application Data folder...
9/3/2002 9:50:46 AM HS 62 C:\Documents and Settings\Pam\Application Data\DESKTOP.INI
8/20/2003 6:03:20 PM 0 C:\Documents and Settings\Pam\Application Data\dm.ini
4/8/2004 3:33:42 PM 64760 C:\Documents and Settings\Pam\Application Data\GDIPFONTCACHEV1.DAT
3/2/2004 5:00:32 PM 784 C:\Documents and Settings\Pam\Application Data\mpauth.dat
8/10/2005 3:03:52 PM 28 C:\Documents and Settings\Pam\Application Data\Sskcwrd.dll
8/9/2005 11:47:22 PM 411335 C:\Documents and Settings\Pam\Application Data\Sskknwrd.dll
8/10/2005 3:12:42 PM 33 C:\Documents and Settings\Pam\Application Data\Sskuknwrd.dll
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{A27AD802-0EC0-4955-AA51-6ECAAA51F087} = C:\WINDOWS\system32\CUPBK32.DLL
{82F490A6-7819-4FB8-94CE-D19D815868E0} = C:\WINDOWS\system32\dxprop.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ftqnsgtf
{f1e5f100-3f1b-41d9-990d-283423d15a48} = C:\WINDOWS\system32\jobnr.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}
CControl Object = C:\Program Files\E2G\IeBHOs.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4982D40A-C53B-4615-B15B-B5B5E98D167C}
ButtonText = AOL Toolbar :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}
MenuText = Java :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
ButtonText = MoneySide :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MMTray C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
AdaptecDirectCD "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Advanced Tools Check C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
HostManager C:\Program Files\Common Files\AOL\1104942569\EE\AOLHostManager.exe
AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
AOL Spyware Protection "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
newexp C:\WINDOWS\system32\newexp
jmel C:\WINDOWS\system32\ynjor\jmel.exe
rexjtcb C:\WINDOWS\system32\lsdwc\rexjtcb.exe
sgyxwjhk C:\WINDOWS\system32\rsljevt\sgyxwjhk.exe
THGuard "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
winsync C:\WINDOWS\system32\l4dgxk.exe reg_run
UserFaultCheck %systemroot%\system32\dumprep 0 -u
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
fxsvfw C:\WINDOWS\system32\fxsvfw.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
fxsvfw
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
fxsvfw C:\WINDOWS\system32\fxsvfw.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
Thanks, PamHere is the log:
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 12/21/1999 7:58:02 AM 21312 C:\WINDOWS\choice.exe
UPX! 10/21/2004 3:27:34 PM 536576 C:\WINDOWS\glophone.exe
UPX! 10/21/2004 3:27:36 PM 25600 C:\WINDOWS\glousb.dll
UPX! 10/21/2004 3:27:34 PM 92245 C:\WINDOWS\iaxclient.dll
UPX! 8/27/2005 2:39:12 PM 18944 C:\WINDOWS\icont.exe.tcf
UPX! 8/31/2005 3:06:08 AM 83968 C:\WINDOWS\io2uns.exe
web-nex 8/10/2005 8:36:02 AM 4033 C:\WINDOWS\jhkor.dll
PECompact2 9/1/2005 5:27:36 PM 15716305 C:\WINDOWS\LPT$VPN.813
qoologic 9/1/2005 5:27:36 PM 15716305 C:\WINDOWS\LPT$VPN.813
SAHAgent 9/1/2005 5:27:36 PM 15716305 C:\WINDOWS\LPT$VPN.813
UPX! 9/1/2005 5:27:38 PM 170053 C:\WINDOWS\tsc.exe
PECompact2 9/1/2005 5:27:36 PM 15716305 C:\WINDOWS\VPTNFILE.813
qoologic 9/1/2005 5:27:36 PM 15716305 C:\WINDOWS\VPTNFILE.813
SAHAgent 9/1/2005 5:27:36 PM 15716305 C:\WINDOWS\VPTNFILE.813
UPX! 9/1/2005 5:27:38 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 9/1/2005 5:27:38 PM 1044560 C:\WINDOWS\vsapi32.dll
Checking %System% folder...
UPX! 10/21/2004 3:27:34 PM 222208 C:\WINDOWS\SYSTEM32\actskn43.ocx
Umonitor 9/5/2005 5:23:50 PM R S 417792 C:\WINDOWS\SYSTEM32\CUPBK32.DLL
WinShutDown 9/5/2005 5:23:50 PM R S 417792 C:\WINDOWS\SYSTEM32\CUPBK32.DLL
69.59.186.63 8/31/2005 10:54:54 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
209.66.67.134 8/31/2005 10:54:54 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
66.63.167.97 8/31/2005 10:54:54 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
66.63.167.77 8/31/2005 10:54:54 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
web-nex 8/31/2005 10:54:54 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
winsync 8/31/2005 10:54:54 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
rec2_run 8/31/2005 10:54:54 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
PEC2 8/29/2002 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
UPX! 8/30/2005 2:29:16 PM 68096 C:\WINDOWS\SYSTEM32\fxsvfw.exe
Umonitor 9/5/2005 5:22:22 PM R S 417792 C:\WINDOWS\SYSTEM32\guard.tmp
WinShutDown 9/5/2005 5:22:22 PM R S 417792 C:\WINDOWS\SYSTEM32\guard.tmp
69.59.186.63 9/5/2005 5:30:32 PM 10240 C:\WINDOWS\SYSTEM32\jobnr.dll
209.66.67.134 9/5/2005 5:30:32 PM 10240 C:\WINDOWS\SYSTEM32\jobnr.dll
web-nex 9/5/2005 5:30:32 PM 10240 C:\WINDOWS\SYSTEM32\jobnr.dll
winsync 9/5/2005 5:30:32 PM 10240 C:\WINDOWS\SYSTEM32\jobnr.dll
Umonitor 8/9/2005 12:20:50 PM R S 417792 C:\WINDOWS\SYSTEM32\KSDSW.DLL
WinShutDown 8/9/2005 12:20:50 PM R S 417792 C:\WINDOWS\SYSTEM32\KSDSW.DLL
PTech 7/12/2005 6:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
UPX! 1/13/2005 9:41:48 PM 11254 C:\WINDOWS\SYSTEM32\locate.com
PECompact2 8/4/2005 10:01:54 AM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2005 10:01:54 AM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
UPX! 8/30/2005 10:31:16 AM 68096 C:\WINDOWS\SYSTEM32\ndd1xd.exe
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 9/5/2005 4:41:20 PM R S 417792 C:\WINDOWS\SYSTEM32\nu4_disp.dll
WinShutDown 9/5/2005 4:41:20 PM R S 417792 C:\WINDOWS\SYSTEM32\nu4_disp.dll
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
Umonitor 9/5/2005 4:48:34 PM R S 417792 C:\WINDOWS\SYSTEM32\rKstls.dll
WinShutDown 9/5/2005 4:48:34 PM R S 417792 C:\WINDOWS\SYSTEM32\rKstls.dll
69.59.186.63 9/5/2005 5:30:30 PM 46080 C:\WINDOWS\SYSTEM32\skgjfdk.dll
209.66.67.134 9/5/2005 5:30:30 PM 46080 C:\WINDOWS\SYSTEM32\skgjfdk.dll
web-nex 9/5/2005 5:30:30 PM 46080 C:\WINDOWS\SYSTEM32\skgjfdk.dll
winsync 9/5/2005 5:30:30 PM 46080 C:\WINDOWS\SYSTEM32\skgjfdk.dll
UPX! 1/20/2005 1:47:50 PM 175616 C:\WINDOWS\SYSTEM32\strings.exe
winsync 8/29/2002 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU
69.59.186.63 8/30/2005 1:12:36 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
209.66.67.134 8/30/2005 1:12:36 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
66.63.167.97 8/30/2005 1:12:36 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
66.63.167.77 8/30/2005 1:12:36 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
web-nex 8/30/2005 1:12:36 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
winsync 8/30/2005 1:12:36 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
rec2_run 8/30/2005 1:12:36 PM 30720 C:\WINDOWS\SYSTEM32\wuauclt.dll
Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/5/2005 5:34:20 PM S 2048 C:\WINDOWS\BOOTSTAT.DAT
9/5/2005 5:20:04 PM H 54156 C:\WINDOWS\QTFont.qfn
8/9/2005 6:26:12 PM H 10820 C:\WINDOWS\Help\nocontnt.GID
8/16/2005 7:49:10 AM RHS 286777 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_61.cab
9/5/2005 5:23:50 PM R S 417792 C:\WINDOWS\SYSTEM32\CUPBK32.DLL
9/5/2005 5:34:38 PM R S 417792 C:\WINDOWS\SYSTEM32\dxprop.dll
9/5/2005 5:22:22 PM R S 417792 C:\WINDOWS\SYSTEM32\guard.tmp
8/9/2005 12:20:50 PM R S 417792 C:\WINDOWS\SYSTEM32\KSDSW.DLL
9/5/2005 4:41:20 PM R S 417792 C:\WINDOWS\SYSTEM32\nu4_disp.dll
9/5/2005 4:48:34 PM R S 417792 C:\WINDOWS\SYSTEM32\rKstls.dll
9/5/2005 5:16:18 PM R S 417792 C:\WINDOWS\SYSTEM32\wvasf.dll
7/8/2005 4:23:18 PM S 12143 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893756.cat
7/19/2005 7:18:10 PM S 18913 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
9/5/2005 5:34:40 PM H 32768 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
9/5/2005 5:34:36 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
9/5/2005 5:34:22 PM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
9/5/2005 5:34:40 PM H 159744 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
9/5/2005 5:34:32 PM H 995328 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
8/10/2005 3:18:44 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\USERDIFF.LOG
8/29/2005 9:15:42 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
8/16/2005 4:09:20 PM S 7652 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C
8/16/2005 4:09:20 PM S 134 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C
8/21/2005 3:30:02 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\afa15143-1bd8-43ff-b2a0-e0fd6edcfd13
8/21/2005 3:30:02 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
9/4/2005 11:06:58 AM HS 192 C:\WINDOWS\Tasks\RUTASK.job
9/5/2005 5:33:24 PM H 6 C:\WINDOWS\Tasks\SA.DAT
8/10/2005 7:50:20 PM HS 113 C:\WINDOWS\Temp\History\History.IE5\desktop.ini
8/10/2005 7:50:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
8/10/2005 7:50:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\33CH9QMU\desktop.ini
8/10/2005 7:50:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\5AE9MRF7\desktop.ini
8/10/2005 7:50:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KUWDUIWL\desktop.ini
8/10/2005 7:50:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\S3OXQZ0P\desktop.ini
Checking for CPL files...
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
8/31/2005 10:54:54 PM 31232 C:\WINDOWS\SYSTEM32\conres.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 4/7/2003 1:14:30 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 3:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 3:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 8/26/1996 2:12:00 AM R 341504 C:\WINDOWS\SYSTEM32\QTW32.CPL
Apple Computer, Inc. 1/6/2004 5:02:36 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 3:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
8/30/2005 1:12:36 PM 31744 C:\WINDOWS\SYSTEM32\vgactl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Intel Corporation 4/7/2003 1:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxcpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
1/5/2005 1:04:56 PM 823 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online Tray Icon.lnk
8/3/2003 8:49:14 PM 1647 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
9/3/2002 10:00:00 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
7/30/2003 7:56:06 AM 567 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
7/30/2003 7:58:56 AM 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
9/5/2005 5:16:26 PM 91648 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nptk.exe
8/3/2003 8:49:14 PM 675 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
8/3/2003 8:49:14 PM 675 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/3/2002 9:50:46 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
8/10/2005 8:58:14 PM 3 C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
Checking files in %USERPROFILE%\Startup folder...
9/3/2002 10:00:00 AM HS 84 C:\Documents and Settings\Pam\Start Menu\Programs\Startup\DESKTOP.INI
Checking files in %USERPROFILE%\Application Data folder...
9/3/2002 9:50:46 AM HS 62 C:\Documents and Settings\Pam\Application Data\DESKTOP.INI
8/20/2003 6:03:20 PM 0 C:\Documents and Settings\Pam\Application Data\dm.ini
4/8/2004 3:33:42 PM 64760 C:\Documents and Settings\Pam\Application Data\GDIPFONTCACHEV1.DAT
3/2/2004 5:00:32 PM 784 C:\Documents and Settings\Pam\Application Data\mpauth.dat
8/10/2005 3:03:52 PM 28 C:\Documents and Settings\Pam\Application Data\Sskcwrd.dll
8/9/2005 11:47:22 PM 411335 C:\Documents and Settings\Pam\Application Data\Sskknwrd.dll
8/10/2005 3:12:42 PM 33 C:\Documents and Settings\Pam\Application Data\Sskuknwrd.dll
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{A27AD802-0EC0-4955-AA51-6ECAAA51F087} = C:\WINDOWS\system32\CUPBK32.DLL
{82F490A6-7819-4FB8-94CE-D19D815868E0} = C:\WINDOWS\system32\dxprop.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ftqnsgtf
{f1e5f100-3f1b-41d9-990d-283423d15a48} = C:\WINDOWS\system32\jobnr.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6}
CControl Object = C:\Program Files\E2G\IeBHOs.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4982D40A-C53B-4615-B15B-B5B5E98D167C}
ButtonText = AOL Toolbar :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}
MenuText = Java :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
ButtonText = MoneySide :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MMTray C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
AdaptecDirectCD "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Advanced Tools Check C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
HostManager C:\Program Files\Common Files\AOL\1104942569\EE\AOLHostManager.exe
AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
AOL Spyware Protection "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
newexp C:\WINDOWS\system32\newexp
jmel C:\WINDOWS\system32\ynjor\jmel.exe
rexjtcb C:\WINDOWS\system32\lsdwc\rexjtcb.exe
sgyxwjhk C:\WINDOWS\system32\rsljevt\sgyxwjhk.exe
THGuard "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
winsync C:\WINDOWS\system32\l4dgxk.exe reg_run
UserFaultCheck %systemroot%\system32\dumprep 0 -u
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
fxsvfw C:\WINDOWS\system32\fxsvfw.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
fxsvfw
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
fxsvfw C:\WINDOWS\system32\fxsvfw.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
#18
Posted 06 September 2005 - 02:51 AM
Wizard
-
- Retired Staff
-
- 5,661 posts
Retired Staff
OK,this is going to get interesting as we go along,so bear with me!
First I need to ask you to upload some files for examination!
Use the site below and go to the Uploads forum and follow the instructions to upload the files or folder i specify!
http://www.thespykiller.co.uk/forum/
See if you can upload these
C:\WINDOWS\UGFt<- Folder
C:\WINDOWS\UGFt\command.exe<- If the entire folder wont upload!
C:\WINDOWS\system32\lsdwc<- Folder
C:\WINDOWS\icont.exe.tcf
C:\WINDOWS\SYSTEM32\CUPBK32.DLL
C:\WINDOWS\system32\KSDSW.DLL
C:\WINDOWS\SYSTEM32\vgactl.cpl
Try to upload as many of those as possible but dont waste alot of time on it!
Now lets see if we can get headed in the right direction!
Click Start-> Run-> Type in Services.msc and Click OK!
Scroll that list and locate this entry
Command Service
rexjtcblsdwc<- Name may have changed but will randomly generated like this one!
Right Click that entry and Select Properties-> Click Stop-> Go up and change the Startup Type to Disabled!
Click Apply-> OK and Exit the Services Page!
Attached is a Zip folder with a reg file in it,download this to your desktop but dont run it yet!
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
Download the Hoster from here:
http://www.funkytoad...load/hoster.zip
Unzip and Extract all Files but dont run it just yet!
Download Pocket KillBox from here:
http://www.atribune....ads/KillBox.exe
Highlight the list below and press Ctrl+C to Copy!
C:\WINDOWS\icont.exe.tcf
C:\WINDOWS\io2uns.exe
C:\WINDOWS\jhkor.dll
C:\WINDOWS\UGFt\command.exe
C:\WINDOWS\UGFt
C:\WINDOWS\SYSTEM32\CUPBK32.DLL
C:\WINDOWS\SYSTEM32\datadx.dll
C:\WINDOWS\SYSTEM32\fxsvfw.exe
C:\WINDOWS\SYSTEM32\guard.tmp
C:\WINDOWS\SYSTEM32\jobnr.dll
C:\WINDOWS\SYSTEM32\KSDSW.DLL
C:\WINDOWS\SYSTEM32\ndd1xd.exe
C:\WINDOWS\system32\l4dgxk.exe
C:\WINDOWS\SYSTEM32\nu4_disp.dll
C:\WINDOWS\SYSTEM32\rKstls.dll
C:\WINDOWS\SYSTEM32\skgjfdk.dll
C:\WINDOWS\SYSTEM32\wuauclt.dll
C:\WINDOWS\SYSTEM32\dxprop.dll
C:\WINDOWS\SYSTEM32\wvasf.dll
C:\WINDOWS\SYSTEM32\conres.cpl
C:\WINDOWS\SYSTEM32\vgactl.cpl
C:\WINDOWS\system32\rsljevt\sgyxwjhk.exe
C:\WINDOWS\system32\rsljevt
C:\WINDOWS\system32\lsdwc\rexjtcb.exe
C:\WINDOWS\system32\lsdwc
C:\WINDOWS\system32\ynjor\jmel.exe
C:\WINDOWS\system32\ynjor
C:\WINDOWS\system32\newexp
C:\WINDOWS\Tasks\RUTASK.job
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nptk.exe
C:\Documents and Settings\Pam\Start Menu\Programs\Startup\nptk.exe
C:\Documents and Settings\Pam\Application Data\mpauth.dat
C:\Documents and Settings\Pam\Application Data\Sskcwrd.dll
C:\Documents and Settings\Pam\Application Data\Sskknwrd.dll
C:\Documents and Settings\Pam\Application Data\Sskuknwrd.dll
C:\Program Files\E2G\IeBHOs.dll
C:\Program Files\E2G
Open Pocket Killbox-> Click File-> Click Paste from Clipboard!
Place a tick by Delete on Reboot-> Click the Red Circle to Delete!
Click Yes to the Prompts that follow and let Killbox Reboot the PC!
Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam
Once in Safe Mode,I want you to run each of those entries above through Killbox one at a time to ensure nothing survived!
As you paste each entry in,place a tick by any of these selections available
"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"
"Deltree(Include Subdirectories)"
Click the Red Circle with the White X in the Middle to Delete!
Now locate and double click Clr.reg and allow it to merge into the registry!
Click Start-> Run-> Copy&Paste the bold text below into the Open Box and Click OK!
sc delete cmdService
and
sc delete rexjtcblsdwc
Scan the entire PC with Ewido-> Clean all it finds-> Be sure to click the tab to Save a Report!
Now run the Hoster-> Press "Restore Original Hosts" and press "OK"!
Exit Program!
Now run the l2mfix again-> Select Option 4 and Save the log!
Once thats done-> Select Option 1-> Save the log-> Select Option 2 and let it Reboot the System and Save the Log!
Restart Normal and Post back with a fresh HijackThis log and the reports from Ewido and the l2mfix Options 2 and 4 please!
Please let me know if you get any errors while running the l2mfix in Safe Mode!
First I need to ask you to upload some files for examination!
Use the site below and go to the Uploads forum and follow the instructions to upload the files or folder i specify!
http://www.thespykiller.co.uk/forum/
See if you can upload these
C:\WINDOWS\UGFt<- Folder
C:\WINDOWS\UGFt\command.exe<- If the entire folder wont upload!
C:\WINDOWS\system32\lsdwc<- Folder
C:\WINDOWS\icont.exe.tcf
C:\WINDOWS\SYSTEM32\CUPBK32.DLL
C:\WINDOWS\system32\KSDSW.DLL
C:\WINDOWS\SYSTEM32\vgactl.cpl
Try to upload as many of those as possible but dont waste alot of time on it!
Now lets see if we can get headed in the right direction!
Click Start-> Run-> Type in Services.msc and Click OK!
Scroll that list and locate this entry
Command Service
rexjtcblsdwc<- Name may have changed but will randomly generated like this one!
Right Click that entry and Select Properties-> Click Stop-> Go up and change the Startup Type to Disabled!
Click Apply-> OK and Exit the Services Page!
Attached is a Zip folder with a reg file in it,download this to your desktop but dont run it yet!
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
Download the Hoster from here:
http://www.funkytoad...load/hoster.zip
Unzip and Extract all Files but dont run it just yet!
Download Pocket KillBox from here:
http://www.atribune....ads/KillBox.exe
Highlight the list below and press Ctrl+C to Copy!
C:\WINDOWS\icont.exe.tcf
C:\WINDOWS\io2uns.exe
C:\WINDOWS\jhkor.dll
C:\WINDOWS\UGFt\command.exe
C:\WINDOWS\UGFt
C:\WINDOWS\SYSTEM32\CUPBK32.DLL
C:\WINDOWS\SYSTEM32\datadx.dll
C:\WINDOWS\SYSTEM32\fxsvfw.exe
C:\WINDOWS\SYSTEM32\guard.tmp
C:\WINDOWS\SYSTEM32\jobnr.dll
C:\WINDOWS\SYSTEM32\KSDSW.DLL
C:\WINDOWS\SYSTEM32\ndd1xd.exe
C:\WINDOWS\system32\l4dgxk.exe
C:\WINDOWS\SYSTEM32\nu4_disp.dll
C:\WINDOWS\SYSTEM32\rKstls.dll
C:\WINDOWS\SYSTEM32\skgjfdk.dll
C:\WINDOWS\SYSTEM32\wuauclt.dll
C:\WINDOWS\SYSTEM32\dxprop.dll
C:\WINDOWS\SYSTEM32\wvasf.dll
C:\WINDOWS\SYSTEM32\conres.cpl
C:\WINDOWS\SYSTEM32\vgactl.cpl
C:\WINDOWS\system32\rsljevt\sgyxwjhk.exe
C:\WINDOWS\system32\rsljevt
C:\WINDOWS\system32\lsdwc\rexjtcb.exe
C:\WINDOWS\system32\lsdwc
C:\WINDOWS\system32\ynjor\jmel.exe
C:\WINDOWS\system32\ynjor
C:\WINDOWS\system32\newexp
C:\WINDOWS\Tasks\RUTASK.job
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nptk.exe
C:\Documents and Settings\Pam\Start Menu\Programs\Startup\nptk.exe
C:\Documents and Settings\Pam\Application Data\mpauth.dat
C:\Documents and Settings\Pam\Application Data\Sskcwrd.dll
C:\Documents and Settings\Pam\Application Data\Sskknwrd.dll
C:\Documents and Settings\Pam\Application Data\Sskuknwrd.dll
C:\Program Files\E2G\IeBHOs.dll
C:\Program Files\E2G
Open Pocket Killbox-> Click File-> Click Paste from Clipboard!
Place a tick by Delete on Reboot-> Click the Red Circle to Delete!
Click Yes to the Prompts that follow and let Killbox Reboot the PC!
Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam
Once in Safe Mode,I want you to run each of those entries above through Killbox one at a time to ensure nothing survived!
As you paste each entry in,place a tick by any of these selections available
"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"
"Deltree(Include Subdirectories)"
Click the Red Circle with the White X in the Middle to Delete!
Now locate and double click Clr.reg and allow it to merge into the registry!
Click Start-> Run-> Copy&Paste the bold text below into the Open Box and Click OK!
sc delete cmdService
and
sc delete rexjtcblsdwc
Scan the entire PC with Ewido-> Clean all it finds-> Be sure to click the tab to Save a Report!
Now run the Hoster-> Press "Restore Original Hosts" and press "OK"!
Exit Program!
Now run the l2mfix again-> Select Option 4 and Save the log!
Once thats done-> Select Option 1-> Save the log-> Select Option 2 and let it Reboot the System and Save the Log!
Restart Normal and Post back with a fresh HijackThis log and the reports from Ewido and the l2mfix Options 2 and 4 please!
Please let me know if you get any errors while running the l2mfix in Safe Mode!
Attached Files
-
Clr.zip 674bytes
94 downloads
Edited by Cretemonster, 06 September 2005 - 03:01 AM.
#19
Posted 06 September 2005 - 06:09 AM
PamPP
- Topic Starter
-
- Member
-
- 23 posts
Member
Good Morning!
Okay, I uploaded the files to the site you told me to. http://www.thespykil...pic=670.new#new
Now, I will get started on following the rest of your instructions.
Thanks,
Pam
Okay, I tried the next step. I found Command Service but not a randomly generated name like the example you gave me. So I right clicked. It wouldn't let me choose Stop. But I did change the start-up Type to Disabled and exited.
Okay, I uploaded the files to the site you told me to. http://www.thespykil...pic=670.new#new
Now, I will get started on following the rest of your instructions.
Thanks,
Pam
Okay, I tried the next step. I found Command Service but not a randomly generated name like the example you gave me. So I right clicked. It wouldn't let me choose Stop. But I did change the start-up Type to Disabled and exited.
Edited by PamPP, 06 September 2005 - 06:15 AM.
#20
Posted 06 September 2005 - 10:47 AM
PamPP
- Topic Starter
-
- Member
-
- 23 posts
Member
Wow - that took all morning! 
First everything went well except I ran Option 1 and 2 of the l2mfix before I ran option 4 (got those two directions mixed up) but then I went back into safe mode and ran option 4.
I got a couple of errors using l2mfix in safe mode (don't know if they were significant or not):
When using Option 1: c:\Docume 1\pam\desktop\l2mfix\user1.txt
When rebooting from Option 2:
Registry Editor: Cannot export back regs\82F490A6-7819-45B8-94CE-D19D815868EO.reg. Error opening the file. There may be a disk or file system error.
Also: c:\Documents and Settings\Pam\Desktop\l2mfix\backup.zip\DSKERIAL.DLL
Here are the logs:
Log from Option 4
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Warning (option /rga:(ci)) - There is no ACE to remove!
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
I think this is log from option 2:
L2Mfix 1.04a
Running From:
C:\Documents and Settings\Pam\Desktop\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting up for Reboot
Starting Reboot!
++++++++++++++++++++++++++++++++++++++++++++
Not sure which option this is the log from:
L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellCompatibility]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\wvasf.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{1129E424-B747-FBEA-8BA0-261975D71A70}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"="TrojanHunter Menu Shell Extension"
"{82F490A6-7819-4FB8-94CE-D19D815868E0}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{82F490A6-7819-4FB8-94CE-D19D815868E0}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{82F490A6-7819-4FB8-94CE-D19D815868E0}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{82F490A6-7819-4FB8-94CE-D19D815868E0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{82F490A6-7819-4FB8-94CE-D19D815868E0}\InprocServer32]
@="C:\\WINDOWS\\system32\\vmscript.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
atmtd.dll Wed Aug 10 2005 2:00:34p A.... 687,592 671.48 K
browseui.dll Sat Jul 2 2005 10:11:28p A.... 1,019,904 996.00 K
cdfview.dll Sat Jul 2 2005 10:11:28p A.... 151,040 147.50 K
cmdlin~1.dll Fri Sep 2 2005 4:06:26p A.... 43,520 42.50 K
gwfspi~1.dll Tue Jul 12 2005 6:04:22p A.... 23,304 22.76 K
icm32.dll Tue Jun 28 2005 9:46:00p A.... 254,976 249.00 K
iepeers.dll Sat Jul 2 2005 10:11:28p A.... 251,392 245.50 K
inseng.dll Sat Jul 2 2005 10:11:28p A.... 96,256 94.00 K
kerberos.dll Wed Jun 15 2005 1:49:30p A.... 295,936 289.00 K
legitc~1.dll Tue Jul 12 2005 6:04:22p A.... 520,456 508.26 K
mfc71.dll Wed Jul 6 2005 5:17:28p A.... 1,060,864 1.01 M
mscms.dll Tue Jun 28 2005 9:46:00p A.... 74,240 72.50 K
mshtml.dll Tue Jul 19 2005 10:00:30p A.... 3,014,144 2.87 M
mshtmled.dll Sat Jul 2 2005 10:11:30p A.... 448,512 438.00 K
msrating.dll Sat Jul 2 2005 10:11:30p A.... 146,432 143.00 K
pngfilt.dll Sat Jul 2 2005 10:11:30p A.... 39,424 38.50 K
s32evnt1.dll Thu Jul 28 2005 2:52:18p A.... 91,856 89.70 K
shdocvw.dll Sat Jul 2 2005 10:11:30p A.... 1,483,776 1.41 M
shlwapi.dll Sat Jul 2 2005 10:11:30p A.... 473,600 462.50 K
tapisrv.dll Fri Jul 8 2005 12:27:56p A.... 249,344 243.50 K
umpnpmgr.dll Wed Jun 29 2005 10:02:40p A.... 118,272 115.50 K
urlmon.dll Sat Jul 2 2005 10:11:30p A.... 607,744 593.50 K
vmscript.dll Tue Sep 6 2005 10:16:04a ..S.R 417,792 408.00 K
wininet.dll Sat Jul 2 2005 10:11:30p A.... 658,432 643.00 K
wvasf.dll Mon Sep 5 2005 5:16:18p ..S.R 417,792 408.00 K
25 items found: 25 files (2 H/S), 0 directories.
Total of file sizes: 12,646,600 bytes 12.06 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 5C34-345C
Directory of C:\WINDOWS\System32
09/06/2005 10:16 AM 417,792 vmscript.dll
09/05/2005 05:16 PM 417,792 wvasf.dll
08/23/2005 10:55 AM <DIR> DLLCACHE
09/14/2004 09:44 AM 32 {36BAA528-FBBC-4165-9671-5B8E6BDF28A3}.dat
07/30/2003 07:16 AM <DIR> Microsoft
3 File(s) 835,616 bytes
2 Dir(s) 28,371,070,976 bytes free
Ewido Log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 11:48:32 AM, 9/6/2005
+ Report-Checksum: 47EE16BE
+ Scan result:
HKLM\SOFTWARE\Classes\IeBHOs.Control -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor -> Spyware.MediaMotor : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKU\S-1-5-21-1152413055-1571408051-3902830820-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
[244] C:\WINDOWS\system32\wvasf.dll -> Spyware.Look2Me : Error during cleaning
[676] C:\WINDOWS\system32\vmscript.dll -> Spyware.Look2Me : Error during cleaning
[752] C:\WINDOWS\system32\vmscript.dll -> Spyware.Look2Me : Error during cleaning
C:\!Submit\CUPBK32.DLL -> Spyware.Look2Me : Cleaned with backup
C:\!Submit\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\!Submit\jmel.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\!Submit\jobnr.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\!Submit\KSDSW.DLL -> Spyware.Look2Me : Cleaned with backup
C:\!Submit\nptk.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\!Submit\nu4_disp.dll -> Spyware.Look2Me : Cleaned with backup
C:\!Submit\rKstls.dll -> Spyware.Look2Me : Cleaned with backup
C:\!Submit\vgactl.cpl -> TrojanDownloader.Qoologic.ad : Cleaned with backup
C:\!Submit\wuauclt.dll -> TrojanDownloader.Small : Cleaned with backup
C:\!Submit\__delete_on_reboot__IeBHOs.dll -> Spyware.E2Give : Cleaned with backup
C:\Documents and Settings\Pam\Desktop\l2mfix\backup.zip/DKSERIAL.DLL -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Pam\Desktop\l2mfix\backup.zip/tpemeui.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Pam\Desktop\l2mfix\backup.zip/guard.tmp -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Pam\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\RECYCLER\NPROTECT\00737844.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00738037.DLL -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00738289.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00738777.DLL -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00739363.DLL -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00739364.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00739365.zip/DKSERIAL.DLL -> Spyware.Look2Me : Error during cleaning
C:\RECYCLER\NPROTECT\00739365.zip/tpemeui.dll -> Spyware.Look2Me : Error during cleaning
C:\RECYCLER\NPROTECT\00739367.zip/DKSERIAL.DLL -> Spyware.Look2Me : Error during cleaning
C:\RECYCLER\NPROTECT\00739367.zip/tpemeui.dll -> Spyware.Look2Me : Error during cleaning
C:\RECYCLER\NPROTECT\00739367.zip/guard.tmp -> Spyware.Look2Me : Error during cleaning
C:\RECYCLER\NPROTECT\00739370.zip/DKSERIAL.DLL -> Spyware.Look2Me : Error during cleaning
C:\RECYCLER\NPROTECT\00739370.zip/tpemeui.dll -> Spyware.Look2Me : Error during cleaning
C:\RECYCLER\NPROTECT\00739370.zip/guard.tmp -> Spyware.Look2Me : Error during cleaning
C:\RECYCLER\NPROTECT\00739372.zip/DKSERIAL.DLL -> Spyware.Look2Me : Error during cleaning
C:\RECYCLER\NPROTECT\00739372.zip/tpemeui.dll -> Spyware.Look2Me : Error during cleaning
C:\RECYCLER\NPROTECT\00739372.zip/guard.tmp -> Spyware.Look2Me : Error during cleaning
C:\RECYCLER\NPROTECT\00739379.DLL -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00739381.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00740035.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00740170.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00741505.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095298.EXE.tcf -> Spyware.Adstart : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095370.EXE.tcf -> Spyware.Adstart : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0110792.exe -> TrojanDownloader.Qoologic.ad : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0110802.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0110805.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0110806.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0110807.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP381\A0111153.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP381\A0111154.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP381\A0111155.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP381\A0111156.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112139.exe -> TrojanDownloader.Qoologic.ad : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112146.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112147.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112148.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112149.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112198.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112219.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112220.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112221.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112229.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112230.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112231.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112232.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112242.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112243.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112244.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112245.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112262.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112263.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112264.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112265.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112279.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112280.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112281.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112282.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112361.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112362.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112363.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112364.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112444.exe -> Spyware.Adstart : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112446.exe -> Spyware.Adstart : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0113454.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0113456.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0113458.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0113459.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113493.exe -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113519.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113520.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113521.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113523.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113593.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113596.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113597.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113599.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113626.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113628.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113630.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113631.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP385\A0113732.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP385\A0113733.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP385\A0113734.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP385\A0113735.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP385\A0113790.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP385\A0113791.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP385\A0113792.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP385\A0113793.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113858.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113860.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113861.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113862.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113926.EXE -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113929.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113932.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113967.dll -> Spyware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113971.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113975.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113976.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113977.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113978.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0114006.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0114007.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0114008.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0114009.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0114013.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0114049.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0114051.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0114052.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0114053.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114067.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114068.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114069.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114070.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114072.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114095.dll -> Spyware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114108.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114109.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114112.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114114.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114143.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114145.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114146.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114148.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114173.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114175.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114177.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114178.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114204.EXE -> TrojanDownloader.Small.abd : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114229.SYS -> Trojan.Rootkit.Agent.af : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114263.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114264.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114302.EXE -> Spyware.CASClient : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114342.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114343.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114344.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114345.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114453.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114464.dll -> Spyware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114471.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114484.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114485.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114496.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114497.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114498.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114499.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114524.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114528.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114531.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114533.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114534.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114553.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114554.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114555.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114556.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114599.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114600.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114603.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114605.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114628.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114630.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114632.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114635.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114638.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114685.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114686.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114687.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114688.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114738.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114739.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114740.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114741.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114763.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114765.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114767.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114769.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114770.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114804.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114807.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114808.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114839.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114841.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114842.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114843.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114844.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114872.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114874.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114875.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114876.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114938.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114939.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114944.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114945.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114946.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114947.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114950.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114951.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114952.dll -> TrojanDownloader.Small : Cleaned with backup
C:\System Volume Information\_rest
First everything went well except I ran Option 1 and 2 of the l2mfix before I ran option 4 (got those two directions mixed up) but then I went back into safe mode and ran option 4.
I got a couple of errors using l2mfix in safe mode (don't know if they were significant or not):
When using Option 1: c:\Docume 1\pam\desktop\l2mfix\user1.txt
When rebooting from Option 2:
Registry Editor: Cannot export back regs\82F490A6-7819-45B8-94CE-D19D815868EO.reg. Error opening the file. There may be a disk or file system error.
Also: c:\Documents and Settings\Pam\Desktop\l2mfix\backup.zip\DSKERIAL.DLL
Here are the logs:
Log from Option 4
Restoring Registry Permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Revoking access for predefined group "Administrators"
Inherited ACE can not be revoked here!
Inherited ACE can not be revoked here!
Warning (option /rga:(ci)) - There is no ACE to remove!
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
I think this is log from option 2:
L2Mfix 1.04a
Running From:
C:\Documents and Settings\Pam\Desktop\l2mfix
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting registry permissions:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Denying C(CI) access for predefined group "Administrators"
- adding new ACCESS DENY entry
Registry Permissions set too:
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(CI) DENY --C------- BUILTIN\Administrators
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
Setting up for Reboot
Starting Reboot!
++++++++++++++++++++++++++++++++++++++++++++
Not sure which option this is the log from:
L2MFIX find log 1.04a
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
"Asynchronous"=dword:00000000
"DllName"=""
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellCompatibility]
"Asynchronous"=dword:00000000
"DllName"="C:\\WINDOWS\\system32\\wvasf.dll"
"Impersonate"=dword:00000000
"Logon"="WinLogon"
"Logoff"="WinLogoff"
"Shutdown"="WinShutdown"
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{1129E424-B747-FBEA-8BA0-261975D71A70}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{5E44E225-A408-11CF-B581-008029601108}"="Adaptec DirectCD Shell Extension"
"{1D2680C9-0E2A-469d-B787-065558BC7D43}"="Fusion Cache"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"="TrojanHunter Menu Shell Extension"
"{82F490A6-7819-4FB8-94CE-D19D815868E0}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{82F490A6-7819-4FB8-94CE-D19D815868E0}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{82F490A6-7819-4FB8-94CE-D19D815868E0}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{82F490A6-7819-4FB8-94CE-D19D815868E0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{82F490A6-7819-4FB8-94CE-D19D815868E0}\InprocServer32]
@="C:\\WINDOWS\\system32\\vmscript.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
C:\WINDOWS\SYSTEM32\
atmtd.dll Wed Aug 10 2005 2:00:34p A.... 687,592 671.48 K
browseui.dll Sat Jul 2 2005 10:11:28p A.... 1,019,904 996.00 K
cdfview.dll Sat Jul 2 2005 10:11:28p A.... 151,040 147.50 K
cmdlin~1.dll Fri Sep 2 2005 4:06:26p A.... 43,520 42.50 K
gwfspi~1.dll Tue Jul 12 2005 6:04:22p A.... 23,304 22.76 K
icm32.dll Tue Jun 28 2005 9:46:00p A.... 254,976 249.00 K
iepeers.dll Sat Jul 2 2005 10:11:28p A.... 251,392 245.50 K
inseng.dll Sat Jul 2 2005 10:11:28p A.... 96,256 94.00 K
kerberos.dll Wed Jun 15 2005 1:49:30p A.... 295,936 289.00 K
legitc~1.dll Tue Jul 12 2005 6:04:22p A.... 520,456 508.26 K
mfc71.dll Wed Jul 6 2005 5:17:28p A.... 1,060,864 1.01 M
mscms.dll Tue Jun 28 2005 9:46:00p A.... 74,240 72.50 K
mshtml.dll Tue Jul 19 2005 10:00:30p A.... 3,014,144 2.87 M
mshtmled.dll Sat Jul 2 2005 10:11:30p A.... 448,512 438.00 K
msrating.dll Sat Jul 2 2005 10:11:30p A.... 146,432 143.00 K
pngfilt.dll Sat Jul 2 2005 10:11:30p A.... 39,424 38.50 K
s32evnt1.dll Thu Jul 28 2005 2:52:18p A.... 91,856 89.70 K
shdocvw.dll Sat Jul 2 2005 10:11:30p A.... 1,483,776 1.41 M
shlwapi.dll Sat Jul 2 2005 10:11:30p A.... 473,600 462.50 K
tapisrv.dll Fri Jul 8 2005 12:27:56p A.... 249,344 243.50 K
umpnpmgr.dll Wed Jun 29 2005 10:02:40p A.... 118,272 115.50 K
urlmon.dll Sat Jul 2 2005 10:11:30p A.... 607,744 593.50 K
vmscript.dll Tue Sep 6 2005 10:16:04a ..S.R 417,792 408.00 K
wininet.dll Sat Jul 2 2005 10:11:30p A.... 658,432 643.00 K
wvasf.dll Mon Sep 5 2005 5:16:18p ..S.R 417,792 408.00 K
25 items found: 25 files (2 H/S), 0 directories.
Total of file sizes: 12,646,600 bytes 12.06 M
Locate .tmp files:
No matches found.
**********************************************************************************
Directory Listing of system files:
Volume in drive C has no label.
Volume Serial Number is 5C34-345C
Directory of C:\WINDOWS\System32
09/06/2005 10:16 AM 417,792 vmscript.dll
09/05/2005 05:16 PM 417,792 wvasf.dll
08/23/2005 10:55 AM <DIR> DLLCACHE
09/14/2004 09:44 AM 32 {36BAA528-FBBC-4165-9671-5B8E6BDF28A3}.dat
07/30/2003 07:16 AM <DIR> Microsoft
3 File(s) 835,616 bytes
2 Dir(s) 28,371,070,976 bytes free
Ewido Log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 11:48:32 AM, 9/6/2005
+ Report-Checksum: 47EE16BE
+ Scan result:
HKLM\SOFTWARE\Classes\IeBHOs.Control -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor -> Spyware.MediaMotor : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKU\S-1-5-21-1152413055-1571408051-3902830820-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
[244] C:\WINDOWS\system32\wvasf.dll -> Spyware.Look2Me : Error during cleaning
[676] C:\WINDOWS\system32\vmscript.dll -> Spyware.Look2Me : Error during cleaning
[752] C:\WINDOWS\system32\vmscript.dll -> Spyware.Look2Me : Error during cleaning
C:\!Submit\CUPBK32.DLL -> Spyware.Look2Me : Cleaned with backup
C:\!Submit\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\!Submit\jmel.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\!Submit\jobnr.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\!Submit\KSDSW.DLL -> Spyware.Look2Me : Cleaned with backup
C:\!Submit\nptk.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\!Submit\nu4_disp.dll -> Spyware.Look2Me : Cleaned with backup
C:\!Submit\rKstls.dll -> Spyware.Look2Me : Cleaned with backup
C:\!Submit\vgactl.cpl -> TrojanDownloader.Qoologic.ad : Cleaned with backup
C:\!Submit\wuauclt.dll -> TrojanDownloader.Small : Cleaned with backup
C:\!Submit\__delete_on_reboot__IeBHOs.dll -> Spyware.E2Give : Cleaned with backup
C:\Documents and Settings\Pam\Desktop\l2mfix\backup.zip/DKSERIAL.DLL -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Pam\Desktop\l2mfix\backup.zip/tpemeui.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Pam\Desktop\l2mfix\backup.zip/guard.tmp -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Pam\Local Settings\Temp\Cookies\[email protected][1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\RECYCLER\NPROTECT\00737844.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00738037.DLL -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00738289.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00738777.DLL -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00739363.DLL -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00739364.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00739365.zip/DKSERIAL.DLL -> Spyware.Look2Me : Error during cleaning
C:\RECYCLER\NPROTECT\00739365.zip/tpemeui.dll -> Spyware.Look2Me : Error during cleaning
C:\RECYCLER\NPROTECT\00739367.zip/DKSERIAL.DLL -> Spyware.Look2Me : Error during cleaning
C:\RECYCLER\NPROTECT\00739367.zip/tpemeui.dll -> Spyware.Look2Me : Error during cleaning
C:\RECYCLER\NPROTECT\00739367.zip/guard.tmp -> Spyware.Look2Me : Error during cleaning
C:\RECYCLER\NPROTECT\00739370.zip/DKSERIAL.DLL -> Spyware.Look2Me : Error during cleaning
C:\RECYCLER\NPROTECT\00739370.zip/tpemeui.dll -> Spyware.Look2Me : Error during cleaning
C:\RECYCLER\NPROTECT\00739370.zip/guard.tmp -> Spyware.Look2Me : Error during cleaning
C:\RECYCLER\NPROTECT\00739372.zip/DKSERIAL.DLL -> Spyware.Look2Me : Error during cleaning
C:\RECYCLER\NPROTECT\00739372.zip/tpemeui.dll -> Spyware.Look2Me : Error during cleaning
C:\RECYCLER\NPROTECT\00739372.zip/guard.tmp -> Spyware.Look2Me : Error during cleaning
C:\RECYCLER\NPROTECT\00739379.DLL -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00739381.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00740035.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00740170.dll -> Spyware.Look2Me : Cleaned with backup
C:\RECYCLER\NPROTECT\00741505.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095298.EXE.tcf -> Spyware.Adstart : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095370.EXE.tcf -> Spyware.Adstart : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0110792.exe -> TrojanDownloader.Qoologic.ad : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0110802.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0110805.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0110806.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0110807.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP381\A0111153.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP381\A0111154.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP381\A0111155.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP381\A0111156.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112139.exe -> TrojanDownloader.Qoologic.ad : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112146.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112147.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112148.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112149.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112198.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112219.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112220.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112221.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112229.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112230.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112231.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112232.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112242.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112243.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112244.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112245.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112262.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112263.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112264.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112265.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112279.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112280.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112281.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112282.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112361.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112362.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112363.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112364.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112444.exe -> Spyware.Adstart : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112446.exe -> Spyware.Adstart : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0113454.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0113456.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0113458.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0113459.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113493.exe -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113519.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113520.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113521.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113523.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113593.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113596.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113597.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113599.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113626.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113628.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113630.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113631.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP385\A0113732.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP385\A0113733.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP385\A0113734.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP385\A0113735.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP385\A0113790.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP385\A0113791.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP385\A0113792.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP385\A0113793.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113858.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113860.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113861.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113862.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113926.EXE -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113929.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113932.exe -> TrojanDownloader.Agent.lg : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113967.dll -> Spyware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113971.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113975.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113976.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113977.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113978.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0114006.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0114007.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0114008.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0114009.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0114013.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0114049.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0114051.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0114052.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0114053.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114067.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114068.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114069.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114070.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114072.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114095.dll -> Spyware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114108.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114109.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114112.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114114.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114143.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114145.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114146.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114148.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114173.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114175.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114177.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114178.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114204.EXE -> TrojanDownloader.Small.abd : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114229.SYS -> Trojan.Rootkit.Agent.af : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114263.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114264.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114302.EXE -> Spyware.CASClient : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114342.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114343.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114344.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114345.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114453.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114464.dll -> Spyware.E2Give : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114471.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114484.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114485.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114496.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114497.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114498.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114499.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114524.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114528.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114531.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114533.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114534.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114553.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114554.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114555.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114556.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114599.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114600.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114603.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114605.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114628.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114630.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114632.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114635.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114638.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114685.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114686.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114687.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114688.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114738.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114739.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114740.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114741.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114763.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114765.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114767.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114769.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114770.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114804.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114807.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114808.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114839.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114841.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114842.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114843.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114844.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114872.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114874.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114875.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114876.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114938.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114939.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114944.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114945.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114946.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114947.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114950.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114951.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114952.dll -> TrojanDownloader.Small : Cleaned with backup
C:\System Volume Information\_rest
#21
Posted 07 September 2005 - 03:19 AM
Wizard
-
- Retired Staff
-
- 5,661 posts
Retired Staff
Thanks so much for uploading those file!
Do you remember any Infection Warnings in the past few weeks for a worm called "Alcan"??
I need to look at a few other area that will take 2 more scans!
OK,I need you to download and run Silent Runners:
http://www.silentrun...ent Runners.zip
Unzip it and select Extract all files!
Run the SilentRunners.vbs file. If your antivirus has a script blocker, you will get a warning asking if you want to allow SilentRunners.vbs to run. It might say something like "Malicious Script Warning". This script is not malicious so you are safe in allowing it to run.
It will start scanning the System,be patient,it takes a bit!
Once Completed,it will produce a Notepad page,I need you to Copy&Paste those results into your next post!
Please download Rootkit Revealer (link is at the very bottom of the page)
When all that is done,Scan the PC at the Kaspersky Online Scanner
Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
Post all those logs along with a fresh HijackThis log and let me see what I can find out from those files!
It appears that some System Settings and Privlages have been tampered with!
Do you remember any Infection Warnings in the past few weeks for a worm called "Alcan"??
I need to look at a few other area that will take 2 more scans!
OK,I need you to download and run Silent Runners:
http://www.silentrun...ent Runners.zip
Unzip it and select Extract all files!
Run the SilentRunners.vbs file. If your antivirus has a script blocker, you will get a warning asking if you want to allow SilentRunners.vbs to run. It might say something like "Malicious Script Warning". This script is not malicious so you are safe in allowing it to run.
It will start scanning the System,be patient,it takes a bit!
Once Completed,it will produce a Notepad page,I need you to Copy&Paste those results into your next post!
Please download Rootkit Revealer (link is at the very bottom of the page)
- Unzip it to your desktop.
- Open the rootkitrevealer folder and double-click rootkitrevealer.exe
- Click the Scan button (bottom right)
- It may take a while to scan (don't do anything while it's running)
- When it's done, go up to File > Save. Choose to save it to your desktop.
- Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them here
When all that is done,Scan the PC at the Kaspersky Online Scanner
Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Scan Options:
Scan Mail Bases - Click OK
- Now under select a target to scan:Select My Computer
- This will program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
- Copy and paste that information in your next post.
Post all those logs along with a fresh HijackThis log and let me see what I can find out from those files!
It appears that some System Settings and Privlages have been tampered with!
Edited by Cretemonster, 07 September 2005 - 03:28 AM.
#22
Posted 07 September 2005 - 12:58 PM
PamPP
- Topic Starter
-
- Member
-
- 23 posts
Member
I have not gotten any infection warnings. However whenever I reboot, I get a warning that my Norton has been turned off - so I turn it back on (although I never turned it off to begin with). But each time I reboot it says that it is turned off again.
There was a time about 3 weeks ago when I ran the Norton that it said there was a problem, but the system crashed and when I looked again it said everything was fine.
Here are the 3 logs:
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, September 07, 2005 14:52:59
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 7/09/2005
Kaspersky Anti-Virus database records: 148130
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 67149
Number of viruses found: 40
Number of infected objects: 301
Number of suspicious objects: 0
Duration of the scan process: 3789 sec
Infected Object Name - Virus Name
C:\!Submit\conres.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\!Submit\datadx.dll Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\!Submit\fxsvfw.exe Infected: Trojan-Spy.Win32.VB.eh
C:\!Submit\icont.exe.tcf Infected: not-a-virus:AdWare.AdURL.c
C:\!Submit\ndd1xd.exe Infected: Trojan-Spy.Win32.VB.eh
C:\backup.zip/vmscript.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\backup.zip/wvasf.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\backup.zip/guard.tmp Infected: not-a-virus:AdWare.Look2Me.ag
C:\backup.zip Infected: not-a-virus:AdWare.Look2Me.ag
C:\Documents and Settings\Kaitlin\Local Settings\Temp\~826721.tmp Infected: not-a-virus:AdWare.Wintol.d
C:\Documents and Settings\Pam\Desktop\l2mfix\backup.zip/DKSERIAL.DLL Infected: not-a-virus:AdWare.Look2Me.ag
C:\Documents and Settings\Pam\Desktop\l2mfix\backup.zip/tpemeui.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\Documents and Settings\Pam\Desktop\l2mfix\backup.zip/guard.tmp Infected: not-a-virus:AdWare.Look2Me.ag
C:\Documents and Settings\Pam\Desktop\l2mfix\backup.zip Infected: not-a-virus:AdWare.Look2Me.ag
C:\Program Files\Cas\Client\casmf.dll Infected: not-a-virus:AdWare.CASClient.a
C:\Program Files\Norton AntiVirus\Quarantine\00BF3252.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\00ED7E20.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\013F779B Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\01960565.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\01B47F44.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\023364B8.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\02613086.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\02DA4201.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\03380399.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\0353537C.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\03974530.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\051C4985.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\05394364.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\056A392F.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\0588330E.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\05C226CE.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\05FD1A8D.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\06380E4C.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\06525E2F.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\069325E8.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\07163558.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\07440125.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\07E73472.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\080E2C47.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\08D95768.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\09241D15.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\09FB7028.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\0B245CE1.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\0BA44255.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\0C3379B7.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\0D014ED4.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\0DB22A12.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\0DE21FDC.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\117261F2.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\11750BEE.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\12281129.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\128752C0.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\12C81A78.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\12E93E55.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\13073834.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\154C69B5.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\162766C4.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\16967A4A.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\17774B52.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\179E4326.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\180D56AC.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\1C7A3FCD.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\1CC92F77.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\1D032336.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\1E3D61DD.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\1EAD0A57 Infected: Net-Worm.Win32.Padobot.g
C:\Program Files\Norton AntiVirus\Quarantine\1FE20A0E.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\200901E3.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\20AD352F.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\20D42D04.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\20EB52EB.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\21B82808.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\21F071CB.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\220A41AF.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\22485F6A.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\22F510AC.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\230F608F.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\23512847.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\23CD63BF.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\23E05FA9.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\24115573.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\24531D2B.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\248068F9.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\249464E3.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\24A860CE.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\24CB2EA6.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\24DC0094.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\25932FCB.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\25BD519C.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\264D08FE.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\27310403.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\273E2BF4.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\276F21BE.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\27A76B81.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\28062D19.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\287E3E94.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\28A63669.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\28FE2408.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\290E75F6.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\291F47E4.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\29633999.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\29773583.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\29870771.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\29B87D3B.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\29F944F3.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\2B712156.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\2C2B7A89.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\2C3B4C77.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\2C7D142F.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\2CDB55C7.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\2D823310.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\319A5E36 Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\36BA402F Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\36C43E24 Infected: Trojan-Downloader.Win32.Small.ij
C:\Program Files\Norton AntiVirus\Quarantine\36D83A0F Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\37504B8A Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\37571F82 Infected: Net-Worm.Win32.Padobot.g
C:\Program Files\Norton AntiVirus\Quarantine\375E737B Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\37953D3E Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\37AF0D21 Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\38077AC0 Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\380B24BD Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\381178B6 Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\388A0A31 Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\38973222 Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\389E061B Infected: Trojan-Downloader.Win32.Small.ij
C:\Program Files\Norton AntiVirus\Quarantine\569846DE.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5789136D Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\594A7AFC Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\709B0891 Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\753B00C8.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\7B871E10.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\7CC15CB7.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\7D054E6B.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\7D7461F1.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\7F547DE1.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\rdso\eetu.exe Infected: Trojan-Downloader.Win32.Agent.ti
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0001 Infected: not-a-virus:AdWare.BargainBuddy.q
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0002 Infected: not-a-virus:AdWare.BargainBuddy.q
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0004/stream/data0002 Infected: not-a-virus:AdWare.BargainBuddy.y
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0004/stream/data0005 Infected: not-a-virus:AdWare.BargainBuddy.aa
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0004/stream/data0006 Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0004/stream/data0007 Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0004/stream/data0008 Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0004/stream Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0004 Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0005/stream/data0005 Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0005/stream/data0006 Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0005/stream Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0005 Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0006/stream/data0005 Infected: not-a-virus:AdWare.BargainBuddy.l
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0006/stream/data0006 Infected: not-a-virus:AdWare.BargainBuddy.y
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0006/stream/data0007 Infected: not-a-virus:AdWare.CashBack.b
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0006/stream/data0008 Infected: not-a-virus:AdWare.CashBack.d
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0006/stream Infected: not-a-virus:AdWare.CashBack.d
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0006 Infected: not-a-virus:AdWare.CashBack.d
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream Infected: not-a-virus:AdWare.CashBack.d
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe Infected: not-a-virus:AdWare.CashBack.d
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095020.exe/data0003 Infected: not-a-virus:AdWare.PurityScan.w
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095020.exe Infected: not-a-virus:AdWare.PurityScan.w
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095028.exe Infected: Trojan-Downloader.Win32.Small.apm
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095029.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095100.exe Infected: Trojan-Downloader.Win32.Small.apm
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095179.EXE/stream/data0002 Infected: not-a-virus:AdWare.BargainBuddy.y
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095179.EXE/stream/data0005 Infected: not-a-virus:AdWare.BargainBuddy.aa
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095179.EXE/stream/data0006 Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095179.EXE/stream/data0007 Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095179.EXE/stream/data0008 Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095179.EXE/stream Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095179.EXE Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095182.EXE/stream/data0005 Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095182.EXE/stream/data0006 Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095182.EXE/stream Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095182.EXE Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095187.EXE/stream/data0005 Infected: not-a-virus:AdWare.BargainBuddy.l
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095187.EXE/stream/data0006 Infected: not-a-virus:AdWare.BargainBuddy.y
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095187.EXE/stream/data0007 Infected: not-a-virus:AdWare.CashBack.b
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095187.EXE/stream/data0008 Infected: not-a-virus:AdWare.CashBack.d
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095187.EXE/stream Infected: not-a-virus:AdWare.CashBack.d
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095187.EXE Infected: not-a-virus:AdWare.CashBack.d
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095221.dll.tcf Infected: not-a-virus:AdWare.Adstart.c
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095223.exe Infected: Trojan-Downloader.Win32.PurityScan.ak
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095341.EXE/stream/data0005 Infected: not-a-virus:AdWare.BargainBuddy.y
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095341.EXE/stream Infected: not-a-virus:AdWare.BargainBuddy.y
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095341.EXE Infected: not-a-virus:AdWare.BargainBuddy.y
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095345.EXE.tcf/WISE0001.BIN Infected: not-a-virus:AdWare.VirtualBouncer.j
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095345.EXE.tcf Infected: not-a-virus:AdWare.VirtualBouncer.j
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095346.EXE/WISE0001.BIN Infected: not-a-virus:AdWare.VirtualBouncer.j
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095346.EXE Infected: not-a-virus:AdWare.VirtualBouncer.j
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095347.EXE/WISE0001.BIN Infected: not-a-virus:AdWare.VirtualBouncer
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095347.EXE Infected: not-a-virus:AdWare.VirtualBouncer
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095357.dll.tcf Infected: not-a-virus:AdWare.Adstart.c
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095384.exe Infected: Trojan-Downloader.Win32.PurityScan.ak
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095598.dll.tcf Infected: not-a-virus:AdWare.EZula.x
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095599.exe Infected: not-a-virus:AdWare.EZula.z
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095609.EXE/WISE0001.BIN Infected: not-a-virus:AdWare.EZula.ak
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095609.EXE Infected: not-a-virus:AdWare.EZula.ak
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0110793.dll Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112140.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112153.dll Infected: Trojan-Downloader.Win32.Agent.lg
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112401.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112403.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112404.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112406.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112407.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112409.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112411.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112413.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112414.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112416.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112417.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112419.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112420.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112422.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112423.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112425.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112426.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112428.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112429.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112431.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112432.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112434.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112435.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112442.exe Infected: not-a-virus:AdWare.AdURL.c
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112443.dll Infected: not-a-virus:AdWare.Adstart.c
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112445.dll Infected: not-a-virus:AdWare.Adstart.c
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113486.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113488.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113489.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113491.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113492.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113503.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113504.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113506.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113508.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113510.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113511.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113512.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113514.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113515.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113517.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113518.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113527.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113528.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113532.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113533.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113925.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.lg
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113925.exe Infected: Trojan-Downloader.Win32.Agent.lg
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114940.dll Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114941.dll Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114942.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114943.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114948.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114949.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114954.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114955.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116960.DLL Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116961.exe Infected: Trojan-Downloader.Win32.Agent.lg
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116962.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116963.DLL Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116964.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116965.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116966.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116967.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116968.dll Infected: Trojan-Downloader.Win32.Qoologic.ae
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116969.dll Infected: not-a-virus:AdWare.BHO.E2Give.c
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116970.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116971.DLL Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116972.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116973.DLL Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116974.DLL Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116975.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116976.DLL Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116977.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116978.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116979.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116980.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116981.exe Infected: Trojan-Downloader.Win32.Small.bkr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116982.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116983.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116984.exe Infected: not-a-virus:AdWare.DealHelper.x
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116985.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116986.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116987.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116988.exe Infected: not-a-virus:AdWare.DealHelper.ad
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116989.dll Infected: not-a-virus:AdWare.PurityScan.ak
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116990.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116991.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116992.exe Infected: not-a-virus:AdWare.PurityScan.db
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\!update-2304[1].0000 Infected: Trojan-Downloader.Win32.Agent.ti
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\!update-2314[1].0000 Infected: Trojan-Downloader.Win32.Agent.ti
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\!update-2324[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.ak
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\!update-2364[1].0000 Infected: Trojan-Downloader.Win32.Agent.ti
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\!update-2384[1].0000 Infected: Trojan-Downloader.Win32.Agent.ti
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OT2JQP0H\!update-2344[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.ak
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OT2JQP0H\!update-2354[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.ak
C:\WINDOWS\SYSTEM32\covhu.dll.tcf Infected: not-a-virus:AdWare.Adstart.c
C:\WINDOWS\SYSTEM32\fyrhg.dll.tcf Infected: not-a-virus:AdWare.Adstart.c
C:\WINDOWS\SYSTEM32\shopinst.exe Infected: Trojan-Downloader.Win32.Small.apm
C:\WINDOWS\SYSTEM32\w130713.Stub.exe Infected: Trojan-Downloader.Win32.Delmed.a
C:\WINDOWS\ttext.dll Infected: not-a-virus:AdWare.ToolBar.ImiBar.g
Scan process completed.
HKLM\SOFTWARE\Classes\webcal\URL Protocol 1/5/2005 12:33 PM 13 bytes Data mismatch between Windows API and raw hive data.
C:\RECYCLER\NPROTECT 9/7/2005 10:41 AM 0 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737528.LNK 9/5/2005 10:36 AM 870 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737529.LNK 9/5/2005 10:36 AM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737530.DOC 9/5/2005 10:36 AM 162 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737531.LNK 9/5/2005 10:36 AM 870 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737532.LNK 9/5/2005 10:36 AM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737533.LNK 9/5/2005 10:36 AM 870 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737534.LNK 9/5/2005 10:36 AM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737539.ind 9/5/2005 10:37 AM 290.43 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737540.ind 9/5/2005 10:37 AM 290.43 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737541.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737542.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737543.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737544.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737545.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737546.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737547.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737548.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737549.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737550.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737551.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737552.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737558.INI 9/5/2005 10:38 AM 26.20 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737559 9/5/2005 10:38 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737560 9/5/2005 10:38 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737567.ini 9/5/2005 10:39 AM 20.31 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737568.ini 9/5/2005 10:39 AM 13.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737569.ini 9/5/2005 10:39 AM 12.77 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737570.ini 9/5/2005 10:39 AM 14.50 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737571 9/5/2005 10:39 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737572.INI 9/5/2005 10:39 AM 127 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737573 9/5/2005 10:39 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737577 9/5/2005 10:39 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737578 9/5/2005 10:39 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737586 9/5/2005 10:39 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737587 9/5/2005 10:39 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737592.box 9/5/2005 10:39 AM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737593.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737594.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737595.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737596.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737597.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737598.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737599.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737600.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737601.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737602.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737603.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737604.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737605.DAT 9/5/2005 10:42 AM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737606 9/5/2005 10:42 AM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737607 9/5/2005 10:42 AM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737608.~ 9/5/2005 10:42 AM 182 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737609 9/5/2005 10:42 AM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737610.DB 9/5/2005 10:42 AM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737611 9/5/2005 10:42 AM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737636 9/5/2005 10:42 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737638 9/5/2005 10:42 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737661.INI 9/5/2005 10:42 AM 26.20 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737666 9/5/2005 10:43 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737678 9/5/2005 10:44 AM 5.05 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737683.sol 9/5/2005 10:45 AM 46 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737684.sol 9/5/2005 10:45 AM 66 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737685.sol 9/5/2005 10:45 AM 89 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737686.sol 9/5/2005 10:45 AM 108 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737687.sol 9/5/2005 10:45 AM 133 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737688.sol 9/5/2005 10:45 AM 151 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737689.sol 9/5/2005 10:45 AM 173 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737690.sol 9/5/2005 10:45 AM 196 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737691.sol 9/5/2005 10:45 AM 226 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737692.sol 9/5/2005 10:45 AM 257 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737693.sol 9/5/2005 10:45 AM 278 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737705 9/5/2005 10:47 AM 23.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737710.edb 9/5/2005 10:49 AM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737712.dat 9/5/2005 10:49 AM 1.64 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737713.dat 9/5/2005 10:49 AM 1.64 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737714.dat 9/5/2005 10:49 AM 1.64 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737727.~ 9/5/2005 10:53 AM 186 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737801.ind 9/5/2005 11:06 AM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737813 9/5/2005 11:07 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737814 9/5/2005 11:07 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737824 9/5/2005 11:07 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737826.edb 9/5/2005 11:07 AM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737842 9/5/2005 11:08 AM 3.54 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737846.DAT 9/5/2005 11:15 AM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737847.DAT 9/5/2005 11:15 AM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737848.box 9/5/2005 11:15 AM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737849.box 9/5/2005 11:15 AM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737850.DAT 9/5/2005 11:15 AM 1.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737852 9/5/2005 11:15 AM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737853.box 9/5/2005 11:15 AM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737854.box 9/5/2005 11:15 AM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737855 9/5/2005 11:16 AM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737857.box 9/5/2005 11:16 AM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737862.DAT 9/5/2005 11:16 AM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737872 9/5/2005 11:17 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737876 9/5/2005 11:17 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737879 9/5/2005 11:17 AM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737880 9/5/2005 11:17 AM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737881 9/5/2005 11:17 AM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737882.DB 9/5/2005 11:17 AM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737917 9/5/2005 11:19 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737920 9/5/2005 11:19 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737921.DAT 9/5/2005 11:22 AM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737922.DB 9/5/2005 11:22 AM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737923 9/5/2005 11:22 AM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737942 9/5/2005 11:22 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737943 9/5/2005 11:22 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737953.ind 9/5/2005 11:23 AM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737967 9/5/2005 11:24 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737968 9/5/2005 11:24 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737981 9/5/2005 11:24 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737988 9/5/2005 11:25 AM 23.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737989 9/5/2005 11:25 AM 4.94 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737995.edb 9/5/2005 11:27 AM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738019.~ 9/5/2005 11:34 AM 194 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738020.~ 9/5/2005 11:34 AM 196 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738021.DAT 9/5/2005 12:24 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738022.DAT 9/5/2005 12:24 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738023.box 9/5/2005 12:24 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738024.box 9/5/2005 12:24 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738027 9/5/2005 12:24 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738031.DAT 9/5/2005 12:24 PM 1.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738032.box 9/5/2005 12:24 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738034 9/5/2005 12:24 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738035.box 9/5/2005 12:24 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738036.DAT 9/5/2005 12:24 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738038 9/5/2005 12:25 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738039 9/5/2005 12:25 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738040 9/5/2005 12:25 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738041 9/5/2005 12:25 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738042 9/5/2005 12:25 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738046.DB 9/5/2005 12:26 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738075.ind 9/5/2005 12:28 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738098 9/5/2005 12:28 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738099 9/5/2005 12:28 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738104 9/5/2005 12:29 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738113 9/5/2005 12:30 PM 3.54 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738116.edb 9/5/2005 12:30 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738117.DAT 9/5/2005 12:45 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738118 9/5/2005 12:45 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738119 9/5/2005 12:45 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738120 9/5/2005 12:45 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738121 9/5/2005 12:45 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738122.DB 9/5/2005 12:45 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738141 9/5/2005 12:45 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738142 9/5/2005 12:45 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738181.REG 9/5/2005 12:47 PM 998 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738186.txt 9/5/2005 12:48 PM 784 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738187.txt 9/5/2005 12:48 PM 390 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738188.txt 9/5/2005 12:48 PM 498 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738189.txt 9/5/2005 12:48 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738190.txt 9/5/2005 12:48 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738191.txt 9/5/2005 12:48 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738192.txt 9/5/2005 12:48 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738193.reg 9/5/2005 12:48 PM 25.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738194.txt 9/5/2005 12:48 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738195.txt 9/5/2005 12:48 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738196.txt 9/5/2005 12:48 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738197.txt 9/5/2005 12:48 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738202.txt 9/5/2005 12:50 PM 14.89 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738207.REG 9/5/2005 12:50 PM 998 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738211.txt 9/5/2005 12:50 PM 784 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738212.txt 9/5/2005 12:50 PM 390 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738213.txt 9/5/2005 12:50 PM 498 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738214.txt 9/5/2005 12:50 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738215.txt 9/5/2005 12:50 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738216.txt 9/5/2005 12:50 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738217.txt 9/5/2005 12:50 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738218.reg 9/5/2005 12:50 PM 25.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738219.txt 9/5/2005 12:50 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738220.txt 9/5/2005 12:50 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738221.txt 9/5/2005 12:50 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738222.txt 9/5/2005 12:50 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738228.ind 9/5/2005 12:51 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738239.edb 9/5/2005 12:51 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738249 9/5/2005 12:51 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738286.~ 9/5/2005 12:56 PM 196 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738287.~ 9/5/2005 12:56 PM 200 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738292.DAT 9/5/2005 1:01 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738293.DAT 9/5/2005 1:01 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738294.box 9/5/2005 1:02 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738295.box 9/5/2005 1:02 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738296 9/5/2005 1:02 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738297.box 9/5/2005 1:02 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738298.box 9/5/2005 1:02 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738299 9/5/2005 1:02 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738300 9/5/2005 1:02 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738301 9/5/2005 1:02 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738307.box 9/5/2005 1:02 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738308.DAT 9/5/2005 1:02 PM 1.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738309.edb 9/5/2005 1:02 PM 1.01 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT�
There was a time about 3 weeks ago when I ran the Norton that it said there was a problem, but the system crashed and when I looked again it said everything was fine.
Here are the 3 logs:
KASPERSKY ON-LINE SCANNER REPORT
Wednesday, September 07, 2005 14:52:59
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 7/09/2005
Kaspersky Anti-Virus database records: 148130
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 67149
Number of viruses found: 40
Number of infected objects: 301
Number of suspicious objects: 0
Duration of the scan process: 3789 sec
Infected Object Name - Virus Name
C:\!Submit\conres.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\!Submit\datadx.dll Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\!Submit\fxsvfw.exe Infected: Trojan-Spy.Win32.VB.eh
C:\!Submit\icont.exe.tcf Infected: not-a-virus:AdWare.AdURL.c
C:\!Submit\ndd1xd.exe Infected: Trojan-Spy.Win32.VB.eh
C:\backup.zip/vmscript.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\backup.zip/wvasf.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\backup.zip/guard.tmp Infected: not-a-virus:AdWare.Look2Me.ag
C:\backup.zip Infected: not-a-virus:AdWare.Look2Me.ag
C:\Documents and Settings\Kaitlin\Local Settings\Temp\~826721.tmp Infected: not-a-virus:AdWare.Wintol.d
C:\Documents and Settings\Pam\Desktop\l2mfix\backup.zip/DKSERIAL.DLL Infected: not-a-virus:AdWare.Look2Me.ag
C:\Documents and Settings\Pam\Desktop\l2mfix\backup.zip/tpemeui.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\Documents and Settings\Pam\Desktop\l2mfix\backup.zip/guard.tmp Infected: not-a-virus:AdWare.Look2Me.ag
C:\Documents and Settings\Pam\Desktop\l2mfix\backup.zip Infected: not-a-virus:AdWare.Look2Me.ag
C:\Program Files\Cas\Client\casmf.dll Infected: not-a-virus:AdWare.CASClient.a
C:\Program Files\Norton AntiVirus\Quarantine\00BF3252.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\00ED7E20.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\013F779B Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\01960565.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\01B47F44.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\023364B8.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\02613086.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\02DA4201.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\03380399.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\0353537C.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\03974530.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\051C4985.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\05394364.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\056A392F.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\0588330E.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\05C226CE.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\05FD1A8D.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\06380E4C.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\06525E2F.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\069325E8.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\07163558.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\07440125.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\07E73472.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\080E2C47.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\08D95768.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\09241D15.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\09FB7028.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\0B245CE1.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\0BA44255.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\0C3379B7.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\0D014ED4.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\0DB22A12.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\0DE21FDC.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\117261F2.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\11750BEE.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\12281129.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\128752C0.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\12C81A78.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\12E93E55.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\13073834.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\154C69B5.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\162766C4.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\16967A4A.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\17774B52.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\179E4326.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\180D56AC.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\1C7A3FCD.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\1CC92F77.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\1D032336.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\1E3D61DD.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\1EAD0A57 Infected: Net-Worm.Win32.Padobot.g
C:\Program Files\Norton AntiVirus\Quarantine\1FE20A0E.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\200901E3.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\20AD352F.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\20D42D04.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\20EB52EB.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\21B82808.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\21F071CB.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\220A41AF.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\22485F6A.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\22F510AC.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\230F608F.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\23512847.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\23CD63BF.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\23E05FA9.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\24115573.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\24531D2B.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\248068F9.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\249464E3.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\24A860CE.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\24CB2EA6.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\24DC0094.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\25932FCB.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\25BD519C.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\264D08FE.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\27310403.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\273E2BF4.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\276F21BE.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\27A76B81.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\28062D19.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\287E3E94.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\28A63669.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\28FE2408.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\290E75F6.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\291F47E4.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\29633999.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\29773583.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\29870771.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\29B87D3B.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\29F944F3.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\2B712156.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\2C2B7A89.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\2C3B4C77.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\2C7D142F.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\2CDB55C7.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\2D823310.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\319A5E36 Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\36BA402F Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\36C43E24 Infected: Trojan-Downloader.Win32.Small.ij
C:\Program Files\Norton AntiVirus\Quarantine\36D83A0F Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\37504B8A Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\37571F82 Infected: Net-Worm.Win32.Padobot.g
C:\Program Files\Norton AntiVirus\Quarantine\375E737B Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\37953D3E Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\37AF0D21 Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\38077AC0 Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\380B24BD Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\381178B6 Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\388A0A31 Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\38973222 Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\389E061B Infected: Trojan-Downloader.Win32.Small.ij
C:\Program Files\Norton AntiVirus\Quarantine\569846DE.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5789136D Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\594A7AFC Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\709B0891 Infected: Trojan-Spy.Win32.Qukart.c
C:\Program Files\Norton AntiVirus\Quarantine\753B00C8.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\7B871E10.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\7CC15CB7.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\7D054E6B.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\7D7461F1.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\Norton AntiVirus\Quarantine\7F547DE1.exe Infected: Trojan-Downloader.Win32.Small.akz
C:\Program Files\rdso\eetu.exe Infected: Trojan-Downloader.Win32.Agent.ti
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0001 Infected: not-a-virus:AdWare.BargainBuddy.q
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0002 Infected: not-a-virus:AdWare.BargainBuddy.q
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0004/stream/data0002 Infected: not-a-virus:AdWare.BargainBuddy.y
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0004/stream/data0005 Infected: not-a-virus:AdWare.BargainBuddy.aa
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0004/stream/data0006 Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0004/stream/data0007 Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0004/stream/data0008 Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0004/stream Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0004 Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0005/stream/data0005 Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0005/stream/data0006 Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0005/stream Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0005 Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0006/stream/data0005 Infected: not-a-virus:AdWare.BargainBuddy.l
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0006/stream/data0006 Infected: not-a-virus:AdWare.BargainBuddy.y
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0006/stream/data0007 Infected: not-a-virus:AdWare.CashBack.b
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0006/stream/data0008 Infected: not-a-virus:AdWare.CashBack.d
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0006/stream Infected: not-a-virus:AdWare.CashBack.d
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream/data0006 Infected: not-a-virus:AdWare.CashBack.d
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe/stream Infected: not-a-virus:AdWare.CashBack.d
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095019.exe Infected: not-a-virus:AdWare.CashBack.d
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095020.exe/data0003 Infected: not-a-virus:AdWare.PurityScan.w
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095020.exe Infected: not-a-virus:AdWare.PurityScan.w
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095028.exe Infected: Trojan-Downloader.Win32.Small.apm
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095029.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095100.exe Infected: Trojan-Downloader.Win32.Small.apm
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095179.EXE/stream/data0002 Infected: not-a-virus:AdWare.BargainBuddy.y
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095179.EXE/stream/data0005 Infected: not-a-virus:AdWare.BargainBuddy.aa
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095179.EXE/stream/data0006 Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095179.EXE/stream/data0007 Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095179.EXE/stream/data0008 Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095179.EXE/stream Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095179.EXE Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095182.EXE/stream/data0005 Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095182.EXE/stream/data0006 Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095182.EXE/stream Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095182.EXE Infected: not-a-virus:AdWare.BargainBuddy.n
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095187.EXE/stream/data0005 Infected: not-a-virus:AdWare.BargainBuddy.l
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095187.EXE/stream/data0006 Infected: not-a-virus:AdWare.BargainBuddy.y
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095187.EXE/stream/data0007 Infected: not-a-virus:AdWare.CashBack.b
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095187.EXE/stream/data0008 Infected: not-a-virus:AdWare.CashBack.d
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095187.EXE/stream Infected: not-a-virus:AdWare.CashBack.d
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095187.EXE Infected: not-a-virus:AdWare.CashBack.d
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095221.dll.tcf Infected: not-a-virus:AdWare.Adstart.c
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095223.exe Infected: Trojan-Downloader.Win32.PurityScan.ak
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095341.EXE/stream/data0005 Infected: not-a-virus:AdWare.BargainBuddy.y
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095341.EXE/stream Infected: not-a-virus:AdWare.BargainBuddy.y
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095341.EXE Infected: not-a-virus:AdWare.BargainBuddy.y
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095345.EXE.tcf/WISE0001.BIN Infected: not-a-virus:AdWare.VirtualBouncer.j
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095345.EXE.tcf Infected: not-a-virus:AdWare.VirtualBouncer.j
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095346.EXE/WISE0001.BIN Infected: not-a-virus:AdWare.VirtualBouncer.j
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095346.EXE Infected: not-a-virus:AdWare.VirtualBouncer.j
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095347.EXE/WISE0001.BIN Infected: not-a-virus:AdWare.VirtualBouncer
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095347.EXE Infected: not-a-virus:AdWare.VirtualBouncer
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095357.dll.tcf Infected: not-a-virus:AdWare.Adstart.c
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095384.exe Infected: Trojan-Downloader.Win32.PurityScan.ak
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095598.dll.tcf Infected: not-a-virus:AdWare.EZula.x
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095599.exe Infected: not-a-virus:AdWare.EZula.z
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095609.EXE/WISE0001.BIN Infected: not-a-virus:AdWare.EZula.ak
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP322\A0095609.EXE Infected: not-a-virus:AdWare.EZula.ak
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP380\A0110793.dll Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112140.exe Infected: Trojan-Dropper.Win32.Agent.hl
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP382\A0112153.dll Infected: Trojan-Downloader.Win32.Agent.lg
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112401.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112403.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112404.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112406.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112407.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112409.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112411.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112413.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112414.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112416.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112417.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112419.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112420.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112422.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112423.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112425.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112426.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112428.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112429.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112431.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112432.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112434.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112435.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112442.exe Infected: not-a-virus:AdWare.AdURL.c
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112443.dll Infected: not-a-virus:AdWare.Adstart.c
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP383\A0112445.dll Infected: not-a-virus:AdWare.Adstart.c
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113486.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113488.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113489.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113491.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113492.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113503.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113504.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113506.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113508.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113510.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113511.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113512.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113514.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113515.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113517.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113518.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113527.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113528.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113532.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP384\A0113533.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113925.exe/data0003 Infected: Trojan-Downloader.Win32.Agent.lg
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP386\A0113925.exe Infected: Trojan-Downloader.Win32.Agent.lg
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114940.dll Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114941.dll Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114942.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114943.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114948.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114949.exe Infected: Trojan-Spy.Win32.VB.eh
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114954.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0114955.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116960.DLL Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116961.exe Infected: Trojan-Downloader.Win32.Agent.lg
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116962.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116963.DLL Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116964.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116965.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116966.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116967.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116968.dll Infected: Trojan-Downloader.Win32.Qoologic.ae
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116969.dll Infected: not-a-virus:AdWare.BHO.E2Give.c
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116970.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116971.DLL Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116972.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116973.DLL Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116974.DLL Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116975.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116976.DLL Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116977.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116978.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116979.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116980.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116981.exe Infected: Trojan-Downloader.Win32.Small.bkr
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116982.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116983.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116984.exe Infected: not-a-virus:AdWare.DealHelper.x
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116985.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116986.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116987.dll Infected: not-a-virus:AdWare.Look2Me.ag
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116988.exe Infected: not-a-virus:AdWare.DealHelper.ad
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116989.dll Infected: not-a-virus:AdWare.PurityScan.ak
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116990.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116991.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP387\A0116992.exe Infected: not-a-virus:AdWare.PurityScan.db
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\!update-2304[1].0000 Infected: Trojan-Downloader.Win32.Agent.ti
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\!update-2314[1].0000 Infected: Trojan-Downloader.Win32.Agent.ti
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\!update-2324[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.ak
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\!update-2364[1].0000 Infected: Trojan-Downloader.Win32.Agent.ti
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\!update-2384[1].0000 Infected: Trojan-Downloader.Win32.Agent.ti
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OT2JQP0H\!update-2344[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.ak
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OT2JQP0H\!update-2354[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.ak
C:\WINDOWS\SYSTEM32\covhu.dll.tcf Infected: not-a-virus:AdWare.Adstart.c
C:\WINDOWS\SYSTEM32\fyrhg.dll.tcf Infected: not-a-virus:AdWare.Adstart.c
C:\WINDOWS\SYSTEM32\shopinst.exe Infected: Trojan-Downloader.Win32.Small.apm
C:\WINDOWS\SYSTEM32\w130713.Stub.exe Infected: Trojan-Downloader.Win32.Delmed.a
C:\WINDOWS\ttext.dll Infected: not-a-virus:AdWare.ToolBar.ImiBar.g
Scan process completed.
HKLM\SOFTWARE\Classes\webcal\URL Protocol 1/5/2005 12:33 PM 13 bytes Data mismatch between Windows API and raw hive data.
C:\RECYCLER\NPROTECT 9/7/2005 10:41 AM 0 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737528.LNK 9/5/2005 10:36 AM 870 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737529.LNK 9/5/2005 10:36 AM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737530.DOC 9/5/2005 10:36 AM 162 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737531.LNK 9/5/2005 10:36 AM 870 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737532.LNK 9/5/2005 10:36 AM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737533.LNK 9/5/2005 10:36 AM 870 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737534.LNK 9/5/2005 10:36 AM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737539.ind 9/5/2005 10:37 AM 290.43 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737540.ind 9/5/2005 10:37 AM 290.43 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737541.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737542.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737543.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737544.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737545.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737546.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737547.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737548.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737549.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737550.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737551.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737552.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737558.INI 9/5/2005 10:38 AM 26.20 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737559 9/5/2005 10:38 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737560 9/5/2005 10:38 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737567.ini 9/5/2005 10:39 AM 20.31 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737568.ini 9/5/2005 10:39 AM 13.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737569.ini 9/5/2005 10:39 AM 12.77 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737570.ini 9/5/2005 10:39 AM 14.50 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737571 9/5/2005 10:39 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737572.INI 9/5/2005 10:39 AM 127 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737573 9/5/2005 10:39 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737577 9/5/2005 10:39 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737578 9/5/2005 10:39 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737586 9/5/2005 10:39 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737587 9/5/2005 10:39 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737592.box 9/5/2005 10:39 AM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737593.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737594.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737595.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737596.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737597.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737598.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737599.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737600.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737601.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737602.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737603.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737604.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737605.DAT 9/5/2005 10:42 AM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737606 9/5/2005 10:42 AM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737607 9/5/2005 10:42 AM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737608.~ 9/5/2005 10:42 AM 182 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737609 9/5/2005 10:42 AM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737610.DB 9/5/2005 10:42 AM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737611 9/5/2005 10:42 AM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737636 9/5/2005 10:42 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737638 9/5/2005 10:42 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737661.INI 9/5/2005 10:42 AM 26.20 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737666 9/5/2005 10:43 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737678 9/5/2005 10:44 AM 5.05 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737683.sol 9/5/2005 10:45 AM 46 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737684.sol 9/5/2005 10:45 AM 66 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737685.sol 9/5/2005 10:45 AM 89 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737686.sol 9/5/2005 10:45 AM 108 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737687.sol 9/5/2005 10:45 AM 133 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737688.sol 9/5/2005 10:45 AM 151 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737689.sol 9/5/2005 10:45 AM 173 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737690.sol 9/5/2005 10:45 AM 196 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737691.sol 9/5/2005 10:45 AM 226 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737692.sol 9/5/2005 10:45 AM 257 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737693.sol 9/5/2005 10:45 AM 278 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737705 9/5/2005 10:47 AM 23.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737710.edb 9/5/2005 10:49 AM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737712.dat 9/5/2005 10:49 AM 1.64 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737713.dat 9/5/2005 10:49 AM 1.64 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737714.dat 9/5/2005 10:49 AM 1.64 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737727.~ 9/5/2005 10:53 AM 186 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737801.ind 9/5/2005 11:06 AM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737813 9/5/2005 11:07 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737814 9/5/2005 11:07 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737824 9/5/2005 11:07 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737826.edb 9/5/2005 11:07 AM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737842 9/5/2005 11:08 AM 3.54 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737846.DAT 9/5/2005 11:15 AM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737847.DAT 9/5/2005 11:15 AM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737848.box 9/5/2005 11:15 AM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737849.box 9/5/2005 11:15 AM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737850.DAT 9/5/2005 11:15 AM 1.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737852 9/5/2005 11:15 AM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737853.box 9/5/2005 11:15 AM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737854.box 9/5/2005 11:15 AM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737855 9/5/2005 11:16 AM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737857.box 9/5/2005 11:16 AM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737862.DAT 9/5/2005 11:16 AM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737872 9/5/2005 11:17 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737876 9/5/2005 11:17 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737879 9/5/2005 11:17 AM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737880 9/5/2005 11:17 AM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737881 9/5/2005 11:17 AM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737882.DB 9/5/2005 11:17 AM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737917 9/5/2005 11:19 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737920 9/5/2005 11:19 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737921.DAT 9/5/2005 11:22 AM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737922.DB 9/5/2005 11:22 AM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737923 9/5/2005 11:22 AM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737942 9/5/2005 11:22 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737943 9/5/2005 11:22 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737953.ind 9/5/2005 11:23 AM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737967 9/5/2005 11:24 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737968 9/5/2005 11:24 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737981 9/5/2005 11:24 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737988 9/5/2005 11:25 AM 23.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737989 9/5/2005 11:25 AM 4.94 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737995.edb 9/5/2005 11:27 AM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738019.~ 9/5/2005 11:34 AM 194 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738020.~ 9/5/2005 11:34 AM 196 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738021.DAT 9/5/2005 12:24 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738022.DAT 9/5/2005 12:24 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738023.box 9/5/2005 12:24 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738024.box 9/5/2005 12:24 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738027 9/5/2005 12:24 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738031.DAT 9/5/2005 12:24 PM 1.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738032.box 9/5/2005 12:24 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738034 9/5/2005 12:24 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738035.box 9/5/2005 12:24 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738036.DAT 9/5/2005 12:24 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738038 9/5/2005 12:25 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738039 9/5/2005 12:25 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738040 9/5/2005 12:25 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738041 9/5/2005 12:25 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738042 9/5/2005 12:25 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738046.DB 9/5/2005 12:26 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738075.ind 9/5/2005 12:28 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738098 9/5/2005 12:28 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738099 9/5/2005 12:28 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738104 9/5/2005 12:29 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738113 9/5/2005 12:30 PM 3.54 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738116.edb 9/5/2005 12:30 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738117.DAT 9/5/2005 12:45 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738118 9/5/2005 12:45 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738119 9/5/2005 12:45 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738120 9/5/2005 12:45 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738121 9/5/2005 12:45 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738122.DB 9/5/2005 12:45 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738141 9/5/2005 12:45 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738142 9/5/2005 12:45 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738181.REG 9/5/2005 12:47 PM 998 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738186.txt 9/5/2005 12:48 PM 784 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738187.txt 9/5/2005 12:48 PM 390 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738188.txt 9/5/2005 12:48 PM 498 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738189.txt 9/5/2005 12:48 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738190.txt 9/5/2005 12:48 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738191.txt 9/5/2005 12:48 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738192.txt 9/5/2005 12:48 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738193.reg 9/5/2005 12:48 PM 25.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738194.txt 9/5/2005 12:48 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738195.txt 9/5/2005 12:48 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738196.txt 9/5/2005 12:48 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738197.txt 9/5/2005 12:48 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738202.txt 9/5/2005 12:50 PM 14.89 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738207.REG 9/5/2005 12:50 PM 998 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738211.txt 9/5/2005 12:50 PM 784 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738212.txt 9/5/2005 12:50 PM 390 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738213.txt 9/5/2005 12:50 PM 498 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738214.txt 9/5/2005 12:50 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738215.txt 9/5/2005 12:50 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738216.txt 9/5/2005 12:50 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738217.txt 9/5/2005 12:50 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738218.reg 9/5/2005 12:50 PM 25.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738219.txt 9/5/2005 12:50 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738220.txt 9/5/2005 12:50 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738221.txt 9/5/2005 12:50 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738222.txt 9/5/2005 12:50 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738228.ind 9/5/2005 12:51 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738239.edb 9/5/2005 12:51 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738249 9/5/2005 12:51 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738286.~ 9/5/2005 12:56 PM 196 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738287.~ 9/5/2005 12:56 PM 200 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738292.DAT 9/5/2005 1:01 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738293.DAT 9/5/2005 1:01 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738294.box 9/5/2005 1:02 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738295.box 9/5/2005 1:02 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738296 9/5/2005 1:02 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738297.box 9/5/2005 1:02 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738298.box 9/5/2005 1:02 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738299 9/5/2005 1:02 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738300 9/5/2005 1:02 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738301 9/5/2005 1:02 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738307.box 9/5/2005 1:02 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738308.DAT 9/5/2005 1:02 PM 1.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738309.edb 9/5/2005 1:02 PM 1.01 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT�
#23
Posted 07 September 2005 - 05:51 PM
Wizard
-
- Retired Staff
-
- 5,661 posts
Retired Staff
It looks like the Root Kit Revealer log got cut off!
Can you try to post the entire log and the silent runners log as well!
Can you try to post the entire log and the silent runners log as well!
#24
Posted 07 September 2005 - 07:22 PM
PamPP
- Topic Starter
-
- Member
-
- 23 posts
Member
okay - here is the rootkit revealers log:
HKLM\SOFTWARE\Classes\webcal\URL Protocol 1/5/2005 12:33 PM 13 bytes Data mismatch between Windows API and raw hive data.
C:\RECYCLER\NPROTECT 9/7/2005 10:41 AM 0 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737528.LNK 9/5/2005 10:36 AM 870 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737529.LNK 9/5/2005 10:36 AM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737530.DOC 9/5/2005 10:36 AM 162 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737531.LNK 9/5/2005 10:36 AM 870 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737532.LNK 9/5/2005 10:36 AM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737533.LNK 9/5/2005 10:36 AM 870 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737534.LNK 9/5/2005 10:36 AM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737539.ind 9/5/2005 10:37 AM 290.43 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737540.ind 9/5/2005 10:37 AM 290.43 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737541.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737542.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737543.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737544.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737545.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737546.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737547.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737548.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737549.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737550.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737551.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737552.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737558.INI 9/5/2005 10:38 AM 26.20 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737559 9/5/2005 10:38 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737560 9/5/2005 10:38 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737567.ini 9/5/2005 10:39 AM 20.31 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737568.ini 9/5/2005 10:39 AM 13.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737569.ini 9/5/2005 10:39 AM 12.77 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737570.ini 9/5/2005 10:39 AM 14.50 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737571 9/5/2005 10:39 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737572.INI 9/5/2005 10:39 AM 127 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737573 9/5/2005 10:39 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737577 9/5/2005 10:39 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737578 9/5/2005 10:39 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737586 9/5/2005 10:39 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737587 9/5/2005 10:39 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737592.box 9/5/2005 10:39 AM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737593.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737594.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737595.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737596.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737597.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737598.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737599.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737600.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737601.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737602.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737603.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737604.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737605.DAT 9/5/2005 10:42 AM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737606 9/5/2005 10:42 AM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737607 9/5/2005 10:42 AM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737608.~ 9/5/2005 10:42 AM 182 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737609 9/5/2005 10:42 AM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737610.DB 9/5/2005 10:42 AM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737611 9/5/2005 10:42 AM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737636 9/5/2005 10:42 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737638 9/5/2005 10:42 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737661.INI 9/5/2005 10:42 AM 26.20 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737666 9/5/2005 10:43 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737678 9/5/2005 10:44 AM 5.05 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737683.sol 9/5/2005 10:45 AM 46 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737684.sol 9/5/2005 10:45 AM 66 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737685.sol 9/5/2005 10:45 AM 89 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737686.sol 9/5/2005 10:45 AM 108 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737687.sol 9/5/2005 10:45 AM 133 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737688.sol 9/5/2005 10:45 AM 151 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737689.sol 9/5/2005 10:45 AM 173 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737690.sol 9/5/2005 10:45 AM 196 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737691.sol 9/5/2005 10:45 AM 226 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737692.sol 9/5/2005 10:45 AM 257 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737693.sol 9/5/2005 10:45 AM 278 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737705 9/5/2005 10:47 AM 23.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737710.edb 9/5/2005 10:49 AM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737712.dat 9/5/2005 10:49 AM 1.64 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737713.dat 9/5/2005 10:49 AM 1.64 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737714.dat 9/5/2005 10:49 AM 1.64 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737727.~ 9/5/2005 10:53 AM 186 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737801.ind 9/5/2005 11:06 AM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737813 9/5/2005 11:07 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737814 9/5/2005 11:07 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737824 9/5/2005 11:07 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737826.edb 9/5/2005 11:07 AM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737842 9/5/2005 11:08 AM 3.54 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737846.DAT 9/5/2005 11:15 AM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737847.DAT 9/5/2005 11:15 AM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737848.box 9/5/2005 11:15 AM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737849.box 9/5/2005 11:15 AM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737850.DAT 9/5/2005 11:15 AM 1.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737852 9/5/2005 11:15 AM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737853.box 9/5/2005 11:15 AM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737854.box 9/5/2005 11:15 AM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737855 9/5/2005 11:16 AM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737857.box 9/5/2005 11:16 AM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737862.DAT 9/5/2005 11:16 AM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737872 9/5/2005 11:17 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737876 9/5/2005 11:17 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737879 9/5/2005 11:17 AM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737880 9/5/2005 11:17 AM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737881 9/5/2005 11:17 AM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737882.DB 9/5/2005 11:17 AM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737917 9/5/2005 11:19 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737920 9/5/2005 11:19 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737921.DAT 9/5/2005 11:22 AM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737922.DB 9/5/2005 11:22 AM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737923 9/5/2005 11:22 AM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737942 9/5/2005 11:22 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737943 9/5/2005 11:22 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737953.ind 9/5/2005 11:23 AM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737967 9/5/2005 11:24 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737968 9/5/2005 11:24 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737981 9/5/2005 11:24 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737988 9/5/2005 11:25 AM 23.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737989 9/5/2005 11:25 AM 4.94 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737995.edb 9/5/2005 11:27 AM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738019.~ 9/5/2005 11:34 AM 194 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738020.~ 9/5/2005 11:34 AM 196 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738021.DAT 9/5/2005 12:24 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738022.DAT 9/5/2005 12:24 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738023.box 9/5/2005 12:24 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738024.box 9/5/2005 12:24 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738027 9/5/2005 12:24 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738031.DAT 9/5/2005 12:24 PM 1.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738032.box 9/5/2005 12:24 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738034 9/5/2005 12:24 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738035.box 9/5/2005 12:24 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738036.DAT 9/5/2005 12:24 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738038 9/5/2005 12:25 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738039 9/5/2005 12:25 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738040 9/5/2005 12:25 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738041 9/5/2005 12:25 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738042 9/5/2005 12:25 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738046.DB 9/5/2005 12:26 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738075.ind 9/5/2005 12:28 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738098 9/5/2005 12:28 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738099 9/5/2005 12:28 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738104 9/5/2005 12:29 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738113 9/5/2005 12:30 PM 3.54 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738116.edb 9/5/2005 12:30 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738117.DAT 9/5/2005 12:45 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738118 9/5/2005 12:45 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738119 9/5/2005 12:45 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738120 9/5/2005 12:45 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738121 9/5/2005 12:45 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738122.DB 9/5/2005 12:45 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738141 9/5/2005 12:45 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738142 9/5/2005 12:45 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738181.REG 9/5/2005 12:47 PM 998 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738186.txt 9/5/2005 12:48 PM 784 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738187.txt 9/5/2005 12:48 PM 390 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738188.txt 9/5/2005 12:48 PM 498 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738189.txt 9/5/2005 12:48 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738190.txt 9/5/2005 12:48 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738191.txt 9/5/2005 12:48 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738192.txt 9/5/2005 12:48 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738193.reg 9/5/2005 12:48 PM 25.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738194.txt 9/5/2005 12:48 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738195.txt 9/5/2005 12:48 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738196.txt 9/5/2005 12:48 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738197.txt 9/5/2005 12:48 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738202.txt 9/5/2005 12:50 PM 14.89 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738207.REG 9/5/2005 12:50 PM 998 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738211.txt 9/5/2005 12:50 PM 784 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738212.txt 9/5/2005 12:50 PM 390 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738213.txt 9/5/2005 12:50 PM 498 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738214.txt 9/5/2005 12:50 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738215.txt 9/5/2005 12:50 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738216.txt 9/5/2005 12:50 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738217.txt 9/5/2005 12:50 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738218.reg 9/5/2005 12:50 PM 25.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738219.txt 9/5/2005 12:50 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738220.txt 9/5/2005 12:50 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738221.txt 9/5/2005 12:50 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738222.txt 9/5/2005 12:50 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738228.ind 9/5/2005 12:51 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738239.edb 9/5/2005 12:51 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738249 9/5/2005 12:51 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738286.~ 9/5/2005 12:56 PM 196 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738287.~ 9/5/2005 12:56 PM 200 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738292.DAT 9/5/2005 1:01 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738293.DAT 9/5/2005 1:01 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738294.box 9/5/2005 1:02 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738295.box 9/5/2005 1:02 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738296 9/5/2005 1:02 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738297.box 9/5/2005 1:02 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738298.box 9/5/2005 1:02 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738299 9/5/2005 1:02 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738300 9/5/2005 1:02 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738301 9/5/2005 1:02 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738307.box 9/5/2005 1:02 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738308.DAT 9/5/2005 1:02 PM 1.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738309.edb 9/5/2005 1:02 PM 1.01 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738310 9/5/2005 1:02 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738311.DAT 9/5/2005 1:03 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738334 9/5/2005 1:03 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738335 9/5/2005 1:03 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738337.DB 9/5/2005 1:03 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738360.ind 9/5/2005 1:05 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738380 9/5/2005 1:05 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738381 9/5/2005 1:05 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738382.edb 9/5/2005 1:06 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738387 9/5/2005 1:06 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738396.sol 9/5/2005 1:07 PM 46 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738397.sol 9/5/2005 1:07 PM 66 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738398.sol 9/5/2005 1:07 PM 89 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738399.sol 9/5/2005 1:07 PM 108 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738400.sol 9/5/2005 1:07 PM 133 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738401.sol 9/5/2005 1:07 PM 151 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738402.sol 9/5/2005 1:07 PM 173 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738403.sol 9/5/2005 1:07 PM 196 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738404.sol 9/5/2005 1:07 PM 226 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738405.sol 9/5/2005 1:07 PM 257 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738406.sol 9/5/2005 1:07 PM 278 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738407 9/5/2005 1:07 PM 23.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738408 9/5/2005 1:07 PM 3.54 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738498 9/5/2005 1:30 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738499 9/5/2005 1:30 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738503 9/5/2005 1:30 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738508 9/5/2005 1:30 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738509 9/5/2005 1:30 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738510 9/5/2005 1:33 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738511.DAT 9/5/2005 1:33 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738512 9/5/2005 1:33 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738513 9/5/2005 1:33 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738514 9/5/2005 1:33 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738531.txt 9/5/2005 1:33 PM 15.59 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738535.REG 9/5/2005 1:33 PM 1000 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738537 9/5/2005 1:33 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738538 9/5/2005 1:33 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738539.txt 9/5/2005 1:34 PM 786 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738540.txt 9/5/2005 1:34 PM 390 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738541.txt 9/5/2005 1:34 PM 499 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738542.txt 9/5/2005 1:34 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738543.txt 9/5/2005 1:34 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738544.txt 9/5/2005 1:34 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738545.txt 9/5/2005 1:34 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738546.reg 9/5/2005 1:34 PM 25.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738547.txt 9/5/2005 1:34 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738548.txt 9/5/2005 1:34 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738549.txt 9/5/2005 1:34 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738550.txt 9/5/2005 1:34 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738617.cab 9/5/2005 1:34 PM 15.45 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738650.txt 9/5/2005 1:39 PM 18.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738656.REG 9/5/2005 1:39 PM 1000 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738658.txt 9/5/2005 1:39 PM 786 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738659.txt 9/5/2005 1:39 PM 390 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738660.txt 9/5/2005 1:39 PM 499 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738661.txt 9/5/2005 1:39 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738662.txt 9/5/2005 1:39 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738663.txt 9/5/2005 1:39 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738664.txt 9/5/2005 1:39 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738665.reg 9/5/2005 1:39 PM 25.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738666.txt 9/5/2005 1:39 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738667.txt 9/5/2005 1:39 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738668.txt 9/5/2005 1:39 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738669.txt 9/5/2005 1:39 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738672.edb 9/5/2005 1:39 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738676.txt 9/5/2005 1:42 PM 18.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738684.REG 9/5/2005 1:42 PM 1000 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738686.txt 9/5/2005 1:42 PM 786 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738687.txt 9/5/2005 1:42 PM 390 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738688.txt 9/5/2005 1:42 PM 499 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738689.txt 9/5/2005 1:42 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738690.txt 9/5/2005 1:42 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738691.txt 9/5/2005 1:42 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738692.txt 9/5/2005 1:42 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738693.reg 9/5/2005 1:42 PM 25.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738694.txt 9/5/2005 1:42 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738695.txt 9/5/2005 1:42 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738696.txt 9/5/2005 1:42 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738697.txt 9/5/2005 1:42 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738698.txt 9/5/2005 1:42 PM 18.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738700.REG 9/5/2005 1:42 PM 1000 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738703.txt 9/5/2005 1:42 PM 786 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738704.txt 9/5/2005 1:42 PM 390 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738705.txt 9/5/2005 1:42 PM 499 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738706.txt 9/5/2005 1:42 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738707.txt 9/5/2005 1:42 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738708.txt 9/5/2005 1:42 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738709.txt 9/5/2005 1:42 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738710.reg 9/5/2005 1:42 PM 25.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738711.txt 9/5/2005 1:42 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738712.txt 9/5/2005 1:42 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738713.txt 9/5/2005 1:42 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738714.txt 9/5/2005 1:42 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738734.ind 9/5/2005 1:45 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738753 9/5/2005 1:46 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738754 9/5/2005 1:46 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738765 9/5/2005 1:46 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738766 9/5/2005 1:46 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738772 9/5/2005 1:47 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738773 9/5/2005 1:47 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738774 9/5/2005 1:47 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738775 9/5/2005 1:47 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738779.DAT 9/5/2005 1:50 PM 1.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738781.DAT 9/5/2005 1:50 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738782.DAT 9/5/2005 1:50 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738783.box 9/5/2005 1:50 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738784.DAT 9/5/2005 1:50 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738785.box 9/5/2005 1:50 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738786 9/5/2005 1:50 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738787.box 9/5/2005 1:50 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738788.box 9/5/2005 1:50 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738789.box 9/5/2005 1:50 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738790 9/5/2005 1:50 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738791 9/5/2005 1:50 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738793 9/5/2005 1:50 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738794 9/5/2005 1:50 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738799.DB 9/5/2005 1:51 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738800 9/5/2005 1:51 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738801 9/5/2005 1:51 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738845.txt 9/5/2005 1:52 PM 18.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738849.REG 9/5/2005 1:52 PM 1000 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738851.txt 9/5/2005 1:52 PM 790 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738852.txt 9/5/2005 1:52 PM 390 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738853.txt 9/5/2005 1:52 PM 499 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738854.txt 9/5/2005 1:52 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738855.txt 9/5/2005 1:52 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738856.txt 9/5/2005 1:52 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738857.txt 9/5/2005 1:52 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738858.reg 9/5/2005 1:52 PM 25.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738859.txt 9/5/2005 1:52 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738860.txt 9/5/2005 1:52 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738861.txt 9/5/2005 1:52 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738862.txt 9/5/2005 1:52 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738874.ind 9/5/2005 1:53 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738896 9/5/2005 1:53 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738897 9/5/2005 1:53 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738903 9/5/2005 1:54 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738911.edb 9/5/2005 1:55 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738913 9/5/2005 1:55 PM 5.64 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738920 9/5/2005 1:59 PM 23.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738929.XML 9/5/2005 2:00 PM 1.14 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738932.XML 9/5/2005 2:00 PM 1.14 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738934.sol 9/5/2005 2:01 PM 300 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738935.sol 9/5/2005 2:01 PM 54 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738936.sol 9/5/2005 2:01 PM 65 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738971.ini 9/5/2005 2:14 PM 113 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738972.log 9/5/2005 2:14 PM 18.59 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738973.log 9/5/2005 2:14 PM 1.15 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738974.log 9/5/2005 2:14 PM 730.41 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738975.dmp 9/5/2005 2:14 PM 61.77 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738976.sol 9/5/2005 2:14 PM 57 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738977.sol 9/5/2005 2:14 PM 83 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738978.sol 9/5/2005 2:14 PM 331 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738990 9/5/2005 2:15 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738992 9/5/2005 2:15 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738999 9/5/2005 2:15 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739000 9/5/2005 2:15 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739001 9/5/2005 2:15 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739002 9/5/2005 2:15 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739003.DAT 9/5/2005 2:17 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739004 9/5/2005 2:17 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739005 9/5/2005 2:17 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739006 9/5/2005 2:17 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739007.DB 9/5/2005 2:17 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739008 9/5/2005 2:17 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739018 9/5/2005 2:18 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739019 9/5/2005 2:18 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739038.ind 9/5/2005 2:18 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739052 9/5/2005 2:19 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739053 9/5/2005 2:19 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739075.cab 9/5/2005 2:20 PM 15.45 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739083 9/5/2005 2:21 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739098 9/5/2005 2:22 PM 4.23 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739112.REG 9/5/2005 2:23 PM 1002 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739114.txt 9/5/2005 2:23 PM 790 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739115.txt 9/5/2005 2:23 PM 390 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739116.txt 9/5/2005 2:23 PM 500 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739117.txt 9/5/2005 2:23 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739118.txt 9/5/2005 2:23 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739119.txt 9/5/2005 2:23 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739120.txt 9/5/2005 2:23 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739121.reg 9/5/2005 2:23 PM 25.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739122.txt 9/5/2005 2:23 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739123.txt 9/5/2005 2:23 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739124.txt 9/5/2005 2:23 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739125.txt 9/5/2005 2:23 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739142.edb 9/5/2005 2:26 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739147.~ 9/5/2005 2:29 PM 207 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739148 9/5/2005 2:31 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739149.DAT 9/5/2005 2:31 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739150 9/5/2005 2:31 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739151 9/5/2005 2:31 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739153 9/5/2005 2:31 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739175 9/5/2005 2:31 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739176 9/5/2005 2:31 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739186.ind 9/5/2005 2:32 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739204 9/5/2005 2:32 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739205 9/5/2005 2:33 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739215 9/5/2005 2:33 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739222 9/5/2005 2:34 PM 23.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739223 9/5/2005 2:35 PM 3.54 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739229.edb 9/5/2005 2:36 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739243.ini 9/5/2005 2:39 PM 20.31 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739244.ini 9/5/2005 2:39 PM 13.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739245 9/5/2005 2:39 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739246.ini 9/5/2005 2:39 PM 12.77 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739247 9/5/2005 2:39 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739248.ini 9/5/2005 2:39 PM 14.50 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739271.~ 9/5/2005 2:42 PM 208 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739272.~ 9/5/2005 2:42 PM 208 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739275.box 9/5/2005 2:45 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739276.box 9/5/2005 2:45 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739277.DAT 9/5/2005 2:45 PM 1.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739278.DAT 9/5/2005 2:45 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739279.DAT 9/5/2005 2:45 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739281.box 9/5/2005 2:45 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739282.box 9/5/2005 2:45 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739283.box 9/5/2005 2:45 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739284 9/5/2005 2:45 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739285.DAT 9/5/2005 2:45 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739286 9/5/2005 2:45 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739289 9/5/2005 2:45 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739290 9/5/2005 2:45 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739291 9/5/2005 2:45 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739295.~ 9/5/2005 2:46 PM 208 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739296 9/5/2005 2:46 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739297 9/5/2005 2:46 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739311.DB 9/5/2005 2:46 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739339.reg 9/5/2005 2:47 PM 24.14 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739365.zip 9/5/2005 2:49 PM 425.70 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739367.zip 9/5/2005 2:49 PM 638.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739370.zip 9/5/2005 2:49 PM 638.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739372.zip 9/5/2005 2:49 PM 650.46 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739382.txt 9/5/2005 2:49 PM 447 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739383.txt 9/5/2005 2:49 PM 5.97 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739385.txt 9/5/2005 2:49 PM 3 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739386.txt 9/5/2005 2:49 PM 274 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739387.reg 9/5/2005 2:49 PM 1.90 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739388.txt 9/5/2005 2:49 PM 78 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739389.txt 9/5/2005 2:49 PM 24 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739390.reg 9/5/2005 2:49 PM 213 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739391.txt 9/5/2005 2:49 PM 45 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739392.txt 9/5/2005 2:49 PM 45 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739393.reg 9/5/2005 2:49 PM 237 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739394.exe 9/5/2005 2:49 PM 38.27 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739395.exe 9/5/2005 2:49 PM 88.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739396.exe 9/5/2005 2:49 PM 52.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739397.exe 9/5/2005 2:49 PM 171.50 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739398.exe 9/5/2005 2:49 PM 24.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739399.exe 9/5/2005 2:49 PM 124.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739400.com 9/5/2005 2:49 PM 10.99 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739401.txt 9/5/2005 2:49 PM 46 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739402.reg 9/5/2005 2:49 PM 92 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739414.edb 9/5/2005 2:51 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739417.ind 9/5/2005 2:52 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739418.ind 9/5/2005 2:52 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739419.ind 9/5/2005 2:52 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739420.ind 9/5/2005 2:52 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739421.ind 9/5/2005 2:52 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739422.ind 9/5/2005 2:52 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739423.ind 9/5/2005 2:52 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739424.ind 9/5/2005 2:52 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739425.ind 9/5/2005 2:52 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739426.ind 9/5/2005 2:52 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739427.ind 9/5/2005 2:52 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739428.ind 9/5/2005 2:52 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739429.ind 9/5/2005 2:52 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739430.ind 9/5/2005 2:52 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739450.INI 9/5/2005 2:52 PM 26.20 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739454 9/5/2005 2:52 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739455 9/5/2005 2:52 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739461 9/5/2005 2:53 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739469 9/5/2005 2:54 PM 4.23 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739473 9/5/2005 2:55 PM 23.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739542.sol 9/5/2005 3:35 PM 46 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739543.sol 9/5/2005 3:35 PM 66 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739544.sol 9/5/2005 3:35 PM 89 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739545.sol 9/5/2005 3:35 PM 108 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739546.sol 9/5/2005 3:35 PM 133 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739547.sol 9/5/2005 3:35 PM 151 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739548.sol 9/5/2005 3:35 PM 173 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739549.sol 9/5/2005 3:35 PM 196 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739550.sol 9/5/2005 3:35 PM 226 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739551.sol 9/5/2005 3:35 PM 257 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739552.sol 9/5/2005 3:35 PM 278 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739668.DIC 9/5/2005 4:17 PM 162 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739690.LNK 9/5/2005 4:26 PM 880 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739691.LNK 9/5/2005 4:26 PM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739692.DOC 9/5/2005 4:26 PM 162 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739695.LNK 9/5/2005 4:26 PM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739696.LNK 9/5/2005 4:26 PM 870 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739697.LNK 9/5/2005 4:26 PM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739698.DOC 9/5/2005 4:26 PM 162 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739703.LNK 9/5/2005 4:26 PM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739705.LNK 9/5/2005 4:26 PM 870 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739706.LNK 9/5/2005 4:26 PM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739707.DOC 9/5/2005 4:27 PM 162 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739710.LNK 9/5/2005 4:27 PM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739711.LNK 9/5/2005 4:27 PM 870 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739712.LNK 9/5/2005 4:27 PM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739723.DOC 9/5/2005 4:32 PM 162 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739728.LNK 9/5/2005 4:33 PM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739729.LNK 9/5/2005 4:33 PM 890 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739730.LNK 9/5/2005 4:33 PM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739731.DOC 9/5/2005 4:33 PM 162 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739745 9/5/2005 4:37 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739746 9/5/2005 4:37 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739747.ini 9/5/2005 4:38 PM 20.31 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739748.ini 9/5/2005 4:38 PM 13.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739750 9/5/2005 4:38 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739751.ini 9/5/2005 4:38 PM 12.77 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739752.ini 9/5/2005 4:38 PM 14.50 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739753.INI 9/5/2005 4:38 PM 127 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739763 9/5/2005 4:38 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739764 9/5/2005 4:38 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739765 9/5/2005 4:51 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739766.DAT 9/5/2005 4:51 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739767 9/5/2005 4:52 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739768 9/5/2005 4:52 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739769.DB 9/5/2005 4:52 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739770 9/5/2005 4:52 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739789 9/5/2005 4:52 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739790 9/5/2005 4:52 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739803.cab 9/5/2005 4:53 PM 15.45 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739816.ind 9/5/2005 4:53 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739817.ind 9/5/2005 4:53 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739818.ind 9/5/2005 4:53 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739819.ind 9/5/2005 4:53 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739820.ind 9/5/2005 4:53 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739821.ind 9/5/2005 4:53 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739822.ind 9/5/2005 4:53 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739823.ind 9/5/2005 4:53 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739824.ind 9/5/2005 4:53 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739825.ind 9/5/2005 4:53 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739826.ind 9/5/2005 4:53 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739827.ind 9/5/2005 4:53 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739828.ind 9/5/2005 4:53 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739829.ind 9/5/2005 4:53 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739849.INI 9/5/2005 4:54 PM 26.20 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739851 9/5/2005 4:54 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739852 9/5/2005 4:54 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739854 9/5/2005 4:54 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739868 9/5/2005 4:55 PM 20.15 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739879.edb 9/5/2005 4:58 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739880.DB 9/5/2005 5:17 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739881 9/5/2005 5:17 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739882 9/5/2005 5:17 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739883 9/5/2005 5:17 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739884 9/5/2005 5:17 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739905 9/5/2005 5:17 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739906 9/5/2005 5:17 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739914.ind 9/5/2005 5:18 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739936 9/5/2005 5:18 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739937 9/5/2005 5:18 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739944 9/5/2005 5:19 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739951 9/5/2005 5:19 PM 23.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739952 9/5/2005 5:20 PM 3.55 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739966 9/5/2005 5:21 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739967 9/5/2005 5:21 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739977 9/5/2005 5:21 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739978 9/5/2005 5:21 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739979 9/5/2005 5:21 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739980 9/5/2005 5:21 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739981.DAT 9/5/2005 5:31 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739982 9/5/2005 5:31 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739983 9/5/2005 5:31 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739984 9/5/2005 5:31 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739985.DB 9/5/2005 5:31 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739986 9/5/2005 5:31 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740006 9/5/2005 5:31 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740007 9/5/2005 5:31 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740009.edb 9/5/2005 5:31 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740032 9/5/2005 5:33 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740033 9/5/2005 5:33 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740036.DAT 9/5/2005 6:05 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740037.DAT 9/5/2005 6:05 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740038.DAT 9/5/2005 6:05 PM 1.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740039.box 9/5/2005 6:05 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740040 9/5/2005 6:05 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740041.box 9/5/2005 6:05 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740046.box 9/5/2005 6:05 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740047.box 9/5/2005 6:06 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740049 9/5/2005 6:06 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740050.DAT 9/5/2005 6:06 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740052 9/5/2005 6:06 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740053.box 9/5/2005 6:06 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740054 9/5/2005 6:06 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740055 9/5/2005 6:06 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740070.DB 9/5/2005 6:07 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740072 9/5/2005 6:07 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740073 9/5/2005 6:07 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740102.edb 9/5/2005 6:12 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740110.ind 9/5/2005 6:13 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740111.ind 9/5/2005 6:13 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740112.ind 9/5/2005 6:13 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740113.ind 9/5/2005 6:13 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740114.ind 9/5/2005 6:13 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740115.ind 9/5/2005 6:13 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740116.ind 9/5/2005 6:13 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740117.ind 9/5/2005 6:13 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740118.ind 9/5/2005 6:13 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740119.ind 9/5/2005 6:13 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740120.ind 9/5/2005 6:13 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740121.ind 9/5/2005 6:13 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740122.ind 9/5/2005 6:13 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740123.ind 9/5/2005 6:13 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740144.INI 9/5/2005 6:14 PM 26.20 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740146 9/5/2005 6:14 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740147 9/5/2005 6:14 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740149 9/5/2005 6:14 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740158 9/5/2005 6:15 PM 23.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740159 9/5/2005 6:15 PM 13.49 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740168.~ 9/5/2005 6:17 PM 211 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740172.DAT 9/5/2005 6:23 PM 1.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740174.DAT 9/5/2005 6:23 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740175.DAT 9/5/2005 6:23 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740176.box 9/5/2005 6:23 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740177.box 9/5/2005 6:23 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740178.box 9/5/2005 6:23 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740179.box 9/5/2005 6:23 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740180.box 9/5/2005 6:23 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740181.DAT 9/5/2005 6:23 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740182 9/5/2005 6:23 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740183 9/5/2005 6:23 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740184 9/5/2005 6:23 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740185 9/5/2005 6:23 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740186 9/5/2005 6:23 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740205.edb 9/5/2005 6:24 PM 1.01 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740209 9/5/2005 6:25 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740210 9/5/2005 6:25 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740211.DB 9/5/2005 6:25 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740237.edb 9/5/2005 6:27 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740271.ind 9/5/2005 6:43 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740290 9/5/2005 6:43 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740291 9/5/2005 6:44 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740296 9/5/2005 6:44 PM 4.25 K
HKLM\SOFTWARE\Classes\webcal\URL Protocol 1/5/2005 12:33 PM 13 bytes Data mismatch between Windows API and raw hive data.
C:\RECYCLER\NPROTECT 9/7/2005 10:41 AM 0 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737528.LNK 9/5/2005 10:36 AM 870 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737529.LNK 9/5/2005 10:36 AM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737530.DOC 9/5/2005 10:36 AM 162 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737531.LNK 9/5/2005 10:36 AM 870 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737532.LNK 9/5/2005 10:36 AM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737533.LNK 9/5/2005 10:36 AM 870 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737534.LNK 9/5/2005 10:36 AM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737539.ind 9/5/2005 10:37 AM 290.43 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737540.ind 9/5/2005 10:37 AM 290.43 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737541.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737542.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737543.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737544.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737545.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737546.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737547.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737548.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737549.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737550.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737551.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737552.ind 9/5/2005 10:37 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737558.INI 9/5/2005 10:38 AM 26.20 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737559 9/5/2005 10:38 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737560 9/5/2005 10:38 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737567.ini 9/5/2005 10:39 AM 20.31 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737568.ini 9/5/2005 10:39 AM 13.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737569.ini 9/5/2005 10:39 AM 12.77 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737570.ini 9/5/2005 10:39 AM 14.50 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737571 9/5/2005 10:39 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737572.INI 9/5/2005 10:39 AM 127 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737573 9/5/2005 10:39 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737577 9/5/2005 10:39 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737578 9/5/2005 10:39 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737586 9/5/2005 10:39 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737587 9/5/2005 10:39 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737592.box 9/5/2005 10:39 AM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737593.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737594.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737595.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737596.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737597.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737598.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737599.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737600.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737601.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737602.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737603.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737604.ind 9/5/2005 10:41 AM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737605.DAT 9/5/2005 10:42 AM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737606 9/5/2005 10:42 AM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737607 9/5/2005 10:42 AM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737608.~ 9/5/2005 10:42 AM 182 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737609 9/5/2005 10:42 AM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737610.DB 9/5/2005 10:42 AM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737611 9/5/2005 10:42 AM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737636 9/5/2005 10:42 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737638 9/5/2005 10:42 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737661.INI 9/5/2005 10:42 AM 26.20 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737666 9/5/2005 10:43 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737678 9/5/2005 10:44 AM 5.05 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737683.sol 9/5/2005 10:45 AM 46 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737684.sol 9/5/2005 10:45 AM 66 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737685.sol 9/5/2005 10:45 AM 89 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737686.sol 9/5/2005 10:45 AM 108 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737687.sol 9/5/2005 10:45 AM 133 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737688.sol 9/5/2005 10:45 AM 151 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737689.sol 9/5/2005 10:45 AM 173 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737690.sol 9/5/2005 10:45 AM 196 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737691.sol 9/5/2005 10:45 AM 226 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737692.sol 9/5/2005 10:45 AM 257 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737693.sol 9/5/2005 10:45 AM 278 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737705 9/5/2005 10:47 AM 23.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737710.edb 9/5/2005 10:49 AM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737712.dat 9/5/2005 10:49 AM 1.64 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737713.dat 9/5/2005 10:49 AM 1.64 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737714.dat 9/5/2005 10:49 AM 1.64 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737727.~ 9/5/2005 10:53 AM 186 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737801.ind 9/5/2005 11:06 AM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737813 9/5/2005 11:07 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737814 9/5/2005 11:07 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737824 9/5/2005 11:07 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737826.edb 9/5/2005 11:07 AM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737842 9/5/2005 11:08 AM 3.54 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737846.DAT 9/5/2005 11:15 AM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737847.DAT 9/5/2005 11:15 AM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737848.box 9/5/2005 11:15 AM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737849.box 9/5/2005 11:15 AM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737850.DAT 9/5/2005 11:15 AM 1.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737852 9/5/2005 11:15 AM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737853.box 9/5/2005 11:15 AM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737854.box 9/5/2005 11:15 AM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737855 9/5/2005 11:16 AM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737857.box 9/5/2005 11:16 AM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737862.DAT 9/5/2005 11:16 AM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737872 9/5/2005 11:17 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737876 9/5/2005 11:17 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737879 9/5/2005 11:17 AM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737880 9/5/2005 11:17 AM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737881 9/5/2005 11:17 AM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737882.DB 9/5/2005 11:17 AM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737917 9/5/2005 11:19 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737920 9/5/2005 11:19 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737921.DAT 9/5/2005 11:22 AM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737922.DB 9/5/2005 11:22 AM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737923 9/5/2005 11:22 AM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737942 9/5/2005 11:22 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737943 9/5/2005 11:22 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737953.ind 9/5/2005 11:23 AM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737967 9/5/2005 11:24 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737968 9/5/2005 11:24 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737981 9/5/2005 11:24 AM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737988 9/5/2005 11:25 AM 23.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737989 9/5/2005 11:25 AM 4.94 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00737995.edb 9/5/2005 11:27 AM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738019.~ 9/5/2005 11:34 AM 194 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738020.~ 9/5/2005 11:34 AM 196 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738021.DAT 9/5/2005 12:24 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738022.DAT 9/5/2005 12:24 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738023.box 9/5/2005 12:24 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738024.box 9/5/2005 12:24 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738027 9/5/2005 12:24 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738031.DAT 9/5/2005 12:24 PM 1.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738032.box 9/5/2005 12:24 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738034 9/5/2005 12:24 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738035.box 9/5/2005 12:24 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738036.DAT 9/5/2005 12:24 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738038 9/5/2005 12:25 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738039 9/5/2005 12:25 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738040 9/5/2005 12:25 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738041 9/5/2005 12:25 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738042 9/5/2005 12:25 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738046.DB 9/5/2005 12:26 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738075.ind 9/5/2005 12:28 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738098 9/5/2005 12:28 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738099 9/5/2005 12:28 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738104 9/5/2005 12:29 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738113 9/5/2005 12:30 PM 3.54 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738116.edb 9/5/2005 12:30 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738117.DAT 9/5/2005 12:45 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738118 9/5/2005 12:45 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738119 9/5/2005 12:45 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738120 9/5/2005 12:45 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738121 9/5/2005 12:45 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738122.DB 9/5/2005 12:45 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738141 9/5/2005 12:45 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738142 9/5/2005 12:45 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738181.REG 9/5/2005 12:47 PM 998 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738186.txt 9/5/2005 12:48 PM 784 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738187.txt 9/5/2005 12:48 PM 390 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738188.txt 9/5/2005 12:48 PM 498 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738189.txt 9/5/2005 12:48 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738190.txt 9/5/2005 12:48 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738191.txt 9/5/2005 12:48 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738192.txt 9/5/2005 12:48 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738193.reg 9/5/2005 12:48 PM 25.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738194.txt 9/5/2005 12:48 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738195.txt 9/5/2005 12:48 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738196.txt 9/5/2005 12:48 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738197.txt 9/5/2005 12:48 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738202.txt 9/5/2005 12:50 PM 14.89 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738207.REG 9/5/2005 12:50 PM 998 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738211.txt 9/5/2005 12:50 PM 784 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738212.txt 9/5/2005 12:50 PM 390 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738213.txt 9/5/2005 12:50 PM 498 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738214.txt 9/5/2005 12:50 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738215.txt 9/5/2005 12:50 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738216.txt 9/5/2005 12:50 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738217.txt 9/5/2005 12:50 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738218.reg 9/5/2005 12:50 PM 25.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738219.txt 9/5/2005 12:50 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738220.txt 9/5/2005 12:50 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738221.txt 9/5/2005 12:50 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738222.txt 9/5/2005 12:50 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738228.ind 9/5/2005 12:51 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738239.edb 9/5/2005 12:51 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738249 9/5/2005 12:51 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738286.~ 9/5/2005 12:56 PM 196 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738287.~ 9/5/2005 12:56 PM 200 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738292.DAT 9/5/2005 1:01 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738293.DAT 9/5/2005 1:01 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738294.box 9/5/2005 1:02 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738295.box 9/5/2005 1:02 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738296 9/5/2005 1:02 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738297.box 9/5/2005 1:02 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738298.box 9/5/2005 1:02 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738299 9/5/2005 1:02 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738300 9/5/2005 1:02 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738301 9/5/2005 1:02 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738307.box 9/5/2005 1:02 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738308.DAT 9/5/2005 1:02 PM 1.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738309.edb 9/5/2005 1:02 PM 1.01 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738310 9/5/2005 1:02 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738311.DAT 9/5/2005 1:03 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738334 9/5/2005 1:03 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738335 9/5/2005 1:03 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738337.DB 9/5/2005 1:03 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738360.ind 9/5/2005 1:05 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738380 9/5/2005 1:05 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738381 9/5/2005 1:05 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738382.edb 9/5/2005 1:06 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738387 9/5/2005 1:06 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738396.sol 9/5/2005 1:07 PM 46 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738397.sol 9/5/2005 1:07 PM 66 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738398.sol 9/5/2005 1:07 PM 89 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738399.sol 9/5/2005 1:07 PM 108 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738400.sol 9/5/2005 1:07 PM 133 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738401.sol 9/5/2005 1:07 PM 151 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738402.sol 9/5/2005 1:07 PM 173 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738403.sol 9/5/2005 1:07 PM 196 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738404.sol 9/5/2005 1:07 PM 226 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738405.sol 9/5/2005 1:07 PM 257 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738406.sol 9/5/2005 1:07 PM 278 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738407 9/5/2005 1:07 PM 23.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738408 9/5/2005 1:07 PM 3.54 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738498 9/5/2005 1:30 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738499 9/5/2005 1:30 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738503 9/5/2005 1:30 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738508 9/5/2005 1:30 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738509 9/5/2005 1:30 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738510 9/5/2005 1:33 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738511.DAT 9/5/2005 1:33 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738512 9/5/2005 1:33 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738513 9/5/2005 1:33 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738514 9/5/2005 1:33 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738531.txt 9/5/2005 1:33 PM 15.59 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738535.REG 9/5/2005 1:33 PM 1000 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738537 9/5/2005 1:33 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738538 9/5/2005 1:33 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738539.txt 9/5/2005 1:34 PM 786 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738540.txt 9/5/2005 1:34 PM 390 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738541.txt 9/5/2005 1:34 PM 499 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738542.txt 9/5/2005 1:34 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738543.txt 9/5/2005 1:34 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738544.txt 9/5/2005 1:34 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738545.txt 9/5/2005 1:34 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738546.reg 9/5/2005 1:34 PM 25.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738547.txt 9/5/2005 1:34 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738548.txt 9/5/2005 1:34 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738549.txt 9/5/2005 1:34 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738550.txt 9/5/2005 1:34 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738617.cab 9/5/2005 1:34 PM 15.45 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738650.txt 9/5/2005 1:39 PM 18.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738656.REG 9/5/2005 1:39 PM 1000 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738658.txt 9/5/2005 1:39 PM 786 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738659.txt 9/5/2005 1:39 PM 390 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738660.txt 9/5/2005 1:39 PM 499 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738661.txt 9/5/2005 1:39 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738662.txt 9/5/2005 1:39 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738663.txt 9/5/2005 1:39 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738664.txt 9/5/2005 1:39 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738665.reg 9/5/2005 1:39 PM 25.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738666.txt 9/5/2005 1:39 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738667.txt 9/5/2005 1:39 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738668.txt 9/5/2005 1:39 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738669.txt 9/5/2005 1:39 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738672.edb 9/5/2005 1:39 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738676.txt 9/5/2005 1:42 PM 18.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738684.REG 9/5/2005 1:42 PM 1000 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738686.txt 9/5/2005 1:42 PM 786 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738687.txt 9/5/2005 1:42 PM 390 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738688.txt 9/5/2005 1:42 PM 499 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738689.txt 9/5/2005 1:42 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738690.txt 9/5/2005 1:42 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738691.txt 9/5/2005 1:42 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738692.txt 9/5/2005 1:42 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738693.reg 9/5/2005 1:42 PM 25.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738694.txt 9/5/2005 1:42 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738695.txt 9/5/2005 1:42 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738696.txt 9/5/2005 1:42 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738697.txt 9/5/2005 1:42 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738698.txt 9/5/2005 1:42 PM 18.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738700.REG 9/5/2005 1:42 PM 1000 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738703.txt 9/5/2005 1:42 PM 786 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738704.txt 9/5/2005 1:42 PM 390 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738705.txt 9/5/2005 1:42 PM 499 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738706.txt 9/5/2005 1:42 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738707.txt 9/5/2005 1:42 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738708.txt 9/5/2005 1:42 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738709.txt 9/5/2005 1:42 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738710.reg 9/5/2005 1:42 PM 25.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738711.txt 9/5/2005 1:42 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738712.txt 9/5/2005 1:42 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738713.txt 9/5/2005 1:42 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738714.txt 9/5/2005 1:42 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738734.ind 9/5/2005 1:45 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738753 9/5/2005 1:46 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738754 9/5/2005 1:46 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738765 9/5/2005 1:46 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738766 9/5/2005 1:46 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738772 9/5/2005 1:47 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738773 9/5/2005 1:47 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738774 9/5/2005 1:47 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738775 9/5/2005 1:47 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738779.DAT 9/5/2005 1:50 PM 1.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738781.DAT 9/5/2005 1:50 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738782.DAT 9/5/2005 1:50 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738783.box 9/5/2005 1:50 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738784.DAT 9/5/2005 1:50 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738785.box 9/5/2005 1:50 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738786 9/5/2005 1:50 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738787.box 9/5/2005 1:50 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738788.box 9/5/2005 1:50 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738789.box 9/5/2005 1:50 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738790 9/5/2005 1:50 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738791 9/5/2005 1:50 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738793 9/5/2005 1:50 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738794 9/5/2005 1:50 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738799.DB 9/5/2005 1:51 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738800 9/5/2005 1:51 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738801 9/5/2005 1:51 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738845.txt 9/5/2005 1:52 PM 18.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738849.REG 9/5/2005 1:52 PM 1000 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738851.txt 9/5/2005 1:52 PM 790 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738852.txt 9/5/2005 1:52 PM 390 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738853.txt 9/5/2005 1:52 PM 499 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738854.txt 9/5/2005 1:52 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738855.txt 9/5/2005 1:52 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738856.txt 9/5/2005 1:52 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738857.txt 9/5/2005 1:52 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738858.reg 9/5/2005 1:52 PM 25.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738859.txt 9/5/2005 1:52 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738860.txt 9/5/2005 1:52 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738861.txt 9/5/2005 1:52 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738862.txt 9/5/2005 1:52 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738874.ind 9/5/2005 1:53 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738896 9/5/2005 1:53 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738897 9/5/2005 1:53 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738903 9/5/2005 1:54 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738911.edb 9/5/2005 1:55 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738913 9/5/2005 1:55 PM 5.64 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738920 9/5/2005 1:59 PM 23.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738929.XML 9/5/2005 2:00 PM 1.14 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738932.XML 9/5/2005 2:00 PM 1.14 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738934.sol 9/5/2005 2:01 PM 300 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738935.sol 9/5/2005 2:01 PM 54 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738936.sol 9/5/2005 2:01 PM 65 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738971.ini 9/5/2005 2:14 PM 113 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738972.log 9/5/2005 2:14 PM 18.59 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738973.log 9/5/2005 2:14 PM 1.15 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738974.log 9/5/2005 2:14 PM 730.41 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738975.dmp 9/5/2005 2:14 PM 61.77 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738976.sol 9/5/2005 2:14 PM 57 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738977.sol 9/5/2005 2:14 PM 83 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738978.sol 9/5/2005 2:14 PM 331 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738990 9/5/2005 2:15 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738992 9/5/2005 2:15 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00738999 9/5/2005 2:15 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739000 9/5/2005 2:15 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739001 9/5/2005 2:15 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739002 9/5/2005 2:15 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739003.DAT 9/5/2005 2:17 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739004 9/5/2005 2:17 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739005 9/5/2005 2:17 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739006 9/5/2005 2:17 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739007.DB 9/5/2005 2:17 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739008 9/5/2005 2:17 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739018 9/5/2005 2:18 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739019 9/5/2005 2:18 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739038.ind 9/5/2005 2:18 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739052 9/5/2005 2:19 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739053 9/5/2005 2:19 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739075.cab 9/5/2005 2:20 PM 15.45 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739083 9/5/2005 2:21 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739098 9/5/2005 2:22 PM 4.23 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739112.REG 9/5/2005 2:23 PM 1002 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739114.txt 9/5/2005 2:23 PM 790 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739115.txt 9/5/2005 2:23 PM 390 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739116.txt 9/5/2005 2:23 PM 500 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739117.txt 9/5/2005 2:23 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739118.txt 9/5/2005 2:23 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739119.txt 9/5/2005 2:23 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739120.txt 9/5/2005 2:23 PM 495 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739121.reg 9/5/2005 2:23 PM 25.02 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739122.txt 9/5/2005 2:23 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739123.txt 9/5/2005 2:23 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739124.txt 9/5/2005 2:23 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739125.txt 9/5/2005 2:23 PM 12.44 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739142.edb 9/5/2005 2:26 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739147.~ 9/5/2005 2:29 PM 207 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739148 9/5/2005 2:31 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739149.DAT 9/5/2005 2:31 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739150 9/5/2005 2:31 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739151 9/5/2005 2:31 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739153 9/5/2005 2:31 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739175 9/5/2005 2:31 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739176 9/5/2005 2:31 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739186.ind 9/5/2005 2:32 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739204 9/5/2005 2:32 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739205 9/5/2005 2:33 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739215 9/5/2005 2:33 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739222 9/5/2005 2:34 PM 23.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739223 9/5/2005 2:35 PM 3.54 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739229.edb 9/5/2005 2:36 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739243.ini 9/5/2005 2:39 PM 20.31 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739244.ini 9/5/2005 2:39 PM 13.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739245 9/5/2005 2:39 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739246.ini 9/5/2005 2:39 PM 12.77 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739247 9/5/2005 2:39 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739248.ini 9/5/2005 2:39 PM 14.50 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739271.~ 9/5/2005 2:42 PM 208 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739272.~ 9/5/2005 2:42 PM 208 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739275.box 9/5/2005 2:45 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739276.box 9/5/2005 2:45 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739277.DAT 9/5/2005 2:45 PM 1.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739278.DAT 9/5/2005 2:45 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739279.DAT 9/5/2005 2:45 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739281.box 9/5/2005 2:45 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739282.box 9/5/2005 2:45 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739283.box 9/5/2005 2:45 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739284 9/5/2005 2:45 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739285.DAT 9/5/2005 2:45 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739286 9/5/2005 2:45 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739289 9/5/2005 2:45 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739290 9/5/2005 2:45 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739291 9/5/2005 2:45 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739295.~ 9/5/2005 2:46 PM 208 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739296 9/5/2005 2:46 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739297 9/5/2005 2:46 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739311.DB 9/5/2005 2:46 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739339.reg 9/5/2005 2:47 PM 24.14 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739365.zip 9/5/2005 2:49 PM 425.70 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739367.zip 9/5/2005 2:49 PM 638.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739370.zip 9/5/2005 2:49 PM 638.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739372.zip 9/5/2005 2:49 PM 650.46 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739382.txt 9/5/2005 2:49 PM 447 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739383.txt 9/5/2005 2:49 PM 5.97 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739385.txt 9/5/2005 2:49 PM 3 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739386.txt 9/5/2005 2:49 PM 274 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739387.reg 9/5/2005 2:49 PM 1.90 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739388.txt 9/5/2005 2:49 PM 78 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739389.txt 9/5/2005 2:49 PM 24 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739390.reg 9/5/2005 2:49 PM 213 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739391.txt 9/5/2005 2:49 PM 45 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739392.txt 9/5/2005 2:49 PM 45 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739393.reg 9/5/2005 2:49 PM 237 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739394.exe 9/5/2005 2:49 PM 38.27 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739395.exe 9/5/2005 2:49 PM 88.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739396.exe 9/5/2005 2:49 PM 52.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739397.exe 9/5/2005 2:49 PM 171.50 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739398.exe 9/5/2005 2:49 PM 24.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739399.exe 9/5/2005 2:49 PM 124.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739400.com 9/5/2005 2:49 PM 10.99 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739401.txt 9/5/2005 2:49 PM 46 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739402.reg 9/5/2005 2:49 PM 92 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739414.edb 9/5/2005 2:51 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739417.ind 9/5/2005 2:52 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739418.ind 9/5/2005 2:52 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739419.ind 9/5/2005 2:52 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739420.ind 9/5/2005 2:52 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739421.ind 9/5/2005 2:52 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739422.ind 9/5/2005 2:52 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739423.ind 9/5/2005 2:52 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739424.ind 9/5/2005 2:52 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739425.ind 9/5/2005 2:52 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739426.ind 9/5/2005 2:52 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739427.ind 9/5/2005 2:52 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739428.ind 9/5/2005 2:52 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739429.ind 9/5/2005 2:52 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739430.ind 9/5/2005 2:52 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739450.INI 9/5/2005 2:52 PM 26.20 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739454 9/5/2005 2:52 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739455 9/5/2005 2:52 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739461 9/5/2005 2:53 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739469 9/5/2005 2:54 PM 4.23 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739473 9/5/2005 2:55 PM 23.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739542.sol 9/5/2005 3:35 PM 46 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739543.sol 9/5/2005 3:35 PM 66 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739544.sol 9/5/2005 3:35 PM 89 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739545.sol 9/5/2005 3:35 PM 108 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739546.sol 9/5/2005 3:35 PM 133 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739547.sol 9/5/2005 3:35 PM 151 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739548.sol 9/5/2005 3:35 PM 173 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739549.sol 9/5/2005 3:35 PM 196 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739550.sol 9/5/2005 3:35 PM 226 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739551.sol 9/5/2005 3:35 PM 257 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739552.sol 9/5/2005 3:35 PM 278 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739668.DIC 9/5/2005 4:17 PM 162 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739690.LNK 9/5/2005 4:26 PM 880 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739691.LNK 9/5/2005 4:26 PM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739692.DOC 9/5/2005 4:26 PM 162 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739695.LNK 9/5/2005 4:26 PM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739696.LNK 9/5/2005 4:26 PM 870 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739697.LNK 9/5/2005 4:26 PM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739698.DOC 9/5/2005 4:26 PM 162 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739703.LNK 9/5/2005 4:26 PM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739705.LNK 9/5/2005 4:26 PM 870 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739706.LNK 9/5/2005 4:26 PM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739707.DOC 9/5/2005 4:27 PM 162 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739710.LNK 9/5/2005 4:27 PM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739711.LNK 9/5/2005 4:27 PM 870 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739712.LNK 9/5/2005 4:27 PM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739723.DOC 9/5/2005 4:32 PM 162 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739728.LNK 9/5/2005 4:33 PM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739729.LNK 9/5/2005 4:33 PM 890 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739730.LNK 9/5/2005 4:33 PM 705 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739731.DOC 9/5/2005 4:33 PM 162 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739745 9/5/2005 4:37 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739746 9/5/2005 4:37 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739747.ini 9/5/2005 4:38 PM 20.31 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739748.ini 9/5/2005 4:38 PM 13.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739750 9/5/2005 4:38 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739751.ini 9/5/2005 4:38 PM 12.77 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739752.ini 9/5/2005 4:38 PM 14.50 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739753.INI 9/5/2005 4:38 PM 127 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739763 9/5/2005 4:38 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739764 9/5/2005 4:38 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739765 9/5/2005 4:51 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739766.DAT 9/5/2005 4:51 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739767 9/5/2005 4:52 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739768 9/5/2005 4:52 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739769.DB 9/5/2005 4:52 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739770 9/5/2005 4:52 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739789 9/5/2005 4:52 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739790 9/5/2005 4:52 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739803.cab 9/5/2005 4:53 PM 15.45 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739816.ind 9/5/2005 4:53 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739817.ind 9/5/2005 4:53 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739818.ind 9/5/2005 4:53 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739819.ind 9/5/2005 4:53 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739820.ind 9/5/2005 4:53 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739821.ind 9/5/2005 4:53 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739822.ind 9/5/2005 4:53 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739823.ind 9/5/2005 4:53 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739824.ind 9/5/2005 4:53 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739825.ind 9/5/2005 4:53 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739826.ind 9/5/2005 4:53 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739827.ind 9/5/2005 4:53 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739828.ind 9/5/2005 4:53 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739829.ind 9/5/2005 4:53 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739849.INI 9/5/2005 4:54 PM 26.20 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739851 9/5/2005 4:54 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739852 9/5/2005 4:54 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739854 9/5/2005 4:54 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739868 9/5/2005 4:55 PM 20.15 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739879.edb 9/5/2005 4:58 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739880.DB 9/5/2005 5:17 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739881 9/5/2005 5:17 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739882 9/5/2005 5:17 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739883 9/5/2005 5:17 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739884 9/5/2005 5:17 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739905 9/5/2005 5:17 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739906 9/5/2005 5:17 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739914.ind 9/5/2005 5:18 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739936 9/5/2005 5:18 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739937 9/5/2005 5:18 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739944 9/5/2005 5:19 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739951 9/5/2005 5:19 PM 23.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739952 9/5/2005 5:20 PM 3.55 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739966 9/5/2005 5:21 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739967 9/5/2005 5:21 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739977 9/5/2005 5:21 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739978 9/5/2005 5:21 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739979 9/5/2005 5:21 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739980 9/5/2005 5:21 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739981.DAT 9/5/2005 5:31 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739982 9/5/2005 5:31 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739983 9/5/2005 5:31 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739984 9/5/2005 5:31 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739985.DB 9/5/2005 5:31 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00739986 9/5/2005 5:31 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740006 9/5/2005 5:31 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740007 9/5/2005 5:31 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740009.edb 9/5/2005 5:31 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740032 9/5/2005 5:33 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740033 9/5/2005 5:33 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740036.DAT 9/5/2005 6:05 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740037.DAT 9/5/2005 6:05 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740038.DAT 9/5/2005 6:05 PM 1.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740039.box 9/5/2005 6:05 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740040 9/5/2005 6:05 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740041.box 9/5/2005 6:05 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740046.box 9/5/2005 6:05 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740047.box 9/5/2005 6:06 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740049 9/5/2005 6:06 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740050.DAT 9/5/2005 6:06 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740052 9/5/2005 6:06 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740053.box 9/5/2005 6:06 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740054 9/5/2005 6:06 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740055 9/5/2005 6:06 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740070.DB 9/5/2005 6:07 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740072 9/5/2005 6:07 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740073 9/5/2005 6:07 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740102.edb 9/5/2005 6:12 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740110.ind 9/5/2005 6:13 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740111.ind 9/5/2005 6:13 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740112.ind 9/5/2005 6:13 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740113.ind 9/5/2005 6:13 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740114.ind 9/5/2005 6:13 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740115.ind 9/5/2005 6:13 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740116.ind 9/5/2005 6:13 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740117.ind 9/5/2005 6:13 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740118.ind 9/5/2005 6:13 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740119.ind 9/5/2005 6:13 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740120.ind 9/5/2005 6:13 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740121.ind 9/5/2005 6:13 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740122.ind 9/5/2005 6:13 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740123.ind 9/5/2005 6:13 PM 292 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740144.INI 9/5/2005 6:14 PM 26.20 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740146 9/5/2005 6:14 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740147 9/5/2005 6:14 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740149 9/5/2005 6:14 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740158 9/5/2005 6:15 PM 23.39 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740159 9/5/2005 6:15 PM 13.49 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740168.~ 9/5/2005 6:17 PM 211 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740172.DAT 9/5/2005 6:23 PM 1.18 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740174.DAT 9/5/2005 6:23 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740175.DAT 9/5/2005 6:23 PM 14 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740176.box 9/5/2005 6:23 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740177.box 9/5/2005 6:23 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740178.box 9/5/2005 6:23 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740179.box 9/5/2005 6:23 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740180.box 9/5/2005 6:23 PM 362 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740181.DAT 9/5/2005 6:23 PM 12.08 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740182 9/5/2005 6:23 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740183 9/5/2005 6:23 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740184 9/5/2005 6:23 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740185 9/5/2005 6:23 PM 51 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740186 9/5/2005 6:23 PM 5.53 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740205.edb 9/5/2005 6:24 PM 1.01 MB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740209 9/5/2005 6:25 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740210 9/5/2005 6:25 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740211.DB 9/5/2005 6:25 PM 158 bytes Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740237.edb 9/5/2005 6:27 PM 64.00 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740271.ind 9/5/2005 6:43 PM 290.91 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740290 9/5/2005 6:43 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740291 9/5/2005 6:44 PM 4.25 KB Hidden from Windows API.
C:\RECYCLER\NPROTECT\00740296 9/5/2005 6:44 PM 4.25 K
#25
Posted 07 September 2005 - 07:28 PM
PamPP
- Topic Starter
-
- Member
-
- 23 posts
Member
Well apparently the message board is not letting me post the whole log - I am gonna try to attach the log and see if that works.
Pam
If not at least here is the Silent Runners log:
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"fxsvfw" = "C:\WINDOWS\system32\fxsvfw.exe" [file not found]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"fxsvfw" = "C:\WINDOWS\system32\fxsvfw.exe" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MMTray" = "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" ["MUSICMATCH, Inc."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"AdaptecDirectCD" = ""C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"" ["Roxio"]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"ccRegVfy" = ""C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"" ["Symantec Corporation"]
"Advanced Tools Check" = "C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" ["Symantec Corporation"]
"HostManager" = "C:\Program Files\Common Files\AOL\1104942569\EE\AOLHostManager.exe" ["America Online, Inc."]
"AOLDialer" = "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" ["America Online"]
"AOL Spyware Protection" = ""C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"" [null data]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"THGuard" = ""C:\Program Files\TrojanHunter 4.2\THGuard.exe"" ["Mischel Internet Security"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshellext.dll" ["RealNetworks"]
"{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec DirectCD Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Roxio\EASYCD~1\DirectCD\Shellex.dll" ["Roxio"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" = "TrojanHunter Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Bliss.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssflwbox.scr" [MS]
Startup items in "Pam" & "All Users" startup folders:
-----------------------------------------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"America Online Tray Icon" -> shortcut to: "C:\Program Files\America Online 9.0\aoltray.exe -check" ["America Online, Inc."]
"Billminder" -> shortcut to: "C:\Program Files\Quicken\billmind.exe -startup" ["Intuit"]
"Digital Line Detect" -> shortcut to: "C:\Program Files\Digital Line Detect\DLG.exe" ["BVRP Software"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"Quicken Scheduled Updates" -> shortcut to: "C:\Program Files\Quicken\bagent.exe" ["Intuit Inc."]
"Quicken Startup" -> shortcut to: "C:\Program Files\Quicken\QWDLLS.EXE" ["Intuit"]
Enabled Scheduled Tasks:
------------------------
"Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{79406F24-8E95-4AF8-9FEF-2EA2B504E707}\ = "BottomFrame Class"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\WINDOWS\ttext.dll" [empty string]
HKLM\Software\Classes\CLSID\{8F7D96AA-489A-4194-AB34-21EF42507932}\ = "LeftFrame Class"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\WINDOWS\ttext.dll" [empty string]
HKLM\Software\Classes\CLSID\{9404901D-06DA-4B23-A0EE-3EA4F64EC9B3}\ = "MoneySide"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyviewer.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{4982D40A-C53B-4615-B15B-B5B5E98D167C}\
"ButtonText" = "AOL Toolbar"
"MenuText" = "AOL Toolbar"
"CLSIDExtension" = "{4982D40A-C53B-4615-B15B-B5B5E98D167C}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]
{9E248641-0E24-4DDB-9A1F-705087832AD6}\
"MenuText" = "Java"
{E023F504-0C5A-4750-A1E7-A9046DEA8A21}\
"ButtonText" = "MoneySide"
"CLSIDExtension" = "{301DA1EE-F65C-4188-A417-9E915CC8FBFA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyviewer.dll" [MS]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
Missing lines (compared with English-language version):
HIJACK WARNING! "searchprovider" = "res://C:\WINDOWS\system\SEARCH~1.DLL/search.htm" [empty string]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AOL Connectivity Service, AOL ACS, ""C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"" ["America Online"]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "C:\Program Files\ewido\security suite\ewidoguard.exe" ["ewido networks"]
Norton AntiVirus Auto Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton Unerase Protection, NProtectService, "C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
SymWMI Service, SymWSC, "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe" ["Symantec Corporation"]
WAN Miniport (ATW) Service, WANMiniportService, ""C:\WINDOWS\wanmpsvc.exe"" ["America Online, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 263 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 19 seconds.
---------- (total run time: 345 seconds)
Pam
If not at least here is the Silent Runners log:
"Silent Runners.vbs", revision 40.1, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\
"fxsvfw" = "C:\WINDOWS\system32\fxsvfw.exe" [file not found]
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MSMSGS" = ""C:\Program Files\Messenger\msmsgs.exe" /background" [MS]
"fxsvfw" = "C:\WINDOWS\system32\fxsvfw.exe" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"MMTray" = "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" ["MUSICMATCH, Inc."]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"AdaptecDirectCD" = ""C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"" ["Roxio"]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"ccRegVfy" = ""C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"" ["Symantec Corporation"]
"Advanced Tools Check" = "C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE" ["Symantec Corporation"]
"HostManager" = "C:\Program Files\Common Files\AOL\1104942569\EE\AOLHostManager.exe" ["America Online, Inc."]
"AOLDialer" = "C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" ["America Online"]
"AOL Spyware Protection" = ""C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"" [null data]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
"THGuard" = ""C:\Program Files\TrojanHunter 4.2\THGuard.exe"" ["Mischel Internet Security"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{53707962-6F74-2D53-2644-206D7942484F}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\SPYBOT~1\SDHelper.dll" ["Safer Networking Limited"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealPlayer\rpshellext.dll" ["RealNetworks"]
"{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec DirectCD Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\Roxio\EASYCD~1\DirectCD\Shellex.dll" ["Roxio"]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" = "TrojanHunter Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! wzcnotif\DLLName = "wzcdlg.dll" [MS]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
ewido\(Default) = "{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\context.dll" ["ewido networks"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\Web\Wallpaper\Bliss.bmp"
Enabled Screen Saver:
---------------------
HKCU\Control Panel\Desktop\
"SCRNSAVE.EXE" = "C:\WINDOWS\System32\ssflwbox.scr" [MS]
Startup items in "Pam" & "All Users" startup folders:
-----------------------------------------------------
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"America Online Tray Icon" -> shortcut to: "C:\Program Files\America Online 9.0\aoltray.exe -check" ["America Online, Inc."]
"Billminder" -> shortcut to: "C:\Program Files\Quicken\billmind.exe -startup" ["Intuit"]
"Digital Line Detect" -> shortcut to: "C:\Program Files\Digital Line Detect\DLG.exe" ["BVRP Software"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office10\OSA.EXE -b -l" [MS]
"Quicken Scheduled Updates" -> shortcut to: "C:\Program Files\Quicken\bagent.exe" ["Intuit Inc."]
"Quicken Startup" -> shortcut to: "C:\Program Files\Quicken\QWDLLS.EXE" ["Intuit"]
Enabled Scheduled Tasks:
------------------------
"Norton AntiVirus - Scan my computer" -> launches: "C:\PROGRA~1\NORTON~1\NAVW32.exe /task:C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\NORTON~1\Tasks\mycomp.sca" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Explorer Bars
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{FE54FA40-D68C-11D2-98FA-00C0F0318AFE}\ = "Real.com" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{79406F24-8E95-4AF8-9FEF-2EA2B504E707}\ = "BottomFrame Class"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "C:\WINDOWS\ttext.dll" [empty string]
HKLM\Software\Classes\CLSID\{8F7D96AA-489A-4194-AB34-21EF42507932}\ = "LeftFrame Class"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\WINDOWS\ttext.dll" [empty string]
HKLM\Software\Classes\CLSID\{9404901D-06DA-4B23-A0EE-3EA4F64EC9B3}\ = "MoneySide"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyviewer.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{4982D40A-C53B-4615-B15B-B5B5E98D167C}\
"ButtonText" = "AOL Toolbar"
"MenuText" = "AOL Toolbar"
"CLSIDExtension" = "{4982D40A-C53B-4615-B15B-B5B5E98D167C}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\AOL Toolbar\toolbar.dll" ["IE Toolbar"]
{9E248641-0E24-4DDB-9A1F-705087832AD6}\
"MenuText" = "Java"
{E023F504-0C5A-4750-A1E7-A9046DEA8A21}\
"ButtonText" = "MoneySide"
"CLSIDExtension" = "{301DA1EE-F65C-4188-A417-9E915CC8FBFA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyviewer.dll" [MS]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]
Miscellaneous IE Hijack Points
------------------------------
HKLM\Software\Microsoft\Internet Explorer\AboutURLs\
Missing lines (compared with English-language version):
HIJACK WARNING! "searchprovider" = "res://C:\WINDOWS\system\SEARCH~1.DLL/search.htm" [empty string]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
AOL Connectivity Service, AOL ACS, ""C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"" ["America Online"]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
ewido security suite guard, ewido security suite guard, "C:\Program Files\ewido\security suite\ewidoguard.exe" ["ewido networks"]
Norton AntiVirus Auto Protect Service, navapsvc, ""C:\Program Files\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
Norton Unerase Protection, NProtectService, "C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
SymWMI Service, SymWSC, "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe" ["Symantec Corporation"]
WAN Miniport (ATW) Service, WANMiniportService, ""C:\WINDOWS\wanmpsvc.exe"" ["America Online, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 263 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 19 seconds.
---------- (total run time: 345 seconds)
Attached Files
-
RootkitReveal.txt 84.76KB
82 downloads
#26
Posted 08 September 2005 - 05:06 AM
Wizard
-
- Retired Staff
-
- 5,661 posts
Retired Staff
Hang in there!
I have a few Doc Appts today and wont be able to make a decent Reply until tonight!
If you will,post a fresh HijackThis and WinPFind log and by this afternoon,hopefully some of the folks I asked for help from will have contacted me!
Thanks for all your Patience!
MJ
I have a few Doc Appts today and wont be able to make a decent Reply until tonight!
If you will,post a fresh HijackThis and WinPFind log and by this afternoon,hopefully some of the folks I asked for help from will have contacted me!
Thanks for all your Patience!
MJ
#27
Posted 08 September 2005 - 06:35 AM
PamPP
- Topic Starter
-
- Member
-
- 23 posts
Member
Good Morning,
Hope all goes well at the doctors!
Thanks for all your help so far - I have not had any pop ups for a few days now
Here are the 2 logs you requested:
Logfile of HijackThis v1.99.1
Scan saved at 8:29:52 AM, on 9/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\COMMON~1\AOL\110494~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110494~1\EE\AOLServiceHost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://69.28.210.175/media/1
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104942569\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [fxsvfw] C:\WINDOWS\system32\fxsvfw.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://69.41.164.115/smsx.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: CWShredder Service - Unknown owner - C:\DOCUME~1\Pam\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\79IAAKF9\CWShredder[1].exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 12/21/1999 7:58:02 AM 21312 C:\WINDOWS\choice.exe
UPX! 10/21/2004 3:27:34 PM 536576 C:\WINDOWS\glophone.exe
UPX! 10/21/2004 3:27:36 PM 25600 C:\WINDOWS\glousb.dll
UPX! 10/21/2004 3:27:34 PM 92245 C:\WINDOWS\iaxclient.dll
PECompact2 9/1/2005 5:27:36 PM 15716305 C:\WINDOWS\LPT$VPN.813
qoologic 9/1/2005 5:27:36 PM 15716305 C:\WINDOWS\LPT$VPN.813
SAHAgent 9/1/2005 5:27:36 PM 15716305 C:\WINDOWS\LPT$VPN.813
UPX! 9/1/2005 5:27:38 PM 170053 C:\WINDOWS\tsc.exe
PECompact2 9/1/2005 5:27:36 PM 15716305 C:\WINDOWS\VPTNFILE.813
qoologic 9/1/2005 5:27:36 PM 15716305 C:\WINDOWS\VPTNFILE.813
SAHAgent 9/1/2005 5:27:36 PM 15716305 C:\WINDOWS\VPTNFILE.813
UPX! 9/1/2005 5:27:38 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 9/1/2005 5:27:38 PM 1044560 C:\WINDOWS\vsapi32.dll
Checking %System% folder...
UPX! 10/21/2004 3:27:34 PM 222208 C:\WINDOWS\SYSTEM32\actskn43.ocx
PEC2 8/29/2002 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PTech 7/12/2005 6:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
UPX! 1/13/2005 9:41:48 PM 11254 C:\WINDOWS\SYSTEM32\locate.com
PECompact2 8/4/2005 10:01:54 AM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2005 10:01:54 AM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 1/20/2005 1:47:50 PM 175616 C:\WINDOWS\SYSTEM32\strings.exe
winsync 8/29/2002 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU
Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/8/2005 8:10:52 AM S 2048 C:\WINDOWS\BOOTSTAT.DAT
9/8/2005 7:35:08 AM H 54156 C:\WINDOWS\QTFont.qfn
8/9/2005 6:26:12 PM H 10820 C:\WINDOWS\Help\nocontnt.GID
8/16/2005 7:49:10 AM RHS 286777 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_61.cab
7/19/2005 7:18:10 PM S 18913 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
9/8/2005 8:10:42 AM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
9/8/2005 8:11:08 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
9/8/2005 8:10:54 AM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
9/8/2005 8:11:08 AM H 65536 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
9/8/2005 8:11:02 AM H 1019904 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
8/10/2005 3:18:44 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\USERDIFF.LOG
8/29/2005 9:15:42 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
9/7/2005 9:06:12 PM S 688 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
8/16/2005 4:09:20 PM S 7652 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C
9/7/2005 9:06:12 PM S 70191 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1
9/7/2005 9:06:12 PM S 94 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
8/16/2005 4:09:20 PM S 134 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C
9/7/2005 9:06:12 PM S 128 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1
8/21/2005 3:30:02 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\afa15143-1bd8-43ff-b2a0-e0fd6edcfd13
8/21/2005 3:30:02 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
9/8/2005 8:09:54 AM H 6 C:\WINDOWS\Tasks\SA.DAT
8/10/2005 7:50:20 PM HS 113 C:\WINDOWS\Temp\History\History.IE5\desktop.ini
8/10/2005 7:50:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
8/10/2005 7:50:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\33CH9QMU\desktop.ini
8/10/2005 7:50:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\5AE9MRF7\desktop.ini
8/10/2005 7:50:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KUWDUIWL\desktop.ini
8/10/2005 7:50:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\S3OXQZ0P\desktop.ini
Checking for CPL files...
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 4/7/2003 1:14:30 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 3:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 3:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 8/26/1996 2:12:00 AM R 341504 C:\WINDOWS\SYSTEM32\QTW32.CPL
Apple Computer, Inc. 1/6/2004 5:02:36 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 3:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Intel Corporation 4/7/2003 1:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxcpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
1/5/2005 1:04:56 PM 823 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online Tray Icon.lnk
8/3/2003 8:49:14 PM 1647 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
9/3/2002 10:00:00 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
7/30/2003 7:56:06 AM 567 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
7/30/2003 7:58:56 AM 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
8/3/2003 8:49:14 PM 675 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
8/3/2003 8:49:14 PM 675 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/3/2002 9:50:46 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
8/10/2005 8:58:14 PM 3 C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
Checking files in %USERPROFILE%\Startup folder...
9/3/2002 10:00:00 AM HS 84 C:\Documents and Settings\Pam\Start Menu\Programs\Startup\DESKTOP.INI
9/7/2005 7:30:06 PM 650 C:\Documents and Settings\Pam\Start Menu\Programs\Startup\SpywareGuard.lnk
Checking files in %USERPROFILE%\Application Data folder...
9/3/2002 9:50:46 AM HS 62 C:\Documents and Settings\Pam\Application Data\DESKTOP.INI
8/20/2003 6:03:20 PM 0 C:\Documents and Settings\Pam\Application Data\dm.ini
4/8/2004 3:33:42 PM 64760 C:\Documents and Settings\Pam\Application Data\GDIPFONTCACHEV1.DAT
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{81559C35-8464-49F7-BB0E-07A383BEF910} = C:\Program Files\SpywareGuard\spywareguard.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}
SpywareGuardDLBLOCK.CBrowserHelper = C:\Program Files\SpywareGuard\dlprotect.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4982D40A-C53B-4615-B15B-B5B5E98D167C}
ButtonText = AOL Toolbar :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}
MenuText = Java :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
ButtonText = MoneySide :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MMTray C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
AdaptecDirectCD "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Advanced Tools Check C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
HostManager C:\Program Files\Common Files\AOL\1104942569\EE\AOLHostManager.exe
AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
AOL Spyware Protection "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
THGuard "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
fxsvfw C:\WINDOWS\system32\fxsvfw.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
fxsvfw C:\WINDOWS\system32\fxsvfw.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.5 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/8/2005 8:24:00 AM
Hope all goes well at the doctors!
Thanks for all your help so far - I have not had any pop ups for a few days now
Here are the 2 logs you requested:
Logfile of HijackThis v1.99.1
Scan saved at 8:29:52 AM, on 9/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\COMMON~1\AOL\110494~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110494~1\EE\AOLServiceHost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://69.28.210.175/media/1
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104942569\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [fxsvfw] C:\WINDOWS\system32\fxsvfw.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://69.41.164.115/smsx.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: CWShredder Service - Unknown owner - C:\DOCUME~1\Pam\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\79IAAKF9\CWShredder[1].exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 12/21/1999 7:58:02 AM 21312 C:\WINDOWS\choice.exe
UPX! 10/21/2004 3:27:34 PM 536576 C:\WINDOWS\glophone.exe
UPX! 10/21/2004 3:27:36 PM 25600 C:\WINDOWS\glousb.dll
UPX! 10/21/2004 3:27:34 PM 92245 C:\WINDOWS\iaxclient.dll
PECompact2 9/1/2005 5:27:36 PM 15716305 C:\WINDOWS\LPT$VPN.813
qoologic 9/1/2005 5:27:36 PM 15716305 C:\WINDOWS\LPT$VPN.813
SAHAgent 9/1/2005 5:27:36 PM 15716305 C:\WINDOWS\LPT$VPN.813
UPX! 9/1/2005 5:27:38 PM 170053 C:\WINDOWS\tsc.exe
PECompact2 9/1/2005 5:27:36 PM 15716305 C:\WINDOWS\VPTNFILE.813
qoologic 9/1/2005 5:27:36 PM 15716305 C:\WINDOWS\VPTNFILE.813
SAHAgent 9/1/2005 5:27:36 PM 15716305 C:\WINDOWS\VPTNFILE.813
UPX! 9/1/2005 5:27:38 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 9/1/2005 5:27:38 PM 1044560 C:\WINDOWS\vsapi32.dll
Checking %System% folder...
UPX! 10/21/2004 3:27:34 PM 222208 C:\WINDOWS\SYSTEM32\actskn43.ocx
PEC2 8/29/2002 6:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PTech 7/12/2005 6:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
UPX! 1/13/2005 9:41:48 PM 11254 C:\WINDOWS\SYSTEM32\locate.com
PECompact2 8/4/2005 10:01:54 AM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2005 10:01:54 AM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 1/20/2005 1:47:50 PM 175616 C:\WINDOWS\SYSTEM32\strings.exe
winsync 8/29/2002 6:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU
Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/8/2005 8:10:52 AM S 2048 C:\WINDOWS\BOOTSTAT.DAT
9/8/2005 7:35:08 AM H 54156 C:\WINDOWS\QTFont.qfn
8/9/2005 6:26:12 PM H 10820 C:\WINDOWS\Help\nocontnt.GID
8/16/2005 7:49:10 AM RHS 286777 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_61.cab
7/19/2005 7:18:10 PM S 18913 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
9/8/2005 8:10:42 AM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
9/8/2005 8:11:08 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
9/8/2005 8:10:54 AM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
9/8/2005 8:11:08 AM H 65536 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
9/8/2005 8:11:02 AM H 1019904 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
8/10/2005 3:18:44 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\USERDIFF.LOG
8/29/2005 9:15:42 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
9/7/2005 9:06:12 PM S 688 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5
8/16/2005 4:09:20 PM S 7652 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C
9/7/2005 9:06:12 PM S 70191 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1
9/7/2005 9:06:12 PM S 94 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5
8/16/2005 4:09:20 PM S 134 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C
9/7/2005 9:06:12 PM S 128 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1
8/21/2005 3:30:02 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\afa15143-1bd8-43ff-b2a0-e0fd6edcfd13
8/21/2005 3:30:02 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
9/8/2005 8:09:54 AM H 6 C:\WINDOWS\Tasks\SA.DAT
8/10/2005 7:50:20 PM HS 113 C:\WINDOWS\Temp\History\History.IE5\desktop.ini
8/10/2005 7:50:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
8/10/2005 7:50:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\33CH9QMU\desktop.ini
8/10/2005 7:50:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\5AE9MRF7\desktop.ini
8/10/2005 7:50:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\KUWDUIWL\desktop.ini
8/10/2005 7:50:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\S3OXQZ0P\desktop.ini
Checking for CPL files...
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 4/7/2003 1:14:30 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 3:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 3:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 8/26/1996 2:12:00 AM R 341504 C:\WINDOWS\SYSTEM32\QTW32.CPL
Apple Computer, Inc. 1/6/2004 5:02:36 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 6:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 3:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Intel Corporation 4/7/2003 1:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxcpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
1/5/2005 1:04:56 PM 823 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online Tray Icon.lnk
8/3/2003 8:49:14 PM 1647 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk
9/3/2002 10:00:00 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
7/30/2003 7:56:06 AM 567 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
7/30/2003 7:58:56 AM 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
8/3/2003 8:49:14 PM 675 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
8/3/2003 8:49:14 PM 675 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/3/2002 9:50:46 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
8/10/2005 8:58:14 PM 3 C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
Checking files in %USERPROFILE%\Startup folder...
9/3/2002 10:00:00 AM HS 84 C:\Documents and Settings\Pam\Start Menu\Programs\Startup\DESKTOP.INI
9/7/2005 7:30:06 PM 650 C:\Documents and Settings\Pam\Start Menu\Programs\Startup\SpywareGuard.lnk
Checking files in %USERPROFILE%\Application Data folder...
9/3/2002 9:50:46 AM HS 62 C:\Documents and Settings\Pam\Application Data\DESKTOP.INI
8/20/2003 6:03:20 PM 0 C:\Documents and Settings\Pam\Application Data\dm.ini
4/8/2004 3:33:42 PM 64760 C:\Documents and Settings\Pam\Application Data\GDIPFONTCACHEV1.DAT
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{81559C35-8464-49F7-BB0E-07A383BEF910} = C:\Program Files\SpywareGuard\spywareguard.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}
SpywareGuardDLBLOCK.CBrowserHelper = C:\Program Files\SpywareGuard\dlprotect.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4982D40A-C53B-4615-B15B-B5B5E98D167C}
ButtonText = AOL Toolbar :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}
MenuText = Java :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
ButtonText = MoneySide :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MMTray C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
AdaptecDirectCD "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
Advanced Tools Check C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
HostManager C:\Program Files\Common Files\AOL\1104942569\EE\AOLHostManager.exe
AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
AOL Spyware Protection "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
THGuard "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
fxsvfw C:\WINDOWS\system32\fxsvfw.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
fxsvfw C:\WINDOWS\system32\fxsvfw.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableTaskMgr 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.5 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/8/2005 8:24:00 AM
#28
Posted 09 September 2005 - 06:07 AM
Wizard
-
- Retired Staff
-
- 5,661 posts
Retired Staff
Well,it looks alot better than I thought it would!
Download CCleaner from here
http://www.filehippo...d_ccleaner.html
Copy the text in the Code Box to a blank notepad page and Save it to the Desktop as rem.reg but dont run it just yet!
Highlight the list below and press Ctrl+C to Copy!
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\!update-2304[1].0000
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\!update-2314[1].0000
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\!update-2324[1].0000
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\!update-2364[1].0000
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\!update-2384[1].0000
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OT2JQP0H\!update-2344[1].0000
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OT2JQP0H\!update-2354[1].0000
C:\WINDOWS\SYSTEM32\covhu.dll.tcf
C:\WINDOWS\SYSTEM32\fyrhg.dll.tcf
C:\WINDOWS\SYSTEM32\shopinst.exe
C:\WINDOWS\SYSTEM32\w130713.Stub.exe
C:\WINDOWS\system32\fxsvfw.exe
C:\WINDOWS\system\SEARCH~1.DLL
C:\WINDOWS\ttext.dll
Open Pocket Killbox-> Click File-> Click Paste from Clipboard!
Place a tick by Delete on Reboot-> Click the Red Circle to Delete!
Click Yes to the Prompts that follow and let Killbox Reboot the PC!
Restart in Safe Mode-> Locate and Double Click rem.reg and Allow it to merge into the Registry!
Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://69.28.210.175/media/1
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://69.41.164.115/smsx.cab
Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!
Open Up CCleaner-> Click the Run Cleaner tab and let it do its thing!
Restart Normal and Install these 2 to add to the Security of the PC!
SpywareBlaster:
http://www.javacools...areblaster.html
Update Immediatly!
WinHelp2002 Hosts File
http://www.mvps.org/...p2002/hosts.htm
Made Easy
http://www.mvps.org/...2002/hosts2.htm
Click Start-> Run-> Copy&Paste the bold text below into the Open Box and Click OK!
regedit /e c:\key.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\webcal"
Now locate C:\key.txt and post it along with a fresh HijackThis log!
Download CCleaner from here
http://www.filehippo...d_ccleaner.html
Copy the text in the Code Box to a blank notepad page and Save it to the Desktop as rem.reg but dont run it just yet!
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"fxsvfw"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"fxsvfw"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs]
"searchprovider"=-
[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{79406F24-8E95-4AF8-9FEF-2EA2B504E707}]
[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{8F7D96AA-489A-4194-AB34-21EF42507932}]Highlight the list below and press Ctrl+C to Copy!
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\!update-2304[1].0000
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\!update-2314[1].0000
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\!update-2324[1].0000
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\!update-2364[1].0000
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\!update-2384[1].0000
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OT2JQP0H\!update-2344[1].0000
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OT2JQP0H\!update-2354[1].0000
C:\WINDOWS\SYSTEM32\covhu.dll.tcf
C:\WINDOWS\SYSTEM32\fyrhg.dll.tcf
C:\WINDOWS\SYSTEM32\shopinst.exe
C:\WINDOWS\SYSTEM32\w130713.Stub.exe
C:\WINDOWS\system32\fxsvfw.exe
C:\WINDOWS\system\SEARCH~1.DLL
C:\WINDOWS\ttext.dll
Open Pocket Killbox-> Click File-> Click Paste from Clipboard!
Place a tick by Delete on Reboot-> Click the Red Circle to Delete!
Click Yes to the Prompts that follow and let Killbox Reboot the PC!
Restart in Safe Mode-> Locate and Double Click rem.reg and Allow it to merge into the Registry!
Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet!
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://69.28.210.175/media/1
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://69.41.164.115/smsx.cab
Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button!
Open Up CCleaner-> Click the Run Cleaner tab and let it do its thing!
Restart Normal and Install these 2 to add to the Security of the PC!
SpywareBlaster:
http://www.javacools...areblaster.html
Update Immediatly!
WinHelp2002 Hosts File
http://www.mvps.org/...p2002/hosts.htm
Made Easy
http://www.mvps.org/...2002/hosts2.htm
Click Start-> Run-> Copy&Paste the bold text below into the Open Box and Click OK!
regedit /e c:\key.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\webcal"
Now locate C:\key.txt and post it along with a fresh HijackThis log!
#29
Posted 09 September 2005 - 07:11 AM
PamPP
- Topic Starter
-
- Member
-
- 23 posts
Member
Good Morning,
Here are the 2 logs requested:
c:\key.txt copy
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\webcal]
"URL Protocol"="URL Pr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\webcal\shell]
Hijack This Log:
Logfile of HijackThis v1.99.1
Scan saved at 9:11:05 AM, on 9/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\AOL\110494~1\EE\AOLHOS~1.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\COMMON~1\AOL\110494~1\EE\AOLServiceHost.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\America Online 9.0\waol.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104942569\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFE3E87C-FD60-4A8F-BCCD-1B433F74119A}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: CWShredder Service - Unknown owner - C:\DOCUME~1\Pam\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\79IAAKF9\CWShredder[1].exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Here are the 2 logs requested:
c:\key.txt copy
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\webcal]
"URL Protocol"="URL Pr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\webcal\shell]
Hijack This Log:
Logfile of HijackThis v1.99.1
Scan saved at 9:11:05 AM, on 9/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\COMMON~1\AOL\110494~1\EE\AOLHOS~1.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\COMMON~1\AOL\110494~1\EE\AOLServiceHost.exe
C:\Program Files\America Online 9.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\America Online 9.0\waol.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\America Online 9.0\aolwbspd.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1104942569\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: America Online Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AFE3E87C-FD60-4A8F-BCCD-1B433F74119A}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: CWShredder Service - Unknown owner - C:\DOCUME~1\Pam\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\79IAAKF9\CWShredder[1].exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
#30
Posted 09 September 2005 - 07:37 AM
Wizard
-
- Retired Staff
-
- 5,661 posts
Retired Staff
Now for the Big Question???
How is the PC running?
How is the PC running?
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
