Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please look at my HiJack This Log - A lot of problems

Started by comp98 , Nov 25 2005 11:17 PM

  • Please log in to reply

#1
comp98
Posted 25 November 2005 - 11:17 PM

comp98

    Member

  • Member
  • PipPip
  • 42 posts
Logfile of HijackThis v1.99.1
Scan saved at 3:48:58 PM, on 11/25/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE
c:\winnt\system32\cloudsim.exe
c:\winnt\system32\cloudsim.exe
c:\winnt\system32\msotme.exe
c:\winnt\system32\msotme.exe
c:\winnt\system32\dmccla.exe
c:\winnt\system32\dmccla.exe
c:\winnt\system32\rasknt.exe
c:\winnt\system32\rasknt.exe
c:\winnt\system32\wuaupd.exe
c:\winnt\system32\wuaupd.exe
c:\winnt\system32\comdkc.exe
c:\winnt\system32\mllihn.exe
c:\winnt\system32\nddjet.exe
c:\winnt\system32\nddjet.exe
c:\winnt\system32\faxoun.exe
c:\winnt\system32\comdkc.exe
c:\winnt\system32\mllihn.exe
c:\winnt\system32\faxoun.exe
c:\winnt\system32\oderwv.exe
c:\winnt\system32\oderwv.exe
c:\winnt\system32\spuvci.exe
c:\winnt\system32\spuvci.exe
c:\winnt\system32\catvci.exe
c:\winnt\system32\catvci.exe
c:\winnt\system32\msiskp.exe
c:\winnt\system32\msiskp.exe
c:\winnt\system32\sysrmo.exe
c:\winnt\system32\sysrmo.exe
c:\winnt\system32\msnmas.exe
c:\winnt\system32\msnmas.exe
c:\winnt\system32\iphidp.exe
c:\winnt\system32\iphidp.exe
c:\winnt\system32\dskpco.exe
c:\winnt\system32\dskpco.exe
c:\winnt\system32\wowpla.exe
c:\winnt\system32\wowpla.exe
c:\winnt\system32\msvipl.exe
c:\winnt\system32\msvipl.exe
c:\winnt\system32\scaico.exe
c:\winnt\system32\scaico.exe
c:\winnt\system32\winotv.exe
c:\winnt\system32\winotv.exe
c:\winnt\system32\mnmell.exe
c:\winnt\system32\mnmell.exe
c:\winnt\system32\olevae.exe
c:\winnt\system32\olevae.exe
c:\winnt\system32\digmc4.exe
c:\winnt\system32\dxtlag.exe
c:\winnt\system32\digmc4.exe
c:\winnt\system32\dxtlag.exe
c:\winnt\system32\raseve.exe
c:\winnt\system32\raseve.exe
c:\winnt\system32\scrlss.exe
c:\winnt\system32\scrlss.exe
c:\winnt\system32\msvdim.exe
c:\winnt\system32\msvdim.exe
c:\winnt\system32\wscser.exe
c:\winnt\system32\wscser.exe
c:\winnt\system32\rouddu.exe
c:\winnt\system32\rouddu.exe
c:\winnt\system32\polled.exe
c:\winnt\system32\polled.exe
c:\winnt\system32\msepmp.exe
c:\winnt\system32\msepmp.exe
c:\winnt\system32\pscsmu.exe
c:\winnt\system32\pscsmu.exe
c:\winnt\system32\mtxtim.exe
c:\winnt\system32\mtxtim.exe
c:\winnt\system32\wshtre.exe
c:\winnt\system32\win2ti.exe
c:\winnt\system32\snmuti.exe
c:\winnt\system32\snmuti.exe
c:\winnt\system32\wshtre.exe
c:\winnt\system32\win2ti.exe
c:\winnt\system32\faxnsc.exe
c:\winnt\system32\faxnsc.exe
c:\winnt\system32\mtxppc.exe
c:\winnt\system32\mtxppc.exe
c:\winnt\system32\cabcon.exe
c:\winnt\system32\cabcon.exe
c:\winnt\system32\desadm.exe
c:\winnt\system32\desadm.exe
c:\winnt\system32\datque.exe
c:\winnt\system32\datque.exe
c:\winnt\system32\winaup.exe
c:\winnt\system32\winaup.exe
c:\winnt\system32\wincpm.exe
c:\winnt\system32\wincpm.exe
c:\winnt\system32\mnmacm.exe
c:\winnt\system32\mnmacm.exe
c:\winnt\system32\ricnve.exe
c:\winnt\system32\ricnve.exe
c:\winnt\system32\dbmhtm.exe
c:\winnt\system32\stodea.exe
c:\winnt\system32\stodea.exe
c:\winnt\system32\dxmmpa.exe
c:\winnt\system32\dbmhtm.exe
c:\winnt\system32\jdbnch.exe
c:\winnt\system32\dxmmpa.exe
c:\winnt\system32\msjl5m.exe
c:\winnt\system32\jdbnch.exe
c:\winnt\system32\insnkc.exe
c:\winnt\system32\insnkc.exe
c:\winnt\system32\mspdkl.exe
c:\winnt\system32\mssiex.exe
c:\winnt\system32\msjl5m.exe
c:\winnt\system32\mspdkl.exe
c:\winnt\system32\mssiex.exe
c:\winnt\system32\accods.exe
c:\winnt\system32\accods.exe
c:\winnt\system32\ntmvvp.exe
c:\winnt\system32\ntmvvp.exe
c:\winnt\system32\iphemb.exe
c:\winnt\system32\iphemb.exe
c:\winnt\system32\icccsa.exe
c:\winnt\system32\faxecl.exe
c:\winnt\system32\msvrne.exe
c:\winnt\system32\msvrne.exe
c:\winnt\system32\icccsa.exe
c:\winnt\system32\nwassv.exe
c:\winnt\system32\faxecl.exe
c:\winnt\system32\nwassv.exe
c:\winnt\system32\smlnur.exe
c:\winnt\system32\smlnur.exe
c:\winnt\system32\setdsk.exe
c:\winnt\system32\setdsk.exe
c:\winnt\system32\sdbsdu.exe
c:\winnt\system32\sdbsdu.exe
c:\winnt\system32\odbiei.exe
c:\winnt\system32\expxes.exe
c:\winnt\system32\jdbpes.exe
c:\winnt\system32\jdbpes.exe
c:\winnt\system32\odbiei.exe
c:\winnt\system32\expxes.exe
c:\winnt\system32\smldtc.exe
c:\winnt\system32\smldtc.exe
c:\winnt\system32\narffr.exe
c:\winnt\system32\drmsse.exe
c:\winnt\system32\drmsse.exe
c:\winnt\system32\narffr.exe
c:\winnt\system32\msv3re.exe
c:\winnt\system32\msv3re.exe
c:\winnt\system32\odelan.exe
c:\winnt\system32\oakdsb.exe
c:\winnt\system32\oakdsb.exe
c:\winnt\system32\odelan.exe
c:\winnt\system32\ntmemi.exe
c:\winnt\system32\ntmemi.exe
c:\winnt\system32\dplwts.exe
c:\winnt\system32\dplwts.exe
c:\winnt\system32\dpldsr.exe
c:\winnt\system32\dpldsr.exe
c:\winnt\system32\mshhsn.exe
c:\winnt\system32\mshhsn.exe
c:\winnt\system32\net3rv.exe
c:\winnt\system32\net3rv.exe
c:\winnt\system32\comsec.exe
c:\winnt\system32\comsec.exe
c:\winnt\system32\ir4ecm.exe
c:\winnt\system32\ir4ecm.exe
c:\winnt\system32\tragut.exe
c:\winnt\system32\tragut.exe
c:\winnt\system32\brodrt.exe
c:\winnt\system32\brodrt.exe
c:\winnt\system32\rasidn.exe
c:\winnt\system32\rasidn.exe
c:\winnt\system32\dgrass.exe
c:\winnt\system32\dgrass.exe
c:\winnt\system32\netvcp.exe
c:\winnt\system32\netvcp.exe
c:\winnt\system32\mapvui.exe
c:\winnt\system32\mapvui.exe
c:\winnt\system32\cryxdr.exe
c:\winnt\system32\cryxdr.exe
c:\winnt\system32\pstvrn.exe
c:\winnt\system32\pstvrn.exe
c:\winnt\system32\wowire.exe
c:\winnt\system32\dinvxc.exe
c:\winnt\system32\wowire.exe
c:\winnt\system32\os2teo.exe
c:\winnt\system32\dinvxc.exe
c:\winnt\system32\os2teo.exe
c:\winnt\system32\cormpt.exe
c:\winnt\system32\cormpt.exe
c:\winnt\system32\newseg.exe
c:\winnt\system32\newseg.exe
c:\winnt\system32\efsinp.exe
c:\winnt\system32\efsinp.exe
c:\winnt\system32\cmmhtm.exe
c:\winnt\system32\cmmhtm.exe
c:\winnt\system32\wshwst.exe
c:\winnt\system32\wshwst.exe
c:\winnt\system32\faxm2c.exe
c:\winnt\system32\faxm2c.exe
c:\winnt\system32\cdooun.exe
c:\winnt\system32\cdooun.exe
c:\winnt\system32\ir5cnp.exe
c:\winnt\system32\nlsxle.exe
c:\winnt\system32\nlsxle.exe
c:\winnt\system32\ir5cnp.exe
c:\winnt\system32\jpeetm.exe
c:\winnt\system32\jpeetm.exe
c:\winnt\system32\shsnds.exe
c:\winnt\system32\shsnds.exe
c:\winnt\system32\xposcr.exe
c:\winnt\system32\indcup.exe
c:\winnt\system32\samhrn.exe
c:\winnt\system32\indcup.exe
c:\winnt\system32\xposcr.exe
c:\winnt\system32\samhrn.exe
c:\winnt\system32\msldsn.exe
c:\winnt\system32\msldsn.exe
c:\winnt\system32\shigtd.exe
c:\winnt\system32\shigtd.exe
c:\winnt\system32\eudxdc.exe
c:\winnt\system32\itifco.exe
c:\winnt\system32\itifco.exe
c:\winnt\system32\eudxdc.exe
c:\winnt\system32\faxtdg.exe
c:\winnt\system32\faxtdg.exe
c:\winnt\system32\esexts.exe
c:\winnt\system32\esexts.exe
c:\winnt\system32\rascpv.exe
c:\winnt\system32\rascpv.exe
c:\winnt\system32\cabppd.exe
c:\winnt\system32\winsir.exe
c:\winnt\system32\trampd.exe
c:\winnt\system32\cabppd.exe
c:\winnt\system32\winsir.exe
c:\winnt\system32\trampd.exe
c:\winnt\system32\ieagbp.exe
c:\winnt\system32\ieagbp.exe
c:\winnt\system32\msvshw.exe
c:\winnt\system32\kbdtks.exe
c:\winnt\system32\kbdtks.exe
c:\winnt\system32\msvshw.exe
c:\winnt\system32\unicla.exe
c:\winnt\system32\unicla.exe
c:\winnt\system32\pjlmcs.exe
c:\winnt\system32\pjlmcs.exe
c:\winnt\system32\dbgtlo.exe
c:\winnt\system32\dbgtlo.exe
c:\winnt\system32\dcotco.exe
c:\winnt\system32\dcotco.exe
c:\winnt\system32\stiusr.exe
c:\winnt\system32\stiusr.exe
c:\winnt\system32\esesdx.exe
c:\winnt\system32\esesdx.exe
c:\winnt\system32\msrmbr.exe
c:\winnt\system32\msrmbr.exe
c:\winnt\system32\evelog.exe
c:\winnt\system32\ir5bnt.exe
c:\winnt\system32\evelog.exe
c:\winnt\system32\cdog41.exe
c:\winnt\system32\ir5bnt.exe
c:\winnt\system32\cdog41.exe
c:\winnt\system32\admart.exe
c:\winnt\system32\admart.exe
c:\winnt\system32\win5cs.exe
c:\winnt\system32\win5cs.exe
c:\winnt\system32\cidcrg.exe
c:\winnt\system32\senfep.exe
c:\winnt\system32\senfep.exe
c:\winnt\system32\cidcrg.exe
c:\winnt\system32\appsxb.exe
c:\winnt\system32\appsxb.exe
c:\winnt\system32\netdar.exe
c:\winnt\system32\xifotr.exe
c:\winnt\system32\netdar.exe
c:\winnt\system32\xifotr.exe
c:\winnt\system32\isilpm.exe
c:\winnt\system32\isilpm.exe
c:\winnt\system32\intxps.exe
c:\winnt\system32\intxps.exe
c:\winnt\system32\javhrn.exe
c:\winnt\system32\javhrn.exe
c:\winnt\system32\nddscp.exe
c:\winnt\system32\nddscp.exe
c:\winnt\system32\winrgm.exe
c:\winnt\system32\winrgm.exe
c:\winnt\system32\kbdopi.exe
c:\winnt\system32\kbdopi.exe
c:\winnt\system32\icwdni.exe
c:\winnt\system32\icwdni.exe
c:\winnt\system32\gpepsc.exe
c:\winnt\system32\gpepsc.exe
c:\winnt\system32\apphsv.exe
c:\winnt\system32\despmp.exe
c:\winnt\system32\apphsv.exe
c:\winnt\system32\despmp.exe
c:\winnt\system32\mnmdcs.exe
c:\winnt\system32\mnmdcs.exe
c:\winnt\system32\kbdotc.exe
c:\winnt\system32\kbdotc.exe
c:\winnt\system32\perpjs.exe
c:\winnt\system32\perpjs.exe
c:\winnt\system32\jdblsr.exe
c:\winnt\system32\jdblsr.exe
c:\winnt\system32\gpken1.exe
c:\winnt\system32\gpken1.exe
c:\winnt\system32\cmpa25.exe
c:\winnt\system32\boomim.exe
c:\winnt\system32\cmpa25.exe
c:\winnt\system32\boomim.exe
c:\winnt\system32\thetmv.exe
c:\winnt\system32\thetmv.exe
c:\winnt\system32\lprvpm.exe
c:\winnt\system32\lprvpm.exe
c:\winnt\system32\logosn.exe
c:\winnt\system32\logosn.exe
c:\winnt\system32\ie4gn3.exe
c:\winnt\system32\ie4gn3.exe
c:\winnt\system32\tcmddi.exe
c:\winnt\system32\tcmddi.exe
c:\winnt\system32\comxml.exe
c:\winnt\system32\msrpet.exe
c:\winnt\system32\iepcsd.exe
c:\winnt\system32\msdiva.exe
c:\winnt\system32\msdiva.exe
c:\winnt\system32\iepcsd.exe
c:\winnt\system32\dpsfep.exe
c:\winnt\system32\winats.exe
c:\winnt\system32\dxtfdt.exe
c:\winnt\system32\polvms.exe
c:\winnt\system32\faxdbk.exe
c:\winnt\system32\dpsfep.exe
c:\winnt\system32\clin32.exe
c:\winnt\system32\clin32.exe
c:\winnt\system32\mfcewd.exe
c:\winnt\system32\ntpell.exe
c:\winnt\system32\dpwsgs.exe
c:\winnt\system32\syssom.exe
c:\winnt\system32\syssom.exe
c:\winnt\system32\dpwsgs.exe
c:\winnt\system32\imgext.exe
c:\winnt\system32\devtri.exe
c:\winnt\system32\rpcitu.exe
c:\winnt\system32\snmtmc.exe
c:\winnt\system32\sencpv.exe
c:\winnt\system32\devtri.exe
c:\winnt\system32\cnbaps.exe
c:\winnt\system32\rpcitu.exe
c:\winnt\system32\ras4ec.exe
c:\winnt\system32\snmtmc.exe
c:\winnt\system32\sencpv.exe
C:\WINNT\system32\drwtsn32.exe
c:\winnt\system32\winats.exe
c:\winnt\system32\dxtfdt.exe
c:\winnt\system32\cnbaps.exe
c:\winnt\system32\ntpell.exe
c:\winnt\system32\polvms.exe
c:\winnt\system32\faxdbk.exe
c:\winnt\system32\pruttct.exe
c:\winnt\system32\ras4ec.exe
c:\winnt\system32\comxml.exe
c:\winnt\system32\imgext.exe
c:\winnt\system32\mfcewd.exe
C:\hijack\HijackThis.exe
c:\winnt\system32\aircity.exe
c:\winnt\system32\msnpgu.exe
C:\WINNT\system32\taskmgr.exe
c:\winnt\system32\newnet33.exe
C:\Program Files\CleanUp!\Cleanup.exe
c:\winnt\system32\rpcitu.exe
c:\winnt\system32\devtri.exe
c:\winnt\system32\msrpet.exe
c:\winnt\system32\sprmgr.exe
c:\winnt\system32\devtri.exe

R3 - Default URLSearchHook is missing
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\saishook.dll
O2 - BHO: CControl Object - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - C:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINNT\system32\xsbyc.exe
O4 - HKCU\..\Run: [wsnrem] C:\winnt\system32\wsnrem.exe
O4 - HKCU\..\Run: [wzctcp] c:\winnt\system32\wzctcp.exe
O4 - HKCU\..\Run: [scrdpd] c:\winnt\system32\scrdpd.exe
O4 - HKCU\..\Run: [perueg] c:\winnt\system32\perueg.exe
O4 - HKCU\..\Run: [olexmp] c:\winnt\system32\olexmp.exe
O4 - HKCU\..\Run: [boolst] C:\winnt\system32\boolst.exe
O4 - HKCU\..\Run: [jpemfs] c:\winnt\system32\jpemfs.exe
O4 - HKCU\..\Run: [usemym] c:\winnt\system32\usemym.exe
O4 - HKCU\..\Run: [comnex] c:\winnt\system32\comnex.exe
O4 - HKCU\..\Run: [sclenc] c:\winnt\system32\sclenc.exe
O4 - HKCU\..\Run: [ntbpmo] C:\winnt\system32\ntbpmo.exe
O4 - HKCU\..\Run: [ipxvia] c:\winnt\system32\ipxvia.exe
O4 - HKCU\..\Run: [roumli] c:\winnt\system32\roumli.exe
O4 - HKCU\..\Run: [ieaa2e] c:\winnt\system32\ieaa2e.exe
O4 - HKCU\..\Run: [msotme] c:\winnt\system32\msotme.exe
O4 - HKCU\..\Run: [cloudsim] c:\winnt\system32\cloudsim.exe
O4 - HKCU\..\Run: [dmccla] c:\winnt\system32\dmccla.exe
O4 - HKCU\..\Run: [rasknt] c:\winnt\system32\rasknt.exe
O4 - HKCU\..\Run: [wuaupd] c:\winnt\system32\wuaupd.exe
O4 - HKCU\..\Run: [nddjet] c:\winnt\system32\nddjet.exe
O4 - HKCU\..\Run: [mllihn] c:\winnt\system32\mllihn.exe
O4 - HKCU\..\Run: [comdkc] c:\winnt\system32\comdkc.exe
O4 - HKCU\..\Run: [faxoun] c:\winnt\system32\faxoun.exe
O4 - HKCU\..\Run: [oderwv] c:\winnt\system32\oderwv.exe
O4 - HKCU\..\Run: [spuvci] c:\winnt\system32\spuvci.exe
O4 - HKCU\..\Run: [catvci] c:\winnt\system32\catvci.exe
O4 - HKCU\..\Run: [msiskp] c:\winnt\system32\msiskp.exe
O4 - HKCU\..\Run: [sysrmo] c:\winnt\system32\sysrmo.exe
O4 - HKCU\..\Run: [msnmas] c:\winnt\system32\msnmas.exe
O4 - HKCU\..\Run: [iphidp] c:\winnt\system32\iphidp.exe
O4 - HKCU\..\Run: [dskpco] c:\winnt\system32\dskpco.exe
O4 - HKCU\..\Run: [wowpla] c:\winnt\system32\wowpla.exe
O4 - HKCU\..\Run: [msvipl] c:\winnt\system32\msvipl.exe
O4 - HKCU\..\Run: [scaico] c:\winnt\system32\scaico.exe
O4 - HKCU\..\Run: [winotv] c:\winnt\system32\winotv.exe
O4 - HKCU\..\Run: [mnmell] c:\winnt\system32\mnmell.exe
O4 - HKCU\..\Run: [olevae] c:\winnt\system32\olevae.exe
O4 - HKCU\..\Run: [digmc4] c:\winnt\system32\digmc4.exe
O4 - HKCU\..\Run: [dxtlag] c:\winnt\system32\dxtlag.exe
O4 - HKCU\..\Run: [raseve] c:\winnt\system32\raseve.exe
O4 - HKCU\..\Run: [scrlss] c:\winnt\system32\scrlss.exe
O4 - HKCU\..\Run: [wscser] c:\winnt\system32\wscser.exe
O4 - HKCU\..\Run: [rouddu] c:\winnt\system32\rouddu.exe
O4 - HKCU\..\Run: [polled] c:\winnt\system32\polled.exe
O4 - HKCU\..\Run: [msepmp] c:\winnt\system32\msepmp.exe
O4 - HKCU\..\Run: [pscsmu] c:\winnt\system32\pscsmu.exe
O4 - HKCU\..\Run: [mtxtim] c:\winnt\system32\mtxtim.exe
O4 - HKCU\..\Run: [win2ti] c:\winnt\system32\win2ti.exe
O4 - HKCU\..\Run: [snmuti] c:\winnt\system32\snmuti.exe
O4 - HKCU\..\Run: [wshtre] c:\winnt\system32\wshtre.exe
O4 - HKCU\..\Run: [faxnsc] c:\winnt\system32\faxnsc.exe
O4 - HKCU\..\Run: [mtxppc] c:\winnt\system32\mtxppc.exe
O4 - HKCU\..\Run: [cabcon] c:\winnt\system32\cabcon.exe
O4 - HKCU\..\Run: [desadm] c:\winnt\system32\desadm.exe
O4 - HKCU\..\Run: [datque] c:\winnt\system32\datque.exe
O4 - HKCU\..\Run: [winaup] c:\winnt\system32\winaup.exe
O4 - HKCU\..\Run: [wincpm] c:\winnt\system32\wincpm.exe
O4 - HKCU\..\Run: [mnmacm] c:\winnt\system32\mnmacm.exe
O4 - HKCU\..\Run: [ricnve] c:\winnt\system32\ricnve.exe
O4 - HKCU\..\Run: [stodea] c:\winnt\system32\stodea.exe
O4 - HKCU\..\Run: [dbmhtm] c:\winnt\system32\dbmhtm.exe
O4 - HKCU\..\Run: [dxmmpa] c:\winnt\system32\dxmmpa.exe
O4 - HKCU\..\Run: [mspdkl] c:\winnt\system32\mspdkl.exe
O4 - HKCU\..\Run: [jdbnch] c:\winnt\system32\jdbnch.exe
O4 - HKCU\..\Run: [insnkc] c:\winnt\system32\insnkc.exe
O4 - HKCU\..\Run: [msjl5m] c:\winnt\system32\msjl5m.exe
O4 - HKCU\..\Run: [mssiex] c:\winnt\system32\mssiex.exe
O4 - HKCU\..\Run: [accods] c:\winnt\system32\accods.exe
O4 - HKCU\..\Run: [ntmvvp] c:\winnt\system32\ntmvvp.exe
O4 - HKCU\..\Run: [iphemb] c:\winnt\system32\iphemb.exe
O4 - HKCU\..\Run: [icccsa] c:\winnt\system32\icccsa.exe
O4 - HKCU\..\Run: [faxecl] c:\winnt\system32\faxecl.exe
O4 - HKCU\..\Run: [msvrne] c:\winnt\system32\msvrne.exe
O4 - HKCU\..\Run: [nwassv] c:\winnt\system32\nwassv.exe
O4 - HKCU\..\Run: [smlnur] c:\winnt\system32\smlnur.exe
O4 - HKCU\..\Run: [setdsk] c:\winnt\system32\setdsk.exe
O4 - HKCU\..\Run: [sdbsdu] c:\winnt\system32\sdbsdu.exe
O4 - HKCU\..\Run: [jdbpes] c:\winnt\system32\jdbpes.exe
O4 - HKCU\..\Run: [odbiei] c:\winnt\system32\odbiei.exe
O4 - HKCU\..\Run: [expxes] c:\winnt\system32\expxes.exe
O4 - HKCU\..\Run: [smldtc] c:\winnt\system32\smldtc.exe
O4 - HKCU\..\Run: [narffr] c:\winnt\system32\narffr.exe
O4 - HKCU\..\Run: [drmsse] c:\winnt\system32\drmsse.exe
O4 - HKCU\..\Run: [msv3re] c:\winnt\system32\msv3re.exe
O4 - HKCU\..\Run: [oakdsb] c:\winnt\system32\oakdsb.exe
O4 - HKCU\..\Run: [odelan] c:\winnt\system32\odelan.exe
O4 - HKCU\..\Run: [ntmemi] c:\winnt\system32\ntmemi.exe
O4 - HKCU\..\Run: [dplwts] c:\winnt\system32\dplwts.exe
O4 - HKCU\..\Run: [dpldsr] c:\winnt\system32\dpldsr.exe
O4 - HKCU\..\Run: [mshhsn] c:\winnt\system32\mshhsn.exe
O4 - HKCU\..\Run: [net3rv] c:\winnt\system32\net3rv.exe
O4 - HKCU\..\Run: [comsec] c:\winnt\system32\comsec.exe
O4 - HKCU\..\Run: [ir4ecm] c:\winnt\system32\ir4ecm.exe
O4 - HKCU\..\Run: [tragut] c:\winnt\system32\tragut.exe
O4 - HKCU\..\Run: [brodrt] c:\winnt\system32\brodrt.exe
O4 - HKCU\..\Run: [rasidn] c:\winnt\system32\rasidn.exe
O4 - HKCU\..\Run: [dgrass] c:\winnt\system32\dgrass.exe
O4 - HKCU\..\Run: [netvcp] c:\winnt\system32\netvcp.exe
O4 - HKCU\..\Run: [mapvui] c:\winnt\system32\mapvui.exe
O4 - HKCU\..\Run: [cryxdr] c:\winnt\system32\cryxdr.exe
O4 - HKCU\..\Run: [pstvrn] c:\winnt\system32\pstvrn.exe
O4 - HKCU\..\Run: [wowire] c:\winnt\system32\wowire.exe
O4 - HKCU\..\Run: [dinvxc] c:\winnt\system32\dinvxc.exe
O4 - HKCU\..\Run: [os2teo] c:\winnt\system32\os2teo.exe
O4 - HKCU\..\Run: [cormpt] c:\winnt\system32\cormpt.exe
O4 - HKCU\..\Run: [newseg] c:\winnt\system32\newseg.exe
O4 - HKCU\..\Run: [efsinp] c:\winnt\system32\efsinp.exe
O4 - HKCU\..\Run: [cmmhtm] c:\winnt\system32\cmmhtm.exe
O4 - HKCU\..\Run: [wshwst] c:\winnt\system32\wshwst.exe
O4 - HKCU\..\Run: [faxm2c] c:\winnt\system32\faxm2c.exe
O4 - HKCU\..\Run: [cdooun] c:\winnt\system32\cdooun.exe
O4 - HKCU\..\Run: [nlsxle] c:\winnt\system32\nlsxle.exe
O4 - HKCU\..\Run: [ir5cnp] c:\winnt\system32\ir5cnp.exe
O4 - HKCU\..\Run: [jpeetm] c:\winnt\system32\jpeetm.exe
O4 - HKCU\..\Run: [shsnds] c:\winnt\system32\shsnds.exe
O4 - HKCU\..\Run: [indcup] c:\winnt\system32\indcup.exe
O4 - HKCU\..\Run: [samhrn] c:\winnt\system32\samhrn.exe
O4 - HKCU\..\Run: [xposcr] c:\winnt\system32\xposcr.exe
O4 - HKCU\..\Run: [msldsn] c:\winnt\system32\msldsn.exe
O4 - HKCU\..\Run: [shigtd] c:\winnt\system32\shigtd.exe
O4 - HKCU\..\Run: [itifco] c:\winnt\system32\itifco.exe
O4 - HKCU\..\Run: [eudxdc] c:\winnt\system32\eudxdc.exe
O4 - HKCU\..\Run: [faxtdg] c:\winnt\system32\faxtdg.exe
O4 - HKCU\..\Run: [esexts] c:\winnt\system32\esexts.exe
O4 - HKCU\..\Run: [rascpv] c:\winnt\system32\rascpv.exe
O4 - HKCU\..\Run: [winsir] c:\winnt\system32\winsir.exe
O4 - HKCU\..\Run: [cabppd] c:\winnt\system32\cabppd.exe
O4 - HKCU\..\Run: [trampd] c:\winnt\system32\trampd.exe
O4 - HKCU\..\Run: [ieagbp] c:\winnt\system32\ieagbp.exe
O4 - HKCU\..\Run: [msvshw] c:\winnt\system32\msvshw.exe
O4 - HKCU\..\Run: [kbdtks] c:\winnt\system32\kbdtks.exe
O4 - HKCU\..\Run: [unicla] c:\winnt\system32\unicla.exe
O4 - HKCU\..\Run: [pjlmcs] c:\winnt\system32\pjlmcs.exe
O4 - HKCU\..\Run: [dbgtlo] c:\winnt\system32\dbgtlo.exe
O4 - HKCU\..\Run: [dcotco] c:\winnt\system32\dcotco.exe
O4 - HKCU\..\Run: [stiusr] c:\winnt\system32\stiusr.exe
O4 - HKCU\..\Run: [esesdx] c:\winnt\system32\esesdx.exe
O4 - HKCU\..\Run: [msrmbr] c:\winnt\system32\msrmbr.exe
O4 - HKCU\..\Run: [msvdim] c:\winnt\system32\msvdim.exe
O4 - HKCU\..\Run: [evelog] c:\winnt\system32\evelog.exe
O4 - HKCU\..\Run: [ir5bnt] c:\winnt\system32\ir5bnt.exe
O4 - HKCU\..\Run: [cdog41] c:\winnt\system32\cdog41.exe
O4 - HKCU\..\Run: [admart] c:\winnt\system32\admart.exe
O4 - HKCU\..\Run: [win5cs] c:\winnt\system32\win5cs.exe
O4 - HKCU\..\Run: [senfep] c:\winnt\system32\senfep.exe
O4 - HKCU\..\Run: [cidcrg] c:\winnt\system32\cidcrg.exe
O4 - HKCU\..\Run: [appsxb] c:\winnt\system32\appsxb.exe
O4 - HKCU\..\Run: [netdar] c:\winnt\system32\netdar.exe
O4 - HKCU\..\Run: [xifotr] c:\winnt\system32\xifotr.exe
O4 - HKCU\..\Run: [isilpm] c:\winnt\system32\isilpm.exe
O4 - HKCU\..\Run: [intxps] c:\winnt\system32\intxps.exe
O4 - HKCU\..\Run: [javhrn] c:\winnt\system32\javhrn.exe
O4 - HKCU\..\Run: [nddscp] c:\winnt\system32\nddscp.exe
O4 - HKCU\..\Run: [winrgm] c:\winnt\system32\winrgm.exe
O4 - HKCU\..\Run: [kbdopi] c:\winnt\system32\kbdopi.exe
O4 - HKCU\..\Run: [icwdni] c:\winnt\system32\icwdni.exe
O4 - HKCU\..\Run: [gpepsc] c:\winnt\system32\gpepsc.exe
O4 - HKCU\..\Run: [despmp] c:\winnt\system32\despmp.exe
O4 - HKCU\..\Run: [apphsv] c:\winnt\system32\apphsv.exe
O4 - HKCU\..\Run: [mnmdcs] c:\winnt\system32\mnmdcs.exe
O4 - HKCU\..\Run: [kbdotc] c:\winnt\system32\kbdotc.exe
O4 - HKCU\..\Run: [perpjs] c:\winnt\system32\perpjs.exe
O4 - HKCU\..\Run: [jdblsr] c:\winnt\system32\jdblsr.exe
O4 - HKCU\..\Run: [gpken1] c:\winnt\system32\gpken1.exe
O4 - HKCU\..\Run: [cmpa25] c:\winnt\system32\cmpa25.exe
O4 - HKCU\..\Run: [boomim] c:\winnt\system32\boomim.exe
O4 - HKCU\..\Run: [thetmv] c:\winnt\system32\thetmv.exe
O4 - HKCU\..\Run: [lprvpm] c:\winnt\system32\lprvpm.exe
O4 - HKCU\..\Run: [logosn] c:\winnt\system32\logosn.exe
O4 - HKCU\..\Run: [ie4gn3] c:\winnt\system32\ie4gn3.exe
O4 - HKCU\..\Run: [tcmddi] c:\winnt\system32\tcmddi.exe
O4 - HKCU\..\Run: [msdiva] c:\winnt\system32\msdiva.exe
O4 - HKCU\..\Run: [iepcsd] c:\winnt\system32\iepcsd.exe
O4 - HKCU\..\Run: [dpsfep] c:\winnt\system32\dpsfep.exe
O4 - HKCU\..\Run: [clin32] c:\winnt\system32\clin32.exe
O4 - HKCU\..\Run: [dpwsgs] c:\winnt\system32\dpwsgs.exe
O4 - HKCU\..\RunOnce: [msotme] c:\winnt\system32\msotme.exe
O4 - HKCU\..\RunOnce: [cloudsim] c:\winnt\system32\cloudsim.exe
O4 - HKCU\..\RunOnce: [dmccla] c:\winnt\system32\dmccla.exe
O4 - HKCU\..\RunOnce: [rasknt] c:\winnt\system32\rasknt.exe
O4 - HKCU\..\RunOnce: [wuaupd] c:\winnt\system32\wuaupd.exe
O4 - HKCU\..\RunOnce: [nddjet] c:\winnt\system32\nddjet.exe
O4 - HKCU\..\RunOnce: [mllihn] c:\winnt\system32\mllihn.exe
O4 - HKCU\..\RunOnce: [comdkc] c:\winnt\system32\comdkc.exe
O4 - HKCU\..\RunOnce: [faxoun] c:\winnt\system32\faxoun.exe
O4 - HKCU\..\RunOnce: [oderwv] c:\winnt\system32\oderwv.exe
O4 - HKCU\..\RunOnce: [spuvci] c:\winnt\system32\spuvci.exe
O4 - HKCU\..\RunOnce: [catvci] c:\winnt\system32\catvci.exe
O4 - HKCU\..\RunOnce: [msiskp] c:\winnt\system32\msiskp.exe
O4 - HKCU\..\RunOnce: [sysrmo] c:\winnt\system32\sysrmo.exe
O4 - HKCU\..\RunOnce: [msnmas] c:\winnt\system32\msnmas.exe
O4 - HKCU\..\RunOnce: [iphidp] c:\winnt\system32\iphidp.exe
O4 - HKCU\..\RunOnce: [dskpco] c:\winnt\system32\dskpco.exe
O4 - HKCU\..\RunOnce: [wowpla] c:\winnt\system32\wowpla.exe
O4 - HKCU\..\RunOnce: [msvipl] c:\winnt\system32\msvipl.exe
O4 - HKCU\..\RunOnce: [scaico] c:\winnt\system32\scaico.exe
O4 - HKCU\..\RunOnce: [winotv] c:\winnt\system32\winotv.exe
O4 - HKCU\..\RunOnce: [mnmell] c:\winnt\system32\mnmell.exe
O4 - HKCU\..\RunOnce: [olevae] c:\winnt\system32\olevae.exe
O4 - HKCU\..\RunOnce: [digmc4] c:\winnt\system32\digmc4.exe
O4 - HKCU\..\RunOnce: [dxtlag] c:\winnt\system32\dxtlag.exe
O4 - HKCU\..\RunOnce: [raseve] c:\winnt\system32\raseve.exe
O4 - HKCU\..\RunOnce: [scrlss] c:\winnt\system32\scrlss.exe
O4 - HKCU\..\RunOnce: [wscser] c:\winnt\system32\wscser.exe
O4 - HKCU\..\RunOnce: [rouddu] c:\winnt\system32\rouddu.exe
O4 - HKCU\..\RunOnce: [polled] c:\winnt\system32\polled.exe
O4 - HKCU\..\RunOnce: [msepmp] c:\winnt\system32\msepmp.exe
O4 - HKCU\..\RunOnce: [pscsmu] c:\winnt\system32\pscsmu.exe
O4 - HKCU\..\RunOnce: [mtxtim] c:\winnt\system32\mtxtim.exe
O4 - HKCU\..\RunOnce: [win2ti] c:\winnt\system32\win2ti.exe
O4 - HKCU\..\RunOnce: [snmuti] c:\winnt\system32\snmuti.exe
O4 - HKCU\..\RunOnce: [wshtre] c:\winnt\system32\wshtre.exe
O4 - HKCU\..\RunOnce: [faxnsc] c:\winnt\system32\faxnsc.exe
O4 - HKCU\..\RunOnce: [mtxppc] c:\winnt\system32\mtxppc.exe
O4 - HKCU\..\RunOnce: [cabcon] c:\winnt\system32\cabcon.exe
O4 - HKCU\..\RunOnce: [desadm] c:\winnt\system32\desadm.exe
O4 - HKCU\..\RunOnce: [datque] c:\winnt\system32\datque.exe
O4 - HKCU\..\RunOnce: [winaup] c:\winnt\system32\winaup.exe
O4 - HKCU\..\RunOnce: [wincpm] c:\winnt\system32\wincpm.exe
O4 - HKCU\..\RunOnce: [mnmacm] c:\winnt\system32\mnmacm.exe
O4 - HKCU\..\RunOnce: [ricnve] c:\winnt\system32\ricnve.exe
O4 - HKCU\..\RunOnce: [stodea] c:\winnt\system32\stodea.exe
O4 - HKCU\..\RunOnce: [dbmhtm] c:\winnt\system32\dbmhtm.exe
O4 - HKCU\..\RunOnce: [dxmmpa] c:\winnt\system32\dxmmpa.exe
O4 - HKCU\..\RunOnce: [mspdkl] c:\winnt\system32\mspdkl.exe
O4 - HKCU\..\RunOnce: [jdbnch] c:\winnt\system32\jdbnch.exe
O4 - HKCU\..\RunOnce: [insnkc] c:\winnt\system32\insnkc.exe
O4 - HKCU\..\RunOnce: [msjl5m] c:\winnt\system32\msjl5m.exe
O4 - HKCU\..\RunOnce: [mssiex] c:\winnt\system32\mssiex.exe
O4 - HKCU\..\RunOnce: [accods] c:\winnt\system32\accods.exe
O4 - HKCU\..\RunOnce: [ntmvvp] c:\winnt\system32\ntmvvp.exe
O4 - HKCU\..\RunOnce: [iphemb] c:\winnt\system32\iphemb.exe
O4 - HKCU\..\RunOnce: [icccsa] c:\winnt\system32\icccsa.exe
O4 - HKCU\..\RunOnce: [faxecl] c:\winnt\system32\faxecl.exe
O4 - HKCU\..\RunOnce: [msvrne] c:\winnt\system32\msvrne.exe
O4 - HKCU\..\RunOnce: [nwassv] c:\winnt\system32\nwassv.exe
O4 - HKCU\..\RunOnce: [smlnur] c:\winnt\system32\smlnur.exe
O4 - HKCU\..\RunOnce: [setdsk] c:\winnt\system32\setdsk.exe
O4 - HKCU\..\RunOnce: [sdbsdu] c:\winnt\system32\sdbsdu.exe
O4 - HKCU\..\RunOnce: [jdbpes] c:\winnt\system32\jdbpes.exe
O4 - HKCU\..\RunOnce: [odbiei] c:\winnt\system32\odbiei.exe
O4 - HKCU\..\RunOnce: [expxes] c:\winnt\system32\expxes.exe
O4 - HKCU\..\RunOnce: [smldtc] c:\winnt\system32\smldtc.exe
O4 - HKCU\..\RunOnce: [narffr] c:\winnt\system32\narffr.exe
O4 - HKCU\..\RunOnce: [drmsse] c:\winnt\system32\drmsse.exe
O4 - HKCU\..\RunOnce: [msv3re] c:\winnt\system32\msv3re.exe
O4 - HKCU\..\RunOnce: [oakdsb] c:\winnt\system32\oakdsb.exe
O4 - HKCU\..\RunOnce: [odelan] c:\winnt\system32\odelan.exe
O4 - HKCU\..\RunOnce: [ntmemi] c:\winnt\system32\ntmemi.exe
O4 - HKCU\..\RunOnce: [dplwts] c:\winnt\system32\dplwts.exe
O4 - HKCU\..\RunOnce: [dpldsr] c:\winnt\system32\dpldsr.exe
O4 - HKCU\..\RunOnce: [mshhsn] c:\winnt\system32\mshhsn.exe
O4 - HKCU\..\RunOnce: [net3rv] c:\winnt\system32\net3rv.exe
O4 - HKCU\..\RunOnce: [comsec] c:\winnt\system32\comsec.exe
O4 - HKCU\..\RunOnce: [ir4ecm] c:\winnt\system32\ir4ecm.exe
O4 - HKCU\..\RunOnce: [tragut] c:\winnt\system32\tragut.exe
O4 - HKCU\..\RunOnce: [brodrt] c:\winnt\system32\brodrt.exe
O4 - HKCU\..\RunOnce: [rasidn] c:\winnt\system32\rasidn.exe
O4 - HKCU\..\RunOnce: [dgrass] c:\winnt\system32\dgrass.exe
O4 - HKCU\..\RunOnce: [netvcp] c:\winnt\system32\netvcp.exe
O4 - HKCU\..\RunOnce: [mapvui] c:\winnt\system32\mapvui.exe
O4 - HKCU\..\RunOnce: [cryxdr] c:\winnt\system32\cryxdr.exe
O4 - HKCU\..\RunOnce: [pstvrn] c:\winnt\system32\pstvrn.exe
O4 - HKCU\..\RunOnce: [wowire] c:\winnt\system32\wowire.exe
O4 - HKCU\..\RunOnce: [dinvxc] c:\winnt\system32\dinvxc.exe
O4 - HKCU\..\RunOnce: [os2teo] c:\winnt\system32\os2teo.exe
O4 - HKCU\..\RunOnce: [cormpt] c:\winnt\system32\cormpt.exe
O4 - HKCU\..\RunOnce: [newseg] c:\winnt\system32\newseg.exe
O4 - HKCU\..\RunOnce: [efsinp] c:\winnt\system32\efsinp.exe
O4 - HKCU\..\RunOnce: [cmmhtm] c:\winnt\system32\cmmhtm.exe
O4 - HKCU\..\RunOnce: [wshwst] c:\winnt\system32\wshwst.exe
O4 - HKCU\..\RunOnce: [faxm2c] c:\winnt\system32\faxm2c.exe
O4 - HKCU\..\RunOnce: [cdooun] c:\winnt\system32\cdooun.exe
O4 - HKCU\..\RunOnce: [nlsxle] c:\winnt\system32\nlsxle.exe
O4 - HKCU\..\RunOnce: [ir5cnp] c:\winnt\system32\ir5cnp.exe
O4 - HKCU\..\RunOnce: [jpeetm] c:\winnt\system32\jpeetm.exe
O4 - HKCU\..\RunOnce: [shsnds] c:\winnt\system32\shsnds.exe
O4 - HKCU\..\RunOnce: [indcup] c:\winnt\system32\indcup.exe
O4 - HKCU\..\RunOnce: [samhrn] c:\winnt\system32\samhrn.exe
O4 - HKCU\..\RunOnce: [xposcr] c:\winnt\system32\xposcr.exe
O4 - HKCU\..\RunOnce: [msldsn] c:\winnt\system32\msldsn.exe
O4 - HKCU\..\RunOnce: [shigtd] c:\winnt\system32\shigtd.exe
O4 - HKCU\..\RunOnce: [itifco] c:\winnt\system32\itifco.exe
O4 - HKCU\..\RunOnce: [eudxdc] c:\winnt\system32\eudxdc.exe
O4 - HKCU\..\RunOnce: [faxtdg] c:\winnt\system32\faxtdg.exe
O4 - HKCU\..\RunOnce: [esexts] c:\winnt\system32\esexts.exe
O4 - HKCU\..\RunOnce: [rascpv] c:\winnt\system32\rascpv.exe
O4 - HKCU\..\RunOnce: [winsir] c:\winnt\system32\winsir.exe
O4 - HKCU\..\RunOnce: [cabppd] c:\winnt\system32\cabppd.exe
O4 - HKCU\..\RunOnce: [trampd] c:\winnt\system32\trampd.exe
O4 - HKCU\..\RunOnce: [ieagbp] c:\winnt\system32\ieagbp.exe
O4 - HKCU\..\RunOnce: [msvshw] c:\winnt\system32\msvshw.exe
O4 - HKCU\..\RunOnce: [kbdtks] c:\winnt\system32\kbdtks.exe
O4 - HKCU\..\RunOnce: [unicla] c:\winnt\system32\unicla.exe
O4 - HKCU\..\RunOnce: [pjlmcs] c:\winnt\system32\pjlmcs.exe
O4 - HKCU\..\RunOnce: [dbgtlo] c:\winnt\system32\dbgtlo.exe
O4 - HKCU\..\RunOnce: [dcotco] c:\winnt\system32\dcotco.exe
O4 - HKCU\..\RunOnce: [stiusr] c:\winnt\system32\stiusr.exe
O4 - HKCU\..\RunOnce: [esesdx] c:\winnt\system32\esesdx.exe
O4 - HKCU\..\RunOnce: [msrmbr] c:\winnt\system32\msrmbr.exe
O4 - HKCU\..\RunOnce: [msvdim] c:\winnt\system32\msvdim.exe
O4 - HKCU\..\RunOnce: [evelog] c:\winnt\system32\evelog.exe
O4 - HKCU\..\RunOnce: [ir5bnt] c:\winnt\system32\ir5bnt.exe
O4 - HKCU\..\RunOnce: [cdog41] c:\winnt\system32\cdog41.exe
O4 - HKCU\..\RunOnce: [admart] c:\winnt\system32\admart.exe
O4 - HKCU\..\RunOnce: [win5cs] c:\winnt\system32\win5cs.exe
O4 - HKCU\..\RunOnce: [senfep] c:\winnt\system32\senfep.exe
O4 - HKCU\..\RunOnce: [cidcrg] c:\winnt\system32\cidcrg.exe
O4 - HKCU\..\RunOnce: [appsxb] c:\winnt\system32\appsxb.exe
O4 - HKCU\..\RunOnce: [netdar] c:\winnt\system32\netdar.exe
O4 - HKCU\..\RunOnce: [xifotr] c:\winnt\system32\xifotr.exe
O4 - HKCU\..\RunOnce: [isilpm] c:\winnt\system32\isilpm.exe
O4 - HKCU\..\RunOnce: [intxps] c:\winnt\system32\intxps.exe
O4 - HKCU\..\RunOnce: [javhrn] c:\winnt\system32\javhrn.exe
O4 - HKCU\..\RunOnce: [nddscp] c:\winnt\system32\nddscp.exe
O4 - HKCU\..\RunOnce: [winrgm] c:\winnt\system32\winrgm.exe
O4 - HKCU\..\RunOnce: [kbdopi] c:\winnt\system32\kbdopi.exe
O4 - HKCU\..\RunOnce: [icwdni] c:\winnt\system32\icwdni.exe
O4 - HKCU\..\RunOnce: [gpepsc] c:\winnt\system32\gpepsc.exe
O4 - HKCU\..\RunOnce: [despmp] c:\winnt\system32\despmp.exe
O4 - HKCU\..\RunOnce: [apphsv] c:\winnt\system32\apphsv.exe
O4 - HKCU\..\RunOnce: [mnmdcs] c:\winnt\system32\mnmdcs.exe
O4 - HKCU\..\RunOnce: [kbdotc] c:\winnt\system32\kbdotc.exe
O4 - HKCU\..\RunOnce: [perpjs] c:\winnt\system32\perpjs.exe
O4 - HKCU\..\RunOnce: [jdblsr] c:\winnt\system32\jdblsr.exe
O4 - HKCU\..\RunOnce: [gpken1] c:\winnt\system32\gpken1.exe
O4 - HKCU\..\RunOnce: [cmpa25] c:\winnt\system32\cmpa25.exe
O4 - HKCU\..\RunOnce: [boomim] c:\winnt\system32\boomim.exe
O4 - HKCU\..\RunOnce: [thetmv] c:\winnt\system32\thetmv.exe
O4 - HKCU\..\RunOnce: [lprvpm] c:\winnt\system32\lprvpm.exe
O4 - HKCU\..\RunOnce: [logosn] c:\winnt\system32\logosn.exe
O4 - HKCU\..\RunOnce: [ie4gn3] c:\winnt\system32\ie4gn3.exe
O4 - HKCU\..\RunOnce: [tcmddi] c:\winnt\system32\tcmddi.exe
O4 - HKCU\..\RunOnce: [msdiva] c:\winnt\system32\msdiva.exe
O4 - HKCU\..\RunOnce: [iepcsd] c:\winnt\system32\iepcsd.exe
O4 - HKCU\..\RunOnce: [dpsfep] c:\winnt\system32\dpsfep.exe
O4 - HKCU\..\RunOnce: [clin32] c:\winnt\system32\clin32.exe
O4 - HKCU\..\RunOnce: [dpwsgs] c:\winnt\system32\dpwsgs.exe
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {99410CDE-6F16-42ce-9D49-3807F78F0287} (ClientInstaller Class) - http://www.180search...com/180saax.cab
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Fax Service (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe (file missing)
O23 - Service: ISEXEng - Unknown owner - C:\WINNT\system32\angelex.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • 0

Advertisements

#2
Wizard
Posted 26 November 2005 - 08:55 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi comp98 and Welcome to GeekstoGo!

I need to see a few files from your system please.

Go Here and upload the files listed below


C:\WINNT\System32\cloudsim.exe

C:\WINNT\System32\msotme.exe

C:\WINNT\System32\xsbyc.exe


Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
  • Exit ewido. DO NOT scan yet.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates


Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam


Make sure all Windows and Browsers are Closed-> Open ewido and do a scan of your system.
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.

Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK

Under the "General" Tab

Make Sure "Normal Startup-load all device drivers and services" has a green tick by it

Click Apply>>Close>>Follow the Prompts to Restart


Restart Normal and Create a folder on your desktop called Sysclean.

Go to http://www.trendmicr...ownload/dcs.asp and download sysclean package to the folder you made.

Go to http://www.trendmicr...oad/pattern.asp and download the Official Pattern Release for windows to your desktop.

This file will be called lptXXX.zip (XXX represents the version number)
Unzip lptXXX.zip and you'll get the file lpt$vpn.XXX.

Move the lpt$vpn.XXX to that Sysclean-folder you created on your desktop.

Turn off your antivirus which is installed on your system because it can interfere with the Sysclean-scan.

Open the sysclean-folder and doubleclick sysclean.com.
Check: Automatically clean or delete detected files.
Click scan.
When the scan is finished, select: 'view log'.
Copy and paste this log in your next reply.


Post the Reports from those 2 scans in the next reply with a fresh HijackThis log.
  • 0

#3
comp98
Posted 26 November 2005 - 02:21 PM

comp98

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Thanks for the help you have provided thus far. I have completed all the requested tasks (and submitted the 3 files above) and will post the 2 logs below. Please let me know what to do next.
-Ryan

SysClean Log:



/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


2005-11-26, 13:50:07, Auto-clean mode specified.
2005-11-26, 13:50:07, Running scanner "C:\Documents and Settings\Administrator\Desktop\sysclean\TSC.BIN"...
2005-11-26, 13:51:32, Scanner "C:\Documents and Settings\Administrator\Desktop\sysclean\TSC.BIN" has finished running.
2005-11-26, 13:51:32, TSC Log:

Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows 2000(Build 2195: Service Pack 4)

Start time : Sat Nov 26 2005 13:50:09

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Administrator\Desktop\sysclean\tsc.ptn" (version 682) [success]

Complete time : Sat Nov 26 2005 13:51:32
Execute pattern count(4554), Virus found count(0), Virus clean count(0), Clean failed count(0)

2005-11-26, 13:52:11, An error occurred while scanning file "C:\WINNT\system32\config\software.LOG": Access is denied.
2005-11-26, 13:52:11, An error occurred while scanning file "C:\WINNT\system32\config\default.LOG": Access is denied.
2005-11-26, 13:52:11, An error occurred while scanning file "C:\WINNT\system32\config\SECURITY": Access is denied.
2005-11-26, 13:52:11, An error occurred while scanning file "C:\WINNT\system32\config\SECURITY.LOG": Access is denied.
2005-11-26, 13:52:11, An error occurred while scanning file "C:\WINNT\system32\config\SYSTEM.ALT": Access is denied.
2005-11-26, 13:52:11, An error occurred while scanning file "C:\WINNT\system32\config\SAM": Access is denied.
2005-11-26, 13:52:11, An error occurred while scanning file "C:\WINNT\system32\config\SAM.LOG": Access is denied.
2005-11-26, 13:52:11, An error occurred while scanning file "C:\WINNT\system32\config\SYSTEM": Access is denied.
2005-11-26, 13:52:11, An error occurred while scanning file "C:\WINNT\system32\config\SOFTWARE": Access is denied.
2005-11-26, 13:52:11, An error occurred while scanning file "C:\WINNT\system32\config\DEFAULT": Access is denied.
2005-11-26, 13:53:32, An error occurred while scanning file "C:\WINNT\SoftwareDistribution\DataStore\DataStore.edb": Access is denied.
2005-11-26, 13:53:32, An error occurred while scanning file "C:\WINNT\SoftwareDistribution\DataStore\Logs\tmp.edb": Access is denied.
2005-11-26, 13:53:32, An error occurred while scanning file "C:\WINNT\SoftwareDistribution\DataStore\Logs\edb.log": Access is denied.
2005-11-26, 13:53:51, An error occurred while scanning file "C:\Documents and Settings\Administrator\NTUSER.DAT": Access is denied.
2005-11-26, 13:53:51, An error occurred while scanning file "C:\Documents and Settings\Administrator\ntuser.dat.LOG": Access is denied.
2005-11-26, 14:09:06, An error occurred while scanning file "C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-11-26, 14:09:06, An error occurred while scanning file "C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-11-26, 14:15:01, Running scanner "C:\Documents and Settings\Administrator\Desktop\sysclean\VSCANTM.BIN"...
2005-11-26, 15:04:48, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/26/2005 14:15:02
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 969 (113697 Patterns) (2005/11/24) (296900)
Command Line: C:\Documents and Settings\Administrator\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Administrator\Desktop\sysclean

75718 files have been read.
75718 files have been checked.
70090 files have been scanned.
75910 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/26/2005 15:04:47
---------*---------*---------*---------*---------*---------*---------*---------*
2005-11-26, 15:04:48, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/26/2005 14:15:02
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 969 (113697 Patterns) (2005/11/24) (296900)
Command Line: C:\Documents and Settings\Administrator\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Administrator\Desktop\sysclean

75718 files have been read.
75718 files have been checked.
70090 files have been scanned.
75910 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/26/2005 15:04:47 49 minutes 43 seconds (2983.73 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-11-26, 15:04:48, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 11/26/2005 14:15:02
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 969 (113697 Patterns) (2005/11/24) (296900)
Command Line: C:\Documents and Settings\Administrator\Desktop\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Administrator\Desktop\sysclean

75718 files have been read.
75718 files have been checked.
70090 files have been scanned.
75910 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 11/26/2005 15:04:47 49 minutes 43 seconds (2983.73 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-11-26, 15:04:48, Scanner "C:\Documents and Settings\Administrator\Desktop\sysclean\VSCANTM.BIN" has finished running.


ewido Log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:38:28 PM, 11/26/2005
+ Report-Checksum: E07D837F

+ Scan result:

HKLM\SOFTWARE\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID\\ -> Spyware.Zango : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CurVer -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1 -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1\CLSID\\ -> Spyware.Zango : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} -> Spyware.Zango : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID\\ -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control.1\CLSID\\ -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543}\TypeLib\\ -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F}\TypeLib\\ -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287} -> Spyware.Zango : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\SideFind -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF} -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/objsafe.tlb\\.Owner -> Spyware.Roimoi : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/objsafe.tlb\\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sais -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\PowerScan -> Spyware.PowerScan : Cleaned with backup
HKLM\SOFTWARE\sais -> Spyware.180Solutions : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Security -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Enum -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-796845957-1060284298-854245398-500\Software\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-796845957-1060284298-854245398-500\Software\IST -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-796845957-1060284298-854245398-500\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-796845957-1060284298-854245398-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-796845957-1060284298-854245398-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-796845957-1060284298-854245398-500\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-796845957-1060284298-854245398-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-21-796845957-1060284298-854245398-500\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-796845957-1060284298-854245398-500\Software\PowerScan -> Spyware.PowerScan : Cleaned with backup
HKU\S-1-5-21-796845957-1060284298-854245398-500\Software\sais -> Spyware.180Solutions : Cleaned with backup
[560] C:\WINNT\Downloaded Program Files\ClientAX.dll -> Spyware.180Solutions : Cleaned with backup
C:\WINNT\system32\expeg2.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\oakome.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\lsaihn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rourgs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\glmrdd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dmccla.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\h32dvo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ws2cha.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\javpan.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\lodxoc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ipndpe.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sprlay.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\utilan.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dmsrd3.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sdpesh.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rasknt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rasswc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\eudeg1.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\operdi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmdvae.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\moucpr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\devl3d.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxvpm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\tlnxma.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\olehex.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msvmad.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\alrset.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winrtp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iphrgu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\olestl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dpmlsa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\newnet33.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\netutt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\lsalog.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\pruttct.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\pngrsr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\glmden.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acttlo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\serent.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\logogm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aircity.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wscupd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\trafot.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\smlhtm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\objvl3.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\syseg2.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msgpla.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\netmon.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wuaupd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dhc2ev.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\crtimo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\opedem.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dhcdsr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winhtm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dgrolh.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\comdkc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmdxbd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\conseq.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\nddjet.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mllihn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxoun.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\xpoide.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msitde.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntdhir.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msecdl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actrfn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\isitap.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ieacpm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\lign32.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\nddskm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adsalo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmmsgt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wsedsx.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\eveard.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mrinot.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ipxnpp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxcvi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\fixssu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\systdt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mstpla.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acsmca.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iphsys.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dxmrfd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ipptsr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msmxmo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\themsr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dfrsad.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\oderwv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dssvfa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\evetoc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dssdva.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabtsr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\setdsa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wowiol.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msjgog.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msoedi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mplrdd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINNT\system32\mprsto.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\spuvci.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dssrnp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ir5cal.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\secalo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ctltsh.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wavaue.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dbmdtc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iasmsr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ineecl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\lodpbd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mnmpti.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\insool.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\scrjdb.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sclbvi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\roumre.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mllypt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iasims.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\smltof.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msi1xd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dbment.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\apcche.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dgrria.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\nwarea.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\odbpbl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msikct.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\smlica.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dgrsrs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dsfe2d.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\tcpmsr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\amsmli.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\setesh.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msvpri.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\netosy.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\srvndm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\desnrt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mslssu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\kbdnca.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\kbdnfm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\tootra.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\netvpp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iedsmx.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntpsgt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\vwimsg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msisde.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\kbdgmg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\nlssta.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\setlto.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sisbhi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dsfrol.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msgidl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wsnbjm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\jpeled.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\catvci.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rouseq.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wineri.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\kbdrtr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winiis.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\nettst.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\odbihn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dnsbcc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sensty.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rouico.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clbrd2.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\odbent.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\xoltsu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msiskp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\gpecnd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cledsk.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\olei_c.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\yahmca.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ligkrs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\kbdexc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\kbdlhs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dfrmta.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ir5mse.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clbrla.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mspscp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mpnrif.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wiftsp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\kbdlod.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autbcc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ineiol.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clivae.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dplfos.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sysrmo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ipnnts.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mapwso.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\secssd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\snmtmo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cleadp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mapnfm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\nlsspa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ie4cpa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\avittl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\eudxml.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxfut.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\brobmo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\bromqp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmcsyn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\scanva.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\pacmsg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\avinmi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ligpen.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sheise.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\atknnt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dllced.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dhccap.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\insoud.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmdidl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\htimps.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\tascom.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mssaen.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\olextr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mstsad.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\perxtr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wineng.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dplpms.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\shfhmc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\inedxb.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ierwdi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxrfd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\comsst.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mcaecl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ipnypt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winbcc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ipssrn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\comdsx.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\odbstd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\expprt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\isirsv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msvpco.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\comeme.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\xpospi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ricpti.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\licmpr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wshl3d.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msnmas.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\umalho.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\lprvfw.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\isints.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dplc2e.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dmdust.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\webpip.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\olempa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iphidp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dskpco.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wowlmo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\fonlss.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\smllho.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wowpla.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dmsbca.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\vbssdl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adslan.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sefurg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rsnbmo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\tcmuvc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iassus.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntddit.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iasdid.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\umdtms.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\logusi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\olemmo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxlfl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\fintep.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sys5ca.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wowcfg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msimsn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntmcms.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ipxbrs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iccbpi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dhcpsc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\proaks.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ipxrec.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mspbup.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rcaxml.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\nlsdus.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\brodsm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winpds.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\comcms.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sdbhtm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mscico.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\conedi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msotme.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sigxvp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\icwint.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dmdssh.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\inepsr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\eudpel.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dgrl3d.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxtst.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msvhds.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iiscpx.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winima.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iasxoc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mllnso.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\oleetc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aclflb.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\captpl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\bropiu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\qmgvbv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ipxxco.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\pifotm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dfrnpu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msttra.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\apcsap.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\t2easn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\uninpd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\fonvap.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sdbupd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntmcal.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntpypt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dmdbvi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dataps.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\jsppct.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntddra.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\opexkq.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\oden32.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\pacpan.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msvipl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sysuvc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mstims.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ipxban.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\exeoqu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wseiva.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rasmf3.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\tersad.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clitep.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msodeg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\kbdobj.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ieaxml.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\comcfi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\exprci.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msimre.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxesv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxbrs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dmdmsv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\inenki.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\odt50_.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rturmt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ieper3.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wzcsmf.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\lnkolh.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\lmhsgp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxdtc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wtsbgm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winfgn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\serips.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\javadm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cerdcr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntmlto.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\snddce.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\vwiexl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntdstd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sigcal.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\runvid.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actmre.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\recrsr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mimrvd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dplssv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mslxxc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\boopic.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winetc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\syserw.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\indiqt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\netdgm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdphan.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mcicon.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\nddwso.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iphdia.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\fdessp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appmps.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mouges.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\stoner.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wshcho.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msjui4.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntmc40.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntdanv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wserbe.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\admrvf.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rouscr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sysfox.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iex2ti.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\odtecd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\regbpb.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iccust.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mouhch.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxtes.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winmin.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mfce2d.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\strbex.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\olendc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\modser.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msemxm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rshaen.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aclrru.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dmdecl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntdean.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iccard.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\shdfut.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\scaico.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\datrd2.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iaspil.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\spdimd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\symast.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\comskm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\booora.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\oakcvi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\regskp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\oieico.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\expdpm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\odbotr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sysrtr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\glmdce.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\modnri.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msvaup.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\modmas.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\serflb.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dmdven.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\javasr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iephae.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\eqnfsi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dfsxre.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mciedi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rasxse.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ir5nve.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxmuv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mf3rvi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dmct50.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\nmmmct.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\tlndfu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rasbcc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iasuie.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wlnssa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\lprssa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msngus.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dssseq.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\loddpe.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\getgrs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iccjte.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\inemsg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\pjlock.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\comrhe.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\insdkc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntmfos.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\net2ch.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msodsa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wsctra.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\insmui.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mstwso.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabgcm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\disnpi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aclimo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\stolgn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mseben.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dmutms.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\oieslb.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msiesv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sp2com.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sigute.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\broedx.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\jpelwa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cermca.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxnpp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\authrg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sndbky.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wintex.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iasnvi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mseffi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\oaksgt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mpleec.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sdbrfm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sethex.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dfsnte.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\fasses.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\odbsec.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\insmps.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iesedi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winmst.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msvstd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msitli.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\smlnts.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\spodhi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\windje.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\kbdben.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\atktoc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntddus.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\gprmpa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mnmell.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mobnpd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\oddpmg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winotv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\icfcpr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\logdus.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\tlnnsc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winoud.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iprcts.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\newsmp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winnst.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\netlst.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\schdia.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxtiv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mspsau.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\setshr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iassen.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rouvap.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\olevae.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adsgca.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\yahihn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\docdpm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\stivap.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ieaucp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\traeec.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iedsys.exe -&g
  • 0

#4
Wizard
Posted 26 November 2005 - 02:42 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Can you try attaching the Ewido log to a new post and place a fresh HiajckThis log in it as well.
  • 0

#5
comp98
Posted 26 November 2005 - 05:19 PM

comp98

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Sure, no problem. Below is my new HiJack This log and following that is the ewido log.

Logfile of HijackThis v1.99.1
Scan saved at 6:14:14 PM, on 11/26/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijack\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\saishook.dll (file missing)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINNT\system32\xsbyc.exe
O4 - HKCU\..\Run: [wsnrem] C:\winnt\system32\wsnrem.exe
O4 - HKCU\..\Run: [wzctcp] c:\winnt\system32\wzctcp.exe
O4 - HKCU\..\Run: [scrdpd] c:\winnt\system32\scrdpd.exe
O4 - HKCU\..\Run: [perueg] c:\winnt\system32\perueg.exe
O4 - HKCU\..\Run: [olexmp] c:\winnt\system32\olexmp.exe
O4 - HKCU\..\Run: [boolst] C:\winnt\system32\boolst.exe
O4 - HKCU\..\Run: [jpemfs] c:\winnt\system32\jpemfs.exe
O4 - HKCU\..\Run: [usemym] c:\winnt\system32\usemym.exe
O4 - HKCU\..\Run: [comnex] c:\winnt\system32\comnex.exe
O4 - HKCU\..\Run: [sclenc] c:\winnt\system32\sclenc.exe
O4 - HKCU\..\Run: [ntbpmo] C:\winnt\system32\ntbpmo.exe
O4 - HKCU\..\Run: [ipxvia] c:\winnt\system32\ipxvia.exe
O4 - HKCU\..\Run: [roumli] c:\winnt\system32\roumli.exe
O4 - HKCU\..\Run: [ieaa2e] c:\winnt\system32\ieaa2e.exe
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Fax Service (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe







ewido Log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:38:28 PM, 11/26/2005
+ Report-Checksum: E07D837F

+ Scan result:

HKLM\SOFTWARE\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID\\ -> Spyware.Zango : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CurVer -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1 -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller.1\CLSID\\ -> Spyware.Zango : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} -> Spyware.Zango : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID\\ -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Spyware.E2G : Cleaned with backup
HKLM\SOFTWARE\Classes\IeBHOs.Control.1\CLSID\\ -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543}\TypeLib\\ -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F}\TypeLib\\ -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib\\ -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287} -> Spyware.Zango : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\SideFind -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9C691A33-7DDA-4C2F-BE4C-C176083F35CF} -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/objsafe.tlb\\.Owner -> Spyware.Roimoi : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINNT/system32/objsafe.tlb\\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\sais -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\PowerScan -> Spyware.PowerScan : Cleaned with backup
HKLM\SOFTWARE\sais -> Spyware.180Solutions : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Security -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Enum -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-796845957-1060284298-854245398-500\Software\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-796845957-1060284298-854245398-500\Software\IST -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-796845957-1060284298-854245398-500\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-796845957-1060284298-854245398-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-796845957-1060284298-854245398-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-796845957-1060284298-854245398-500\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-796845957-1060284298-854245398-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{86227D9C-0EFE-4F8A-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKU\S-1-5-21-796845957-1060284298-854245398-500\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-796845957-1060284298-854245398-500\Software\PowerScan -> Spyware.PowerScan : Cleaned with backup
HKU\S-1-5-21-796845957-1060284298-854245398-500\Software\sais -> Spyware.180Solutions : Cleaned with backup
[560] C:\WINNT\Downloaded Program Files\ClientAX.dll -> Spyware.180Solutions : Cleaned with backup
C:\WINNT\system32\expeg2.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\oakome.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\lsaihn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rourgs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\glmrdd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dmccla.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\h32dvo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ws2cha.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\javpan.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\lodxoc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ipndpe.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sprlay.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\utilan.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dmsrd3.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sdpesh.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rasknt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rasswc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\eudeg1.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\operdi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmdvae.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\moucpr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\devl3d.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxvpm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\tlnxma.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\olehex.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msvmad.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\alrset.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winrtp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iphrgu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\olestl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dpmlsa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\newnet33.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\netutt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\lsalog.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\pruttct.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\pngrsr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\glmden.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acttlo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\serent.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\logogm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aircity.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wscupd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\trafot.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\smlhtm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\objvl3.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\syseg2.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msgpla.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\netmon.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wuaupd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dhc2ev.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\crtimo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\opedem.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dhcdsr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winhtm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dgrolh.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\comdkc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmdxbd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\conseq.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\nddjet.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mllihn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxoun.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\xpoide.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msitde.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntdhir.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msecdl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actrfn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\isitap.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ieacpm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\lign32.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\nddskm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adsalo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmmsgt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wsedsx.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\eveard.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mrinot.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ipxnpp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxcvi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\fixssu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\systdt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mstpla.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\acsmca.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iphsys.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dxmrfd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ipptsr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msmxmo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\themsr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dfrsad.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\oderwv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dssvfa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\evetoc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dssdva.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabtsr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\setdsa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wowiol.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msjgog.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msoedi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mplrdd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\instsrv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINNT\system32\mprsto.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\spuvci.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dssrnp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ir5cal.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\secalo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ctltsh.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wavaue.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dbmdtc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iasmsr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ineecl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\lodpbd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mnmpti.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\insool.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\scrjdb.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sclbvi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\roumre.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mllypt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iasims.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\smltof.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msi1xd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dbment.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\apcche.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dgrria.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\nwarea.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\odbpbl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msikct.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\smlica.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dgrsrs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dsfe2d.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\tcpmsr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\amsmli.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\setesh.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msvpri.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\netosy.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\srvndm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\desnrt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mslssu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\kbdnca.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\kbdnfm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\tootra.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\netvpp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iedsmx.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntpsgt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\vwimsg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msisde.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\kbdgmg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\nlssta.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\setlto.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sisbhi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dsfrol.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msgidl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wsnbjm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\jpeled.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\catvci.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rouseq.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wineri.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\kbdrtr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winiis.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\nettst.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\odbihn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dnsbcc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sensty.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rouico.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clbrd2.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\odbent.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\xoltsu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msiskp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\gpecnd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cledsk.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\olei_c.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\yahmca.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ligkrs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\kbdexc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\kbdlhs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dfrmta.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ir5mse.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clbrla.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mspscp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mpnrif.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wiftsp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\kbdlod.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\autbcc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ineiol.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clivae.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dplfos.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sysrmo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ipnnts.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mapwso.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\secssd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\snmtmo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cleadp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mapnfm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\nlsspa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ie4cpa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\avittl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\eudxml.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxfut.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\brobmo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\bromqp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmcsyn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\scanva.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\pacmsg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\avinmi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ligpen.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sheise.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\atknnt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dllced.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dhccap.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\insoud.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cmdidl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\htimps.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\tascom.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mssaen.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\olextr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mstsad.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\perxtr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wineng.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dplpms.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\shfhmc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\inedxb.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ierwdi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxrfd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\comsst.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mcaecl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ipnypt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winbcc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ipssrn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\comdsx.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\odbstd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\expprt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\isirsv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msvpco.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\comeme.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\xpospi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ricpti.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\licmpr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wshl3d.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msnmas.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\umalho.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\lprvfw.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\isints.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dplc2e.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dmdust.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\webpip.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\olempa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iphidp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dskpco.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wowlmo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\fonlss.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\smllho.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wowpla.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dmsbca.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\vbssdl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adslan.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sefurg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rsnbmo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\tcmuvc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iassus.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntddit.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iasdid.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\umdtms.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\logusi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\olemmo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxlfl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\fintep.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sys5ca.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wowcfg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msimsn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntmcms.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ipxbrs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iccbpi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dhcpsc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\proaks.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ipxrec.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mspbup.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rcaxml.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\nlsdus.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\brodsm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winpds.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\comcms.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sdbhtm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mscico.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\conedi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msotme.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sigxvp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\icwint.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dmdssh.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\inepsr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\eudpel.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dgrl3d.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxtst.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msvhds.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iiscpx.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winima.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iasxoc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mllnso.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\oleetc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aclflb.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\captpl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\bropiu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\qmgvbv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ipxxco.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\pifotm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dfrnpu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msttra.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\apcsap.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\t2easn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\uninpd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\fonvap.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sdbupd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntmcal.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntpypt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dmdbvi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dataps.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\jsppct.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntddra.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\opexkq.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\oden32.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\pacpan.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msvipl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sysuvc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mstims.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ipxban.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\exeoqu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wseiva.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rasmf3.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\tersad.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\clitep.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msodeg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\kbdobj.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ieaxml.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\comcfi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\exprci.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msimre.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxesv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxbrs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dmdmsv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\inenki.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\odt50_.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rturmt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ieper3.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wzcsmf.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\lnkolh.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\lmhsgp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxdtc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wtsbgm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winfgn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\serips.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\javadm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cerdcr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntmlto.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\snddce.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\vwiexl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntdstd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sigcal.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\runvid.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\actmre.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\recrsr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mimrvd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dplssv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mslxxc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\boopic.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winetc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\syserw.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\indiqt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\netdgm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cdphan.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mcicon.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\nddwso.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iphdia.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\fdessp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\appmps.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mouges.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\stoner.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wshcho.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msjui4.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntmc40.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntdanv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wserbe.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\admrvf.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rouscr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sysfox.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iex2ti.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\odtecd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\regbpb.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iccust.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mouhch.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxtes.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winmin.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mfce2d.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\strbex.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\olendc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\modser.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msemxm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rshaen.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aclrru.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dmdecl.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntdean.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iccard.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\shdfut.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\scaico.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\datrd2.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iaspil.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\spdimd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\symast.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\comskm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\booora.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\oakcvi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\regskp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\oieico.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\expdpm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\odbotr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sysrtr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\glmdce.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\modnri.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msvaup.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\modmas.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\serflb.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dmdven.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\javasr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iephae.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\eqnfsi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dfsxre.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mciedi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rasxse.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ir5nve.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxmuv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mf3rvi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dmct50.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\nmmmct.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\tlndfu.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rasbcc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iasuie.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wlnssa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\lprssa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msngus.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dssseq.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\loddpe.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\getgrs.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iccjte.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\inemsg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\pjlock.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\comrhe.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\insdkc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntmfos.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\net2ch.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msodsa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wsctra.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\insmui.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mstwso.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cabgcm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\disnpi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\aclimo.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\stolgn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mseben.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dmutms.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\oieslb.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msiesv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sp2com.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sigute.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\broedx.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\jpelwa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\cermca.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxnpp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\authrg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sndbky.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\wintex.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iasnvi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mseffi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\oaksgt.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mpleec.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sdbrfm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\sethex.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\dfsnte.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\fasses.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\odbsec.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\insmps.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iesedi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winmst.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msvstd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\msitli.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\smlnts.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\spodhi.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\windje.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\kbdben.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\atktoc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ntddus.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\gprmpa.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mnmell.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mobnpd.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\oddpmg.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winotv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\icfcpr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\logdus.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\tlnnsc.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winoud.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iprcts.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\newsmp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\winnst.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\netlst.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\schdia.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\faxtiv.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\mspsau.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\setshr.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iassen.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\rouvap.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\olevae.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\adsgca.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\yahihn.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\docdpm.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\stivap.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\ieaucp.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\traeec.exe -> TrojanSpy.VB.eh : Cleaned with backup
C:\WINNT\system32\iedsys.exe -&g
  • 0

#6
Wizard
Posted 26 November 2005 - 05:48 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
By looking at the processes I can see ewido killed off most of the infection.

This was a nasty KeyLogger and I suggest changing any critical passwords as soon as possible.

Lets have a deeper look.


Download Pocket KillBox from here:
http://www.atribune....ads/KillBox.exe


Download WinPFind:
http://www.bleepingc...es/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam


Open Pocket KillBox and Copy&Paste each entry below into it

C:\WINNT\system32\xsbyc.exe
C:\winnt\system32\wsnrem.exe
c:\winnt\system32\wzctcp.exe
c:\winnt\system32\scrdpd.exe
c:\winnt\system32\perueg.exe
c:\winnt\system32\olexmp.exe
C:\winnt\system32\boolst.exe
c:\winnt\system32\jpemfs.exe
c:\winnt\system32\usemym.exe
c:\winnt\system32\comnex.exe
c:\winnt\system32\sclenc.exe
C:\winnt\system32\ntbpmo.exe
c:\winnt\system32\ipxvia.exe
c:\winnt\system32\roumli.exe
c:\winnt\system32\ieaa2e.exe

As you paste each entry into Killbox,place a tick by any of these selections avaiable

"Standard File Kill"
"End Explorer Shell while Killing File"

Click the Red Circle with the White X in the Middle to Delete


Open HijackThis and put a check by these but DO NOT hit the Fix Checked button yet

R3 - Default URLSearchHook is missing

O2 - BHO: SABHO - {21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} - c:\program files\180searchassistant\saishook.dll (file missing)

O4 - HKCU\..\Run: [JavaUpdate0.07] C:\WINNT\system32\xsbyc.exe

O4 - HKCU\..\Run: [wsnrem] C:\winnt\system32\wsnrem.exe

O4 - HKCU\..\Run: [wzctcp] c:\winnt\system32\wzctcp.exe

O4 - HKCU\..\Run: [scrdpd] c:\winnt\system32\scrdpd.exe

O4 - HKCU\..\Run: [perueg] c:\winnt\system32\perueg.exe

O4 - HKCU\..\Run: [olexmp] c:\winnt\system32\olexmp.exe

O4 - HKCU\..\Run: [boolst] C:\winnt\system32\boolst.exe

O4 - HKCU\..\Run: [jpemfs] c:\winnt\system32\jpemfs.exe

O4 - HKCU\..\Run: [usemym] c:\winnt\system32\usemym.exe

O4 - HKCU\..\Run: [comnex] c:\winnt\system32\comnex.exe

O4 - HKCU\..\Run: [sclenc] c:\winnt\system32\sclenc.exe

O4 - HKCU\..\Run: [ntbpmo] C:\winnt\system32\ntbpmo.exe

O4 - HKCU\..\Run: [ipxvia] c:\winnt\system32\ipxvia.exe

O4 - HKCU\..\Run: [roumli] c:\winnt\system32\roumli.exe

O4 - HKCU\..\Run: [ieaa2e] c:\winnt\system32\ieaa2e.exe

Now Make sure ALL WINDOWS and BROWSERS are CLOSED and hit the Fix Checked Button


From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab

Make Sure "Normal Startup-load all device drivers and services" has a green tick by it

Click Apply>>Close>>Follow the Prompts to Restart!

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work

Save the Report it generates

Post back with a fresh HijackThis log and the reports from WinPFind and Panda
  • 0

#7
comp98
Posted 27 November 2005 - 11:51 AM

comp98

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Here are the 3 logs (HiJack, WinPFind, Panda). Thanks

HiJackThis:

Logfile of HijackThis v1.99.1
Scan saved at 12:47:18 PM, on 11/27/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg4.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijack\HijackThis.exe

O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - Global Startup: MA111 Configuration Utility.lnk = C:\Program Files\NETGEAR\MA111 Configuration Utility\wlancfg.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D0B5B58D-8CB9-4EDB-8BB0-9D34AEF727CF} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Fax Service (Fax) - Unknown owner - C:\WINNT\system32\faxsvc.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe




WinPFind:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows 2000 Current Build: Service Pack 4 Current Build Number: 2195
Internet Explorer Version: 6.0.2800.1106

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
aspack 12/26/2004 2:34:32 PM 8508205 C:\WINNT\180ax_kyf.dat
PTech 12/26/2004 2:34:32 PM 8508205 C:\WINNT\180ax_kyf.dat
UPX! 9/28/2004 5:48:46 PM 83182 C:\WINNT\setup_silent_17304.exe

Checking %System% folder...
winsync 7/24/2002 12:00:00 PM 1309184 C:\WINNT\SYSTEM32\wbdbase.deu
PEC2 6/21/2004 10:55:36 PM 16384 C:\WINNT\SYSTEM32\YahooMsgr.exe
PECompact2 6/21/2004 10:55:36 PM 16384 C:\WINNT\SYSTEM32\YahooMsgr.exe
PECompact2 11/11/2005 12:00:08 AM 2368864 C:\WINNT\SYSTEM32\MRT.exe
aspack 11/11/2005 12:00:08 AM 2368864 C:\WINNT\SYSTEM32\MRT.exe
Umonitor 1/12/2005 2:39:46 PM 531216 C:\WINNT\SYSTEM32\RASDLG.DLL

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
11/27/2005 10:39:00 AM H 919140 C:\WINNT\ShellIconCache
11/27/2005 10:49:10 AM H 1024 C:\WINNT\system32\config\software.LOG
11/27/2005 10:39:14 AM H 1024 C:\WINNT\system32\config\default.LOG
11/27/2005 10:40:10 AM H 1024 C:\WINNT\system32\config\SECURITY.LOG
11/27/2005 10:40:22 AM H 1024 C:\WINNT\system32\config\SAM.LOG
11/27/2005 10:39:08 AM H 6 C:\WINNT\Tasks\SA.DAT
11/27/2005 10:40:18 AM S 64 C:\WINNT\CSC\00000001
11/24/2005 11:41:42 AM S 64 C:\WINNT\CSC\csc1.tmp
11/25/2005 3:53:10 PM S 64 C:\WINNT\CSC\00000002

Checking for CPL files...
Microsoft Corporation 7/24/2002 12:00:00 PM 31504 C:\WINNT\SYSTEM32\fax.cpl
Microsoft Corporation 7/24/2002 12:00:00 PM 128272 C:\WINNT\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 7/24/2002 12:00:00 PM 118032 C:\WINNT\SYSTEM32\intl.cpl
Microsoft Corporation 7/24/2002 12:00:00 PM 36112 C:\WINNT\SYSTEM32\irprops.cpl
Microsoft Corporation 7/24/2002 12:00:00 PM 60688 C:\WINNT\SYSTEM32\joy.cpl
Microsoft Corporation 7/24/2002 12:00:00 PM 122128 C:\WINNT\SYSTEM32\main.cpl
Microsoft Corporation 7/24/2002 12:00:00 PM 303888 C:\WINNT\SYSTEM32\mmsys.cpl
Microsoft Corporation 7/24/2002 12:00:00 PM 17168 C:\WINNT\SYSTEM32\ncpa.cpl
Microsoft Corporation 7/24/2002 12:00:00 PM 41232 C:\WINNT\SYSTEM32\nwc.cpl
Microsoft Corporation 6/19/2003 2:05:04 PM 83216 C:\WINNT\SYSTEM32\sticpl.cpl
Microsoft Corporation 7/24/2002 12:00:00 PM 5904 C:\WINNT\SYSTEM32\telephon.cpl
Microsoft Corporation 7/24/2002 12:00:00 PM 61200 C:\WINNT\SYSTEM32\timedate.cpl
Microsoft Corporation 6/19/2003 2:05:04 PM 41232 C:\WINNT\SYSTEM32\odbccp32.cpl
Microsoft Corporation 6/19/2003 2:05:04 PM 90896 C:\WINNT\SYSTEM32\powercfg.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 7/24/2002 7:00:00 AM 67344 C:\WINNT\SYSTEM32\access.cpl
Microsoft Corporation 8/29/2002 7:14:40 AM 292352 C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation 6/19/2003 2:05:04 PM 237328 C:\WINNT\SYSTEM32\DESK.CPL
Microsoft Corporation 6/19/2003 2:05:04 PM 125712 C:\WINNT\SYSTEM32\SYSDM.CPL
Microsoft Corporation 6/19/2003 2:05:04 PM 301328 C:\WINNT\SYSTEM32\appwiz.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINNT\SYSTEM32\dllcache\wuaucpl.cpl
Microsoft Corporation 1/12/2005 2:40:00 PM 64784 C:\WINNT\SYSTEM32\dllcache\msmq.cpl
Microsoft Corporation 8/29/2002 7:14:40 AM 292352 C:\WINNT\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 7/24/2002 12:00:00 PM 41232 C:\WINNT\SYSTEM32\dllcache\nwc.cpl
IBM Corporation 9/23/1999 6:44:36 PM 94208 C:\WINNT\SYSTEM32\dllcache\mwcpa32.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
12/28/2003 10:10:58 PM 1572 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MA111 Configuration Utility.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= C:\WINNT\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7f9609be-af9a-11d1-83e0-00c04fb6e984}
= %SystemRoot%\system32\faxshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINNT\System32\docprop2.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = @msdxmLC.dll,-1@1033,&Radio : C:\WINNT\System32\msdxm.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\System32\browseui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
vptray C:\PROGRA~1\SYMANT~1\VPTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 149

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
wsnrem C:\winnt\system32\wsnrem.exe
wzctcp c:\winnt\system32\wzctcp.exe
scrdpd c:\winnt\system32\scrdpd.exe
perueg c:\winnt\system32\perueg.exe
olexmp c:\winnt\system32\olexmp.exe
boolst C:\winnt\system32\boolst.exe
jpemfs c:\winnt\system32\jpemfs.exe
usemym c:\winnt\system32\usemym.exe
comnex c:\winnt\system32\comnex.exe
sclenc c:\winnt\system32\sclenc.exe
ntbpmo C:\winnt\system32\ntbpmo.exe
ipxvia c:\winnt\system32\ipxvia.exe
roumli c:\winnt\system32\roumli.exe
ieaa2e c:\winnt\system32\ieaa2e.exe
msotme c:\winnt\system32\msotme.exe
cloudsim c:\winnt\system32\cloudsim.exe
dmccla c:\winnt\system32\dmccla.exe
rasknt c:\winnt\system32\rasknt.exe
wuaupd c:\winnt\system32\wuaupd.exe
nddjet c:\winnt\system32\nddjet.exe
mllihn c:\winnt\system32\mllihn.exe
comdkc c:\winnt\system32\comdkc.exe
faxoun c:\winnt\system32\faxoun.exe
oderwv c:\winnt\system32\oderwv.exe
spuvci c:\winnt\system32\spuvci.exe
catvci c:\winnt\system32\catvci.exe
msiskp c:\winnt\system32\msiskp.exe
sysrmo c:\winnt\system32\sysrmo.exe
msnmas c:\winnt\system32\msnmas.exe
iphidp c:\winnt\system32\iphidp.exe
dskpco c:\winnt\system32\dskpco.exe
wowpla c:\winnt\system32\wowpla.exe
msvipl c:\winnt\system32\msvipl.exe
scaico c:\winnt\system32\scaico.exe
winotv c:\winnt\system32\winotv.exe
mnmell c:\winnt\system32\mnmell.exe
olevae c:\winnt\system32\olevae.exe
digmc4 c:\winnt\system32\digmc4.exe
dxtlag c:\winnt\system32\dxtlag.exe
raseve c:\winnt\system32\raseve.exe
scrlss c:\winnt\system32\scrlss.exe
wscser c:\winnt\system32\wscser.exe
rouddu c:\winnt\system32\rouddu.exe
polled c:\winnt\system32\polled.exe
msepmp c:\winnt\system32\msepmp.exe
pscsmu c:\winnt\system32\pscsmu.exe
mtxtim c:\winnt\system32\mtxtim.exe
win2ti c:\winnt\system32\win2ti.exe
snmuti c:\winnt\system32\snmuti.exe
wshtre c:\winnt\system32\wshtre.exe
faxnsc c:\winnt\system32\faxnsc.exe
mtxppc c:\winnt\system32\mtxppc.exe
cabcon c:\winnt\system32\cabcon.exe
desadm c:\winnt\system32\desadm.exe
datque c:\winnt\system32\datque.exe
winaup c:\winnt\system32\winaup.exe
wincpm c:\winnt\system32\wincpm.exe
mnmacm c:\winnt\system32\mnmacm.exe
ricnve c:\winnt\system32\ricnve.exe
stodea c:\winnt\system32\stodea.exe
dbmhtm c:\winnt\system32\dbmhtm.exe
dxmmpa c:\winnt\system32\dxmmpa.exe
mspdkl c:\winnt\system32\mspdkl.exe
jdbnch c:\winnt\system32\jdbnch.exe
insnkc c:\winnt\system32\insnkc.exe
msjl5m c:\winnt\system32\msjl5m.exe
mssiex c:\winnt\system32\mssiex.exe
accods c:\winnt\system32\accods.exe
ntmvvp c:\winnt\system32\ntmvvp.exe
iphemb c:\winnt\system32\iphemb.exe
icccsa c:\winnt\system32\icccsa.exe
faxecl c:\winnt\system32\faxecl.exe
msvrne c:\winnt\system32\msvrne.exe
nwassv c:\winnt\system32\nwassv.exe
smlnur c:\winnt\system32\smlnur.exe
setdsk c:\winnt\system32\setdsk.exe
sdbsdu c:\winnt\system32\sdbsdu.exe
jdbpes c:\winnt\system32\jdbpes.exe
odbiei c:\winnt\system32\odbiei.exe
expxes c:\winnt\system32\expxes.exe
smldtc c:\winnt\system32\smldtc.exe
narffr c:\winnt\system32\narffr.exe
drmsse c:\winnt\system32\drmsse.exe
msv3re c:\winnt\system32\msv3re.exe
oakdsb c:\winnt\system32\oakdsb.exe
odelan c:\winnt\system32\odelan.exe
ntmemi c:\winnt\system32\ntmemi.exe
dplwts c:\winnt\system32\dplwts.exe
dpldsr c:\winnt\system32\dpldsr.exe
mshhsn c:\winnt\system32\mshhsn.exe
net3rv c:\winnt\system32\net3rv.exe
comsec c:\winnt\system32\comsec.exe
ir4ecm c:\winnt\system32\ir4ecm.exe
tragut c:\winnt\system32\tragut.exe
brodrt c:\winnt\system32\brodrt.exe
rasidn c:\winnt\system32\rasidn.exe
dgrass c:\winnt\system32\dgrass.exe
netvcp c:\winnt\system32\netvcp.exe
mapvui c:\winnt\system32\mapvui.exe
cryxdr c:\winnt\system32\cryxdr.exe
pstvrn c:\winnt\system32\pstvrn.exe
wowire c:\winnt\system32\wowire.exe
dinvxc c:\winnt\system32\dinvxc.exe
os2teo c:\winnt\system32\os2teo.exe
cormpt c:\winnt\system32\cormpt.exe
newseg c:\winnt\system32\newseg.exe
efsinp c:\winnt\system32\efsinp.exe
cmmhtm c:\winnt\system32\cmmhtm.exe
wshwst c:\winnt\system32\wshwst.exe
faxm2c c:\winnt\system32\faxm2c.exe
cdooun c:\winnt\system32\cdooun.exe
nlsxle c:\winnt\system32\nlsxle.exe
ir5cnp c:\winnt\system32\ir5cnp.exe
jpeetm c:\winnt\system32\jpeetm.exe
shsnds c:\winnt\system32\shsnds.exe
indcup c:\winnt\system32\indcup.exe
samhrn c:\winnt\system32\samhrn.exe
xposcr c:\winnt\system32\xposcr.exe
msldsn c:\winnt\system32\msldsn.exe
shigtd c:\winnt\system32\shigtd.exe
itifco c:\winnt\system32\itifco.exe
eudxdc c:\winnt\system32\eudxdc.exe
faxtdg c:\winnt\system32\faxtdg.exe
esexts c:\winnt\system32\esexts.exe
rascpv c:\winnt\system32\rascpv.exe
winsir c:\winnt\system32\winsir.exe
cabppd c:\winnt\system32\cabppd.exe
trampd c:\winnt\system32\trampd.exe
ieagbp c:\winnt\system32\ieagbp.exe
msvshw c:\winnt\system32\msvshw.exe
kbdtks c:\winnt\system32\kbdtks.exe
unicla c:\winnt\system32\unicla.exe
pjlmcs c:\winnt\system32\pjlmcs.exe
dbgtlo c:\winnt\system32\dbgtlo.exe
dcotco c:\winnt\system32\dcotco.exe
stiusr c:\winnt\system32\stiusr.exe
esesdx c:\winnt\system32\esesdx.exe
msrmbr c:\winnt\system32\msrmbr.exe
msvdim c:\winnt\system32\msvdim.exe
evelog c:\winnt\system32\evelog.exe
ir5bnt c:\winnt\system32\ir5bnt.exe
cdog41 c:\winnt\system32\cdog41.exe
admart c:\winnt\system32\admart.exe
win5cs c:\winnt\system32\win5cs.exe
senfep c:\winnt\system32\senfep.exe
cidcrg c:\winnt\system32\cidcrg.exe
appsxb c:\winnt\system32\appsxb.exe
netdar c:\winnt\system32\netdar.exe
xifotr c:\winnt\system32\xifotr.exe
isilpm c:\winnt\system32\isilpm.exe
intxps c:\winnt\system32\intxps.exe
javhrn c:\winnt\system32\javhrn.exe
nddscp c:\winnt\system32\nddscp.exe
winrgm c:\winnt\system32\winrgm.exe
kbdopi c:\winnt\system32\kbdopi.exe
icwdni c:\winnt\system32\icwdni.exe
gpepsc c:\winnt\system32\gpepsc.exe
despmp c:\winnt\system32\despmp.exe
apphsv c:\winnt\system32\apphsv.exe
mnmdcs c:\winnt\system32\mnmdcs.exe
kbdotc c:\winnt\system32\kbdotc.exe
perpjs c:\winnt\system32\perpjs.exe
jdblsr c:\winnt\system32\jdblsr.exe
gpken1 c:\winnt\system32\gpken1.exe
cmpa25 c:\winnt\system32\cmpa25.exe
boomim c:\winnt\system32\boomim.exe
thetmv c:\winnt\system32\thetmv.exe
lprvpm c:\winnt\system32\lprvpm.exe
logosn c:\winnt\system32\logosn.exe
ie4gn3 c:\winnt\system32\ie4gn3.exe
tcmddi c:\winnt\system32\tcmddi.exe
msdiva c:\winnt\system32\msdiva.exe
iepcsd c:\winnt\system32\iepcsd.exe
dpsfep c:\winnt\system32\dpsfep.exe
clin32 c:\winnt\system32\clin32.exe
dpwsgs c:\winnt\system32\dpwsgs.exe


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Network.ConnectionTray {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\NETSHELL.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon
= C:\WINNT\system32\NavLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 11/27/2005 10:55:32 AM





Panda:

Incident Status Location

Adware:adware/cws Not disinfected C:\Documents and Settings\Administrator\Favorites\LIVING\Insurance.lnk
Adware:adware/ncase Not disinfected C:\WINNT\180axau.dat
Adware:adware/dealhelper Not disinfected C:\WINNT\dsearch1.bin
Adware:adware/clickalchemy Not disinfected C:\WINNT\alchem.ini
Adware:adware/ist.yoursitebar Not disinfected C:\PROGRAM FILES\YourSiteBar
Adware:adware/ist.sidefind Not disinfected C:\PROGRAM FILES\SideFind
Adware:adware/e2give Not disinfected C:\PROGRAM FILES\E2G
Adware:adware/powerscan Not disinfected Windows Registry
Virus:Bck/Sdbot.AAQ Not disinfected C:\WINNT\system32\YahooMsgr.exe
Adware:Adware/IPInsight Not disinfected C:\WINNT\inf\alchem.inf
Adware:Adware/MyDailyHoroscopeNot disinfected C:\WINNT\setup_silent_17304.exe
Virus:Trj/Prutec.P Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA169.tmp
Virus:Trj/Prutec.P Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE24C.tmp
Virus:Trj/Prutec.P Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\~DF623.tmp
Virus:Trj/Prutec.P Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\~DFF2F0.tmp
Virus:Trj/Prutec.P Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE14A.tmp
Virus:Trj/Prutec.P Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE24E.tmp
Virus:Trj/Prutec.P Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\~DF6D4F.tmp
Virus:Trj/Prutec.P Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE8D1.tmp
Virus:Trj/Prutec.P Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\~DFE1BB.tmp
Virus:Trj/Prutec.P Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\~DF1591.tmp
Virus:Trj/Prutec.P Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\~DF6C8F.tmp
Virus:Trj/Prutec.P Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA4A5.tmp
Virus:Trj/Prutec.P Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\~DF7922.tmp
Virus:Trj/Prutec.P Not disinfected C:\Documents and Settings\Administrator\Local Settings\Temp\~DFFFC8.tmp



Hope this helps.
-Ryan
  • 0

#8
Wizard
Posted 27 November 2005 - 01:54 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Download Pocket KillBox from here:
http://www.atribune....ads/KillBox.exe


Copy the Text below into a blank Notepad page and save it as Clr.reg but dont run it just yet.

REGEDIT4

[-HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]




Go back to Safe Mode and Open Pocket Killbox.

Copy&Paste each entry below into Killbox one at time

C:\Documents and Settings\Administrator\Favorites\LIVING\Insurance.lnk
C:\WINNT\180axau.dat
C:\WINNT\180ax_kyf.dat
C:\WINNT\dsearch1.bin
C:\WINNT\alchem.ini
C:\PROGRAM FILES\YourSiteBar
C:\PROGRAM FILES\SideFind
C:\PROGRAM FILES\E2G
C:\WINNT\system32\YahooMsgr.exe
C:\WINNT\inf\alchem.inf
C:\WINNT\setup_silent_17304.exe

As you paste each entry into Killbox,place a tick by any of these selections available.

"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"
"Deltree(Include Subdirectories)"

Click the Red Circle with the White X in the Middle to Delete


Locate and Double Click Clr.reg and allow it to merge into the registry.


Delete files/folder from the following directories (But not the directory itself, for example delete all files/folder IN temp; but not temp itself!)

C:\Temp

C:\WINNT\Temp

C:\WINNT\System32\Temp

C:\Documents and Settings\Administrator\Local Settings\Temp

C:\Documents and Settings\Owner\Local Settings\Temp

C:\Documents and Settings\<Your Profile>\Local Settings\Temp

C:\Documents and Settings\<All other users Profile>\Local Settings\Temp

Empty your "Recycle Bin"

Open Internet Explorer,
Select Tools,
Select Internet Options
Select Delete Cookies and Delete Files(Check the box for Delete all offline content)

Go to Start,
Select All Programs
Select Accessories
Select System Tools
Select and Run Disk Cleanup(Make sure that all boxes are checked for cleaning)



Scan once with WinPFind while in Safe Mode


Restart Normal and Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post along with a fresh HijackThis log anf the results of WinPFind

Edited by Cretemonster, 27 November 2005 - 02:26 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP