Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Winhound Infection


  • Please log in to reply

#1
micky b

micky b

    Member

  • Member
  • PipPip
  • 28 posts
Winhound has pretty much disabled my computer. I cannot access the internet to download programs to get rid of it and it is difficult to access most programs on my computer. Whenever I restart the computer it appears straight away.

I am sending this message from my work computer but need to access my home computer this weekend. Please Help.

Thanks
  • 0

Advertisements


#2
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi micky and welcome to GeeksToGo! My name is Excal and I will be helping you.

The first this we need to do is download HijackThis and post a logfile:
  • Download HijackThis.
  • Create a folder named "HijackThis". To create a folder:
    • Go to My Documents.
    • Right-click and select New> Folder.
    • Name the folder as "HijackThis".
  • Extract the contents of hijackthis.zip into the folder you've just created.
  • Open HijackThis.exe
  • Click on "Do a system scan and save a logfile".
  • After the scan is complete a Notepad window will popup.
  • In the Notepad window, go to Edit> Select all and then Edit> Copy.
  • Paste the log into your next reply.
Do NOT fix anything until we check your log. You can cause serious damage to your operating system if you fix a valid entry.

copy the instructions, and put this program on a disc. Then follow the instructions for your computer.

:tazz:

Excal
  • 0

#3
micky b

micky b

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Thanks Excal,

I will give it a try tonight and paste the log into my next reply.

Cheers
  • 0

#4
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
sounds good :)

:tazz:

Excal
  • 0

#5
micky b

micky b

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hi Excal,

I managed to run the log file on my computer but am now at an internet cafe sending this to you.

I hope this is ok.

Cheers


Logfile of HijackThis v1.99.1
Scan saved at 6:08:45 PM, on 16/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\inet20009\services.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\kernels64.exe
C:\WINDOWS\System\svwhost.exe
C:\WINDOWS\sachostx.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System32\intell32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\sywsvcs.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System\svwhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\vxh8jkdq6.exe
C:\WINDOWS\System32\vxh8jkdq7.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\sachostc.exe
C:\WINDOWS\System32\sachostb.exe
C:\WINDOWS\System32\sachosts.exe
C:\WINDOWS\Explorer.exe
C:\Documents and Settings\Owner\My Documents\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels64.exe
F3 - REG:win.ini: run=C:\WINDOWS\inet20009\services.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: C:\WINDOWS\g241312.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINDOWS\g241312.dll
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20009\3.00.11.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: C:\WINDOWS\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-816783C25DC9} - C:\WINDOWS\adsldpbe.dll
O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} - C:\WINDOWS\System32\apwiz.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\zolker011.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Scriptlet.Tools - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bin\bin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\System32\ztoolb011.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ZToolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\System32\ztoolb011.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C83 Series" /O6 "USB001" /M "Stylus C83"
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels64.exe
O4 - HKLM\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe /s
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\Run: [HostSrv] C:\WINDOWS\sachostx.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\System32\intell32.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20009\services.exe
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels64.exe
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20009\services.exe
O4 - HKCU\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {9E98E84C-79E1-49C3-82EB-798FCD552EFB} (VacPro.internazionale_ver4) - http://advnt01.com/d...ionale_ver4.CAB
O16 - DPF: {B5DD9A64-5C4B-4A48-BE56-97C1A8F85708} - http://www.kjdhendie....com/sw/fvp.cab
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/d...onale_ver15.CAB
O20 - Winlogon Notify: avpi32 - C:\WINDOWS\SYSTEM32\avpi32.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\g241312.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

#6
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts

DOWNLOAD PROGRAMS


Download smitRem.exe© by noahdfear and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Download and install CleanUp! Here
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

We will use this program later.

Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Close Ewido, we will use this later.

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!



THE FIX


Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Close all browsers, windows and unneeded programs.

5. Open HiJack and do a scan.

6. Put a Check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels64.exe
F3 - REG:win.ini: run=C:\WINDOWS\inet20009\services.exe
O2 - BHO: C:\WINDOWS\g241312.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINDOWS\g241312.dll
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20009\3.00.11.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: C:\WINDOWS\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-816783C25DC9} - C:\WINDOWS\adsldpbe.dll
O2 - BHO: (no name) - {78364D99-A640-4ddf-B91A-67EFF8373045} - C:\WINDOWS\System32\apwiz.dll
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\zolker011.dll
O2 - BHO: Scriptlet.Tools - {EEBA788A-C268-492A-B7FE-42C2B6C553D4} - C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bin\bin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\System32\ztoolb011.dll
O3 - Toolbar: ZToolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\WINDOWS\System32\ztoolb011.dll
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels64.exe
O4 - HKLM\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe /s
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\Run: [HostSrv] C:\WINDOWS\sachostx.exe
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\System32\intell32.exe
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20009\services.exe
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\kernels64.exe
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20009\services.exe
O4 - HKCU\..\Run: [WindowsUpdateNT] C:\WINDOWS\System\svwhost.exe
O16 - DPF: {B5DD9A64-5C4B-4A48-BE56-97C1A8F85708} - http://www.kjdhendie....com/sw/fvp.cab
O20 - Winlogon Notify: avpi32 - C:\WINDOWS\SYSTEM32\avpi32.dll
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\g241312.dll


7. click the Fix Checked box

8. Please remove these entries from Add/Remove Programs in the Control Panel(if present):

WinHound

9. Please remove the following folders using Windows Explorer (if present):

C:\Program Files\WinHound
C:\WINDOWS\inet20009


10. Please remove just the files from the following paths using Windows Explorer (if present):

c:\secure32.html
C:\WINDOWS\sachostx.exe
C:\WINDOWS\g241312.dll
C:\WINDOWS\System32\kernels64.exe
C:\WINDOWS\SYSTEM32\avpi32.dll
C:\WINDOWS\SYSTEM32\msupdate32.dll
C:\WINDOWS\System32\sywsvcs.exe
C:\WINDOWS\System32\paytime.exe
C:\WINDOWS\System\svchost.exe
C:\WINDOWS\System\svwhost.exe


11. Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

12. Open Ad-aware and do a full scan. Remove all it finds.

13. Now open and run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan when it ask if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
Close Ewido

14. Next go to Control Panel click appearance and themes>click Display > Desktop Tab> click Customize Desktop > Web tab > Uncheck anthing in there if present.

15. Run the program CleanUp!

16. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

17. Please post the Active scan log, Ewido log, smitfiles.txt log and a fresh HiJackThis log. Let me know how your computer is running.
  • 0

#7
micky b

micky b

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hi Excal,

Finally got round to fixing the problems that you suggested. I ran ewido twice, the first time round I had to cancel the scan.

I worked through your last reply and have included the logs below. I cannot access Control Panel for some reason and was unable to run the online virus scan. Any clues?

I am still having problems accessing some programs such as adobe photoshop. My computer is still pretty sick. I am able to use the internet now so I should be able to respond to your replies much quicker.

Cheers

Here are the logs:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 2:24:12 PM, 21/12/2005
+ Report-Checksum: 5C933D6C

+ Scan result:

C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll -> Trojan.Sinowal.a : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe -> Logger.Small.dg : Cleaned with backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Logger.Small.dg : Cleaned with backup
C:\tmp6.tmp -> Downloader.Agent.xz : Cleaned with backup
C:\WINDOWS\742.exe -> Downloader.Small.bfy : Cleaned with backup
C:\WINDOWS\91.exe -> Logger.Goldun.fq : Cleaned with backup
C:\WINDOWS\country.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\internazionale_ver15.ocx -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\inet20009\alg.exe -> Worm.Delf.i : Cleaned with backup
C:\WINDOWS\inet20009\mm3.exe -> Proxy.Delf.an : Cleaned with backup
C:\WINDOWS\inet20009\services.exe -> Downloader.CWS.r : Cleaned with backup
C:\WINDOWS\kl.exe -> Logger.Small.dg : Cleaned with backup
C:\WINDOWS\ms1.exe -> Downloader.Small.buh : Cleaned with backup
C:\WINDOWS\sstray.exe -> Dropper.Agent.aax : Cleaned with backup
C:\WINDOWS\system\svchost.dll -> Downloader.Agent.zi : Cleaned with backup
C:\WINDOWS\system32\101296.exe -> Spyware.Zbar : Cleaned with backup
C:\WINDOWS\system32\121109.exe -> Spyware.Zbar : Cleaned with backup
C:\WINDOWS\system32\1421500.exe -> Spyware.Zbar : Cleaned with backup
C:\WINDOWS\system32\41.dl_ -> Trojan.Spabot.t : Cleaned with backup
C:\WINDOWS\system32\41954234.exe -> Spyware.Zbar : Cleaned with backup
C:\WINDOWS\system32\birdihuy32.dll -> Proxy.Small.ct : Cleaned with backup
C:\WINDOWS\system32\chp.dll -> Trojan.Spabot.t : Cleaned with backup
C:\WINDOWS\system32\geohare.exe -> Backdoor.PPdoor.bk : Cleaned with backup
C:\WINDOWS\system32\ll.exe -> Proxy.Lager.f : Cleaned with backup
C:\WINDOWS\system32\maxd64.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\WINDOWS\system32\mspostsp.exe -> Trojan.Inject.i : Cleaned with backup
C:\WINDOWS\system32\msupdate32.dll -> Proxy.Delf.al : Cleaned with backup
C:\WINDOWS\system32\msvcrl.dll -> Worm.Locksky.k : Cleaned with backup
C:\WINDOWS\system32\sachostb.exe -> Worm.Locksky.k : Cleaned with backup
C:\WINDOWS\system32\sachostc.exe -> Worm.Locksky.k : Cleaned with backup
C:\WINDOWS\system32\sachostp.exe -> Worm.Locksky.k : Cleaned with backup
C:\WINDOWS\system32\sachosts.exe -> Worm.Locksky.k : Cleaned with backup
C:\WINDOWS\system32\sachostw.exe -> Worm.Locksky.k : Cleaned with backup
C:\WINDOWS\system32\service\explorer.exe -> Logger.Agent.ew : Cleaned with backup
C:\WINDOWS\system32\split1.exe -> Backdoor.Haxdoor.fi : Cleaned with backup
C:\WINDOWS\system32\st3.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\system32\vxgame1.exe -> Dropper.Agent.ri : Cleaned with backup
C:\WINDOWS\system32\vxgamet1.exe -> Downloader.Small.cbe : Cleaned with backup
C:\WINDOWS\system32\vxgamet2.exe -> Downloader.Small.bxc : Cleaned with backup
C:\WINDOWS\system32\vxgamet3.exe -> Dropper.Agent.abu : Cleaned with backup
C:\WINDOWS\system32\vxgamet4.exe -> Downloader.Small.bpz : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq1.exe -> Downloader.Small.bho : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq2.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq5.exe -> Downloader.Tibs.p : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq6.exe -> Downloader.Small.atl : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq7.exe -> Downloader.Tibs.s : Cleaned with backup
C:\WINDOWS\system32\winnt.exe -> Backdoor.Rbot : Cleaned with backup
C:\WINDOWS\system32\ztoolbar.bmp -> Spyware.TNS-Search : Cleaned with backup
C:\WINDOWS\tool1.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\tool2.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\tool3.exe -> Downloader.Small.bwr : Cleaned with backup
C:\WINDOWS\tool4.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\tool5.exe -> Trojan.Small : Cleaned with backup
C:\WINDOWS\toolbar.exe -> Downloader.Adload.j : Cleaned with backup
C:\WINDOWS\winl.exe -> Backdoor.Agent.px : Cleaned with backup


::Report End








smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Wed 21/12/2005
The current time is: 13:14:55.64

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!

spyaxe uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~

SpySheriff


~~~ Shortcuts ~~~

Install.dat


~~~ Favorites ~~~

cars


~~~ system32 folder ~~~

oleext32.dll
zlbw.dll
intell32.exe
oleext.dll


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

warnhp.html
uninstIU.exe
desktop.html


~~~ Drive root ~~~

winstall.exe

~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 2752 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :)



Logfile of HijackThis v1.99.1
Scan saved at 3:51:50 PM, on 21/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
E:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [WinCinemaMgr] "C:\Program Files\InterVideo\Common\bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [Home Theater SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [EPSON Stylus C83 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C83 Series" /O6 "USB001" /M "Stylus C83"
O4 - HKLM\..\Run: [Camera Detector] C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Updates from HP.lnk = C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...ol_v1-0-3-9.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} (WSDownloader Control) - http://www.webshots....SDownloader.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/d...onale_ver15.CAB
O20 - Winlogon Notify: avpi32 - C:\WINDOWS\SYSTEM32\avpi32.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe


:tazz: Thanks for your help again.
  • 0

#8
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
you still have a lot of stuff on your computer, I want to try one more scan to see if we can find the root of the problem.

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it. Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All User Accounts
    • Enable Direct Disk Sweeping
    • Sweep Contents of Compressed Files
    • Sweep for Rootkits
    • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

  • 0

#9
micky b

micky b

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hi Excal,

Unfortunately I am still unable to download anything as a message comes up that there is not enough memory to do so. As I am on holidays until the new year I cannot access my work computer to download programs to disc. Is there any way round this?, otherwise I will have to find a computer somewhere to download the program.

Cheers

Micky b
  • 0

#10
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
try a defrag yet?

:tazz:

Excal
  • 0

Advertisements


#11
micky b

micky b

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
How exactly do I do a defrag? :tazz:
  • 0

#12
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Go to start>all programs>accessories>system tools>Disk Defragmentor Make sure it set to the proper drive (default should be your main driver) and click on defragment
  • 0

#13
micky b

micky b

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
I cannot defrag. Nothing happens when I go into Disk defragmentor. I guess I will have to wait to download web root spysweeper when I can access another computer to save the program to disc.
  • 0

#14
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
OK, please post the results when you get them.



Excal
  • 0

#15
micky b

micky b

    Member

  • Topic Starter
  • Member
  • PipPip
  • 28 posts
Hi Excal,

managed to run webroot spysweeper with some results. The log is below.

********
11:10 AM: | Start of Session, Saturday, 31 December 2005 |
11:10 AM: Spy Sweeper started
11:10 AM: Sweep initiated using definitions version 594
11:10 AM: Starting Memory Sweep
11:12 AM: Memory Sweep Complete, Elapsed Time: 00:01:39
11:12 AM: Starting Registry Sweep
11:12 AM: Found Adware: 7adpower
11:12 AM: HKCR\vacpro.internazionale_ver15\ (3 subtraces) (ID = 483863)
11:12 AM: HKCR\clsid\{cdcbe0f1-d13a-4f86-a963-3a272d3aba7e}\ (27 subtraces) (ID = 483867)
11:12 AM: HKCR\typelib\{97794ca1-fd62-4485-bdb0-9d878f24b4a4}\ (9 subtraces) (ID = 483895)
11:12 AM: HKLM\software\classes\clsid\{cdcbe0f1-d13a-4f86-a963-3a272d3aba7e}\ (27 subtraces) (ID = 483908)
11:12 AM: HKLM\software\classes\vacpro.internazionale_ver15\ (3 subtraces) (ID = 483936)
11:12 AM: HKLM\software\classes\typelib\{97794ca1-fd62-4485-bdb0-9d878f24b4a4}\ (9 subtraces) (ID = 483937)
11:12 AM: Found Trojan Horse: trojan-backdoor-zubox
11:12 AM: HKCR\appid\{78364d99-a640-4ddf-b91a-67eff8373045}\ (ID = 650832)
11:12 AM: HKLM\software\windows\ || shots (ID = 650869)
11:12 AM: HKLM\software\classes\appid\{78364d99-a640-4ddf-b91a-67eff8373045}\ (ID = 650872)
11:12 AM: Found Trojan Horse: trojan-backdoor-5sec
11:12 AM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {f33812fb-f35c-4674-90f6-fd757c419c51} (ID = 725534)
11:12 AM: Found Adware: fastfind
11:12 AM: HKCR\clsid\{3e4563a4-2a9b-4912-be38-906a0cb702cc}\ (13 subtraces) (ID = 748312)
11:12 AM: HKCR\clsid\{b1e49d24-7b7a-42a8-a9cc-cc1550057daf}\ (13 subtraces) (ID = 748326)
11:12 AM: HKCR\typelib\{fe744d04-47cb-4b85-9707-9f48b2dee134}\ (9 subtraces) (ID = 748340)
11:12 AM: HKLM\software\classes\clsid\{3e4563a4-2a9b-4912-be38-906a0cb702cc}\ (13 subtraces) (ID = 748362)
11:12 AM: HKLM\software\classes\clsid\{b1e49d24-7b7a-42a8-a9cc-cc1550057daf}\ (13 subtraces) (ID = 748376)
11:12 AM: HKLM\software\classes\typelib\{fe744d04-47cb-4b85-9707-9f48b2dee134}\ (9 subtraces) (ID = 748392)
11:12 AM: Found Trojan Horse: trojan-downloader-2pursuit
11:12 AM: HKLM\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler\ || {1b68470c-2def-493b-8a4a-8e2d81be4ea5} (ID = 910513)
11:12 AM: Found Trojan Horse: trojan-phisher-egold
11:12 AM: HKLM\software\windows\ || egoldacc (ID = 1019066)
11:12 AM: HKLM\software\windows\ || popup2 (ID = 1019067)
11:12 AM: HKLM\software\windows\ || tans (ID = 1019068)
11:12 AM: Found Trojan Horse: trojan-backdoor-haxdoor
11:12 AM: HKLM\software\microsoft\windows nt\currentversion\winlogon\notify\avpi32\ (6 subtraces) (ID = 1035667)
11:12 AM: HKLM\system\currentcontrolset\services\avpi32\ (12 subtraces) (ID = 1035681)
11:12 AM: HKLM\system\currentcontrolset\services\avpi64\ (11 subtraces) (ID = 1035694)
11:12 AM: HKLM\system\currentcontrolset\control\safeboot\minimal\avpi32.sys\ (1 subtraces) (ID = 1035708)
11:12 AM: HKLM\system\currentcontrolset\control\safeboot\network\avpi32.sys\ (1 subtraces) (ID = 1035712)
11:12 AM: HKCR\clsid\{6a2d251d-6e53-45ae-9dbd-1f815fa3e59b}\ (13 subtraces) (ID = 1054730)
11:12 AM: HKCR\typelib\{cf0e2ac2-4455-4fe1-889b-3cf786e35e4c}\ (9 subtraces) (ID = 1054758)
11:12 AM: HKLM\software\classes\clsid\{6a2d251d-6e53-45ae-9dbd-1f815fa3e59b}\ (13 subtraces) (ID = 1054773)
11:12 AM: HKLM\software\classes\typelib\{cf0e2ac2-4455-4fe1-889b-3cf786e35e4c}\ (9 subtraces) (ID = 1054801)
11:12 AM: HKLM\software\windows\ || installerz_time (ID = 1062095)
11:12 AM: HKLM\software\windows\ || phid (ID = 1062127)
11:12 AM: HKLM\software\windows\ || ftprap (ID = 1062128)
11:12 AM: HKLM\software\windows\ || urls (ID = 1062130)
11:12 AM: Found Adware: coolwebsearch (cws)
11:12 AM: HKU\S-1-5-21-61711070-496258121-365580403-1003\software\microsoft\internet explorer\sites\ (2 subtraces) (ID = 109822)
11:12 AM: HKU\S-1-5-21-61711070-496258121-365580403-1003\software\classes\clsid\{f33812fb-f35c-4674-90f6-fd757c419c51}\ (3 subtraces) (ID = 725483)
11:12 AM: HKU\S-1-5-21-61711070-496258121-365580403-1003\software\microsoft\st3\ (11 subtraces) (ID = 910473)
11:12 AM: Found Trojan Horse: trojan-backdoor-satellite
11:12 AM: HKU\S-1-5-21-61711070-496258121-365580403-1003\software\microsoft\moviemaker\recordsettings\captureset\ (1 subtraces) (ID = 1021450)
11:12 AM: HKU\S-1-5-21-61711070-496258121-365580403-1003\software\microsoft\gsgs\ (196 subtraces) (ID = 1032011)
11:12 AM: HKU\S-1-5-18\software\microsoft\moviemaker\recordsettings\captureset\ (1 subtraces) (ID = 1021450)
11:12 AM: Registry Sweep Complete, Elapsed Time:00:00:14
11:12 AM: Starting Cookie Sweep
11:12 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
11:12 AM: Starting File Sweep
11:12 AM: Found Trojan Horse: downloader-buffy
11:12 AM: c:\windows\inet20009 (2 subtraces) (ID = -2147461978)
11:12 AM: Found Adware: winhound spyware remover
11:12 AM: c:\documents and settings\owner\application data\winhound.com (11 subtraces) (ID = -2147462035)
11:13 AM: Found Adware: azsearch toolbar
11:13 AM: a0051368.dll (ID = 210149)
11:13 AM: a0052370.dll (ID = 210149)
11:13 AM: Found Trojan Horse: 3proxy
11:13 AM: a0052616.exe (ID = 213917)
11:13 AM: a0052613.dll (ID = 199806)
11:13 AM: Found Trojan Horse: trojan-backdoor-core.psyche-evolution.com
11:13 AM: a0050320.dll (ID = 208429)
11:13 AM: Found Adware: spysheriff
11:13 AM: a0052635.exe (ID = 208575)
11:13 AM: Found Trojan Horse: trojan-downloader-infectedhost
11:13 AM: a0052383.exe (ID = 203593)
11:13 AM: a0052355.exe (ID = 207513)
11:13 AM: a0052457.dll (ID = 206115)
11:13 AM: a0050274.dll (ID = 201334)
11:13 AM: a0052619.exe (ID = 213920)
11:13 AM: Found Trojan Horse: trojan-downloader-pr-corp
11:13 AM: a0049305.dll (ID = 182012)
11:13 AM: a0050319.dll (ID = 201334)
11:14 AM: a0052562.dll (ID = 198826)
11:14 AM: a0052563.dll (ID = 198827)
11:14 AM: a0050279.exe (ID = 213918)
11:14 AM: a0052446.dll (ID = 201377)
11:14 AM: Found Trojan Horse: trojan-backdoor-us15info
11:14 AM: a0052591.dll (ID = 207594)
11:14 AM: internazionale_ver4.inf (ID = 48452)
11:14 AM: a0052564.dll (ID = 198828)
11:14 AM: a0052566.dll (ID = 198830)
11:14 AM: a0049284.exe (ID = 207513)
11:14 AM: Found Trojan Horse: trojan-backdoor-securemulti
11:14 AM: a0052636.exe (ID = 206021)
11:14 AM: Found Adware: dollarrevenue
11:14 AM: a0052590.exe (ID = 208539)
11:14 AM: a0052568.exe (ID = 198832)
11:14 AM: a0050295.dll (ID = 210149)
11:14 AM: a0052392.dll (ID = 201334)
11:14 AM: a0052358.exe (ID = 213918)
11:15 AM: Found Trojan Horse: trojan-downloader-asdbiz.biz
11:15 AM: a0052373.exe (ID = 80237)
11:15 AM: Found Adware: trojan-downloader-evko.biz
11:15 AM: a0050308.exe (ID = 209454)
11:15 AM: a0050292.exe (ID = 200710)
11:15 AM: a0051377.exe (ID = 80237)
11:15 AM: a0051376.exe (ID = 213919)
11:15 AM: a0052464.exe (ID = 200422)
11:15 AM: a0052374.exe (ID = 80237)
11:15 AM: a0052375.exe (ID = 199804)
11:15 AM: a0052376.exe (ID = 80237)
11:15 AM: a0052593.dll (ID = 207596)
11:15 AM: svwhost.dll (ID = 208429)
11:15 AM: a0051361.exe (ID = 209080)
11:15 AM: a0049282.exe (ID = 213918)
11:15 AM: a0051347.dll (ID = 201334)
11:15 AM: a0052403.exe (ID = 213918)
11:15 AM: a0050347.dll (ID = 201334)
11:15 AM: a0052598.exe (ID = 214074)
11:15 AM: a0049300.exe (ID = 199804)
11:15 AM: a0050361.exe (ID = 213920)
11:15 AM: Found Trojan Horse: trojan-downloader-procounter.biz
11:15 AM: a0052604.exe (ID = 167388)
11:15 AM: a0052412.dll (ID = 210149)
11:15 AM: a0050287.exe (ID = 213920)
11:15 AM: a0052637.exe (ID = 183857)
11:16 AM: a0050299.exe (ID = 199804)
11:16 AM: a0052347.dll (ID = 201334)
11:16 AM: a0052603.dll (ID = 201334)
11:16 AM: a0052615.exe (ID = 213916)
11:16 AM: a0052618.exe (ID = 213919)
11:16 AM: xp_d19[1].exe (ID = 212548)
11:16 AM: a0052638.exe (ID = 183857)
11:16 AM: a0049290.exe (ID = 209080)
11:16 AM: a0052368.dll (ID = 148640)
11:16 AM: a0050293.dll (ID = 148640)
11:16 AM: Found Trojan Horse: trojan-downloader-toolbarbiz
11:16 AM: a0052594.exe (ID = 209449)
11:16 AM: a0049292.exe (ID = 197844)
11:16 AM: Found Trojan Horse: trojan-downloader-vxiframe
11:16 AM: a0051375.exe (ID = 107123)
11:16 AM: a0052451.dll (ID = 206111)
11:17 AM: a0052634.exe (ID = 183857)
11:17 AM: a0049301.exe (ID = 107123)
11:17 AM: a0049298.exe (ID = 192965)
11:17 AM: a0050281.exe (ID = 207513)
11:17 AM: a0050302.exe (ID = 107123)
11:17 AM: a0051365.exe (ID = 197844)
11:17 AM: a0049308.exe (ID = 209454)
11:17 AM: a0052419.exe (ID = 199804)
11:17 AM: a0050289.exe (ID = 213917)
11:17 AM: a0050331.exe (ID = 213918)
11:17 AM: a0050356.exe (ID = 213918)
11:17 AM: a0052463.exe (ID = 203795)
11:17 AM: a0050309.exe (ID = 203593)
11:17 AM: a0051364.exe (ID = 188692)
11:17 AM: a0052605.exe (ID = 167388)
11:17 AM: a0052379.dll (ID = 182012)
11:17 AM: a0050335.exe (ID = 213920)
11:18 AM: a0051372.exe (ID = 199804)
11:18 AM: a0051373.exe (ID = 213916)
11:18 AM: a0051367.exe (ID = 200710)
11:18 AM: a0051380.exe (ID = 198713)
11:18 AM: a0049276.dll (ID = 208429)
11:18 AM: a0052445.dll (ID = 199794)
11:18 AM: a0052561.dll (ID = 198825)
11:18 AM: a0052606.exe (ID = 167388)
11:18 AM: a0052607.exe (ID = 167388)
11:18 AM: a0050275.dll (ID = 208429)
11:18 AM: a0052622.dll (ID = 188587)
11:18 AM: a0052456.exe (ID = 206114)
11:18 AM: a0049295.exe (ID = 200710)
11:18 AM: a0050338.exe (ID = 213917)
11:18 AM: a0052409.exe (ID = 188692)
11:18 AM: a0052365.exe (ID = 213920)
11:18 AM: a0050301.exe (ID = 209563)
11:18 AM: a0050363.exe (ID = 213916)
11:18 AM: a0052414.exe (ID = 210321)
11:19 AM: a0050321.dll (ID = 208429)
11:19 AM: a0052415.exe (ID = 200710)
11:19 AM: a0050348.dll (ID = 208429)
11:19 AM: a0052348.dll (ID = 208429)
11:19 AM: a0052367.exe (ID = 200710)
11:19 AM: a0051349.dll (ID = 208429)
11:19 AM: a0052610.exe (ID = 200422)
11:19 AM: a0051381.dll (ID = 182012)
11:19 AM: a0051379.exe (ID = 203593)
11:19 AM: svwhost.exe (ID = 209563)
11:19 AM: a0050351.exe (ID = 207513)
11:19 AM: a0050330.exe (ID = 207513)
11:19 AM: a0050312.exe (ID = 212282)
11:19 AM: a0052458.exe (ID = 212282)
11:19 AM: a0051374.exe (ID = 209563)
11:19 AM: a0052426.dll (ID = 182012)
11:19 AM: a0052587.dll (ID = 182012)
11:19 AM: a0052430.exe (ID = 203593)
11:19 AM: a0051353.exe (ID = 207513)
11:19 AM: a0052402.exe (ID = 207513)
11:19 AM: a0052382.exe (ID = 209563)
11:19 AM: a0052424.exe (ID = 209563)
11:19 AM: a0052640.exe (ID = 209563)
11:19 AM: a0052595.exe (ID = 209529)
11:19 AM: a0050336.dll (ID = 210149)
11:19 AM: a0052626.exe (ID = 200710)
11:19 AM: a0052393.dll (ID = 208429)
11:19 AM: a0052600.exe (ID = 208985)
11:19 AM: a0052444.exe (ID = 207513)
11:19 AM: a0052574.exe (ID = 207513)
11:19 AM: blank.mht (ID = 200150)
11:19 AM: a0052448.dll (ID = 210149)
11:19 AM: svwhost.dll (ID = 208429)
11:19 AM: a0052565.dll (ID = 198829)
11:20 AM: a0052623.exe (ID = 188692)
11:20 AM: a0052411.exe (ID = 213920)
11:20 AM: a0050339.exe (ID = 213916)
11:20 AM: vxgame2.exe (ID = 210321)
11:20 AM: a0050364.exe (ID = 213919)
11:20 AM: a0050340.exe (ID = 213919)
11:20 AM: a0051356.exe (ID = 213918)
11:20 AM: ztoolbar.xml (ID = 50365)
11:20 AM: a0052429.exe (ID = 80237)
11:21 AM: a0049309.exe (ID = 203593)
11:21 AM: a0052602.exe (ID = 203593)
11:21 AM: a0050303.dll (ID = 182012)
11:21 AM: a0050310.exe (ID = 203593)
11:21 AM: a0052460.exe (ID = 203593)
11:23 AM: a0050291.exe (ID = 213916)
11:23 AM: Found Trojan Horse: mspm-bot
11:23 AM: a0049303.dll (ID = 188591)
11:23 AM: a0052624.exe (ID = 209080)
11:23 AM: a0052628.exe (ID = 202700)
11:24 AM: a0052407.exe (ID = 209080)
11:24 AM: Found Adware: members area dialer
11:24 AM: a0052630.exe (ID = 209730)
11:24 AM: a0052408.exe (ID = 197844)
11:24 AM: a0049289.exe (ID = 213920)
11:24 AM: a0052625.exe (ID = 197844)
11:24 AM: a0050296.exe (ID = 213919)
11:24 AM: a0052567.exe (ID = 198831)
11:24 AM: loadppc[2].exe (ID = 167388)
11:24 AM: Found Trojan Horse: trojan-downloader-hebeeaac
11:24 AM: a0052631.exe (ID = 192341)
11:24 AM: a0052632.exe (ID = 194437)
11:24 AM: loadppc[1].exe (ID = 167388)
11:24 AM: a0052629.exe (ID = 207513)
11:24 AM: a0052461.exe (ID = 209563)
11:24 AM: secure32.html (ID = 184319)
11:24 AM: winhound spyware remover.lnk (ID = 206822)
11:24 AM: paytime[1].txt (ID = 203795)
11:24 AM: a0049302.exe (ID = 209563)
11:24 AM: a0049297.exe (ID = 198713)
11:24 AM: a0049291.exe (ID = 213917)
11:24 AM: a0052377.exe (ID = 213916)
11:24 AM: a0052639.exe (ID = 208556)
11:24 AM: a0049275.dll (ID = 201334)
11:24 AM: a0049307.exe (ID = 80237)
11:24 AM: Found Adware: desktop hijacker
11:24 AM: a0052572.dll (ID = 214326)
11:24 AM: a0052612.exe (ID = 199804)
11:24 AM: a0052597.exe (ID = 54080)
11:24 AM: country[1].htm (ID = 183857)
11:24 AM: a0052592.exe (ID = 208551)
11:24 AM: a0052884.dll (ID = 182012)
11:24 AM: a0050307.exe (ID = 80237)
11:24 AM: a0052596.exe (ID = 183857)
11:24 AM: a0052573.exe (ID = 214325)
11:24 AM: a0049293.exe (ID = 188692)
11:24 AM: a0052420.exe (ID = 213916)
11:24 AM: a0050286.exe (ID = 209080)
11:24 AM: a0052601.exe (ID = 183512)
11:25 AM: a0052620.exe (ID = 208807)
11:25 AM: a0049299.exe (ID = 192909)
11:25 AM: qvxt2.game (ID = 107123)
11:25 AM: a0052986.exe (ID = 107123)
11:25 AM: a0052417.exe (ID = 192965)
11:25 AM: a0052381.exe (ID = 213919)
11:25 AM: qvxt3.game (ID = 107123)
11:25 AM: a0051370.exe (ID = 192965)
11:25 AM: a0051378.exe (ID = 209454)
11:25 AM: a0052627.exe (ID = 192965)
11:25 AM: a0052418.exe (ID = 213917)
11:25 AM: a0052617.exe (ID = 213918)
11:25 AM: a0052416.exe (ID = 192909)
11:25 AM: a0052423.exe (ID = 213919)
11:25 AM: qvxgamet3.exe (ID = 107123)
11:25 AM: qvxt4.game (ID = 80237)
11:25 AM: a0052425.dll (ID = 188591)
11:26 AM: a0050362.exe (ID = 213917)
11:26 AM: a0052608.dll (ID = 188591)
11:26 AM: a0050288.exe (ID = 197844)
11:26 AM: a0050304.dll (ID = 188591)
11:26 AM: Found Adware: cws-aboutblank
11:26 AM: a0052421.exe (ID = 209760)
11:26 AM: a0052366.exe (ID = 198713)
11:26 AM: a0052371.exe (ID = 213917)
11:26 AM: a0051383.dll (ID = 188591)
11:26 AM: a0050290.exe (ID = 188692)
11:26 AM: a0052422.exe (ID = 80237)
11:26 AM: a0049294.exe (ID = 213916)
11:27 AM: a0052589.exe (ID = 142619)
11:27 AM: a0052588.dll (ID = 142618)
11:27 AM: a0052449.dll (ID = 208233)
11:27 AM: a0049296.exe (ID = 213919)
11:27 AM: a0050294.exe (ID = 198713)
11:27 AM: Found Adware: subsearch
11:27 AM: a0052576.dll (ID = 77430)
11:27 AM: a0052362.exe (ID = 188692)
11:27 AM: a0052363.exe (ID = 197844)
11:27 AM: a0052578.exe (ID = 142619)
11:27 AM: a0050298.exe (ID = 192965)
11:28 AM: a0052987.exe (ID = 80237)
11:28 AM: Found Trojan Horse: trojan backdoor ppdoor
11:28 AM: zqliozaa.dll (ID = 79780)
11:28 AM: a0051369.exe (ID = 213917)
11:28 AM: a0052369.exe (ID = 192965)
11:28 AM: a0052361.exe (ID = 209080)
11:28 AM: a0051363.exe (ID = 213920)
11:28 AM: internazionale_ver15.inf (ID = 114205)
11:28 AM: a0051366.dll (ID = 148640)
11:30 AM: birdihuy.dll (ID = 188570)
11:30 AM: ddr64.dll (ID = 150006)
11:30 AM: birdihuy.dll (ID = 188570)
11:30 AM: sev.exe (ID = 209448)
11:30 AM: a0049304.dll (ID = 150006)
11:30 AM: a0049306.dll (ID = 188570)
11:30 AM: a0050305.dll (ID = 188570)
11:30 AM: a0050306.dll (ID = 150006)
11:30 AM: a0052380.dll (ID = 188570)
11:30 AM: a0051382.dll (ID = 188570)
11:30 AM: a0051384.dll (ID = 150006)
11:30 AM: a0052378.dll (ID = 150006)
11:30 AM: a0052427.dll (ID = 188570)
11:30 AM: a0052428.dll (ID = 150006)
11:31 AM: Warning: Failed to open file "d:\i386\qwinsta.ex". The system cannot find the file specified
11:32 AM: Found System Monitor: potentially rootkit-masked files
11:32 AM: qasf.dll (ID = 0)
11:32 AM: qz.dll (ID = 0)
11:32 AM: qdata2.qsd (ID = 0)
11:32 AM: qrv.krn (ID = 0)
11:32 AM: qdata1.qsd (ID = 0)
11:32 AM: qpsbusiness.cch (ID = 0)
11:32 AM: recall.dll (ID = 0)
11:32 AM: recbkup.bpp (ID = 0)
11:32 AM: qyzylorda (ID = 0)
11:32 AM: quikanim.ppt (ID = 0)
11:32 AM: qantas ski club doc.lnk (ID = 0)
11:32 AM: recordnow.exe-09f0e5c3.pf (ID = 0)
11:32 AM: rec.cfg (ID = 0)
11:32 AM: recl.ico (ID = 0)
11:32 AM: recs.ico (ID = 0)
11:32 AM: recommending a strategy.pot (ID = 0)
11:32 AM: qfile.dll (ID = 0)
11:32 AM: rdrm0300.dll (ID = 0)
11:32 AM: quicksilver.wmz (ID = 0)
11:32 AM: queue.py (ID = 0)
11:32 AM: reconvert.py (ID = 0)
11:32 AM: quickhelpbox.wpg (ID = 0)
11:32 AM: quitbox.wpg (ID = 0)
11:32 AM: q2mny.dll (ID = 0)
11:32 AM: qif.dll (ID = 0)
11:32 AM: qread.dll (ID = 0)
11:32 AM: quicksand.wav (ID = 0)
11:32 AM: qtdb.chm (ID = 0)
11:32 AM: qtnew.chm (ID = 0)
11:32 AM: qtpf.chm (ID = 0)
11:32 AM: qtprj.chm (ID = 0)
11:32 AM: qtss.chm (ID = 0)
11:32 AM: qtwp.chm (ID = 0)
11:32 AM: qtnew.bmp (ID = 0)
11:32 AM: recdb.bmp (ID = 0)
11:32 AM: reccdz.wwd (ID = 0)
11:32 AM: recdbz.dat (ID = 0)
11:32 AM: recfuz.wwd (ID = 0)
11:32 AM: rechez.wwd (ID = 0)
11:32 AM: qdata.idx (ID = 0)
11:32 AM: qdata2.idx (ID = 0)
11:32 AM: qdata1.idx (ID = 0)
11:32 AM: rec_options.bmp (ID = 0)
11:32 AM: rec_help.bmp (ID = 0)
11:32 AM: rec_options.bmp (ID = 0)
11:32 AM: rec_help.bmp (ID = 0)
11:32 AM: recf3260.dll (ID = 0)
11:32 AM: qdata.qdf (ID = 0)
11:32 AM: recording.html (ID = 0)
11:32 AM: quopri.py (ID = 0)
11:32 AM: quopri_codec.py (ID = 0)
11:32 AM: quickstartclientcom.html (ID = 0)
11:32 AM: quickstartservercom.html (ID = 0)
11:32 AM: recurse.exe (ID = 0)
11:32 AM: qdata2.qdf (ID = 0)
11:32 AM: q832894.cat (ID = 0)
11:32 AM: quick.im_ (ID = 0)
11:32 AM: rdbss.sys (ID = 0)
11:32 AM: rdchost.dll (ID = 0)
11:32 AM: rdpclip.exe (ID = 0)
11:32 AM: rdpdd.dll (ID = 0)
11:32 AM: rdpwd.sys (ID = 0)
11:32 AM: rdpwsx.dll (ID = 0)
11:32 AM: rdshost.exe (ID = 0)
11:32 AM: quechua boys.jpg (ID = 0)
11:32 AM: quechua woman and baby.jpg (ID = 0)
11:32 AM: quistococha.jpg (ID = 0)
11:32 AM: quechua boys 2.jpg (ID = 0)
11:32 AM: qbp4miniplan.apf (ID = 0)
11:32 AM: qdata.qsd (ID = 0)
11:32 AM: qdata.qel (ID = 0)
11:32 AM: qsapi_plan.dat (ID = 0)
11:32 AM: qdata3.qsd (ID = 0)
11:32 AM: qdata3.qel (ID = 0)
11:32 AM: qabitem.wav (ID = 0)
11:32 AM: qabmenu.wav (ID = 0)
11:32 AM: qdelete.wav (ID = 0)
11:32 AM: qdelete1.wav (ID = 0)
11:32 AM: qdelete2.wav (ID = 0)
11:32 AM: qdelete3.wav (ID = 0)
11:32 AM: qdelete4.wav (ID = 0)
11:32 AM: qmem.wav (ID = 0)
11:32 AM: qmem2.wav (ID = 0)
11:32 AM: qopen.wav (ID = 0)
11:32 AM: qmem3.wav (ID = 0)
11:32 AM: qmem4.wav (ID = 0)
11:32 AM: qopen1.wav (ID = 0)
11:32 AM: qopen10.wav (ID = 0)
11:32 AM: qopen2.wav (ID = 0)
11:32 AM: qopen3.wav (ID = 0)
11:32 AM: qopen4.wav (ID = 0)
11:32 AM: qopen5.wav (ID = 0)
11:32 AM: qsapi_xsel.dat (ID = 0)
11:32 AM: qopen6.wav (ID = 0)
11:32 AM: qopen7.wav (ID = 0)
11:32 AM: qopen8.wav (ID = 0)
11:32 AM: qopen9.wav (ID = 0)
11:32 AM: qopen_99.wav (ID = 0)
11:32 AM: qopen_2000.wav (ID = 0)
11:32 AM: qopen_bell.wav (ID = 0)
11:32 AM: qopen_birds.wav (ID = 0)
11:32 AM: qopen_chimes.wav (ID = 0)
11:32 AM: qopen_ipo.wav (ID = 0)
11:32 AM: ql10wnt.sy_ (ID = 0)
11:32 AM: rdpwd.sy_ (ID = 0)
11:32 AM: quechua woman and baby.tif (ID = 0)
11:32 AM: ql1240.sy_ (ID = 0)
11:32 AM: recshp_u.vss (ID = 0)
11:32 AM: qopen_newsbreak.wav (ID = 0)
11:32 AM: qopen_rickety_mineshaft_of_riches.wav (ID = 0)
11:32 AM: qctwn32.ds (ID = 0)
11:32 AM: qctwn32.ds (ID = 0)
11:32 AM: qctwn32.ds (ID = 0)
11:32 AM: qdv.dl_ (ID = 0)
11:32 AM: ql1080.sy_ (ID = 0)
11:32 AM: qfolder.msi (ID = 0)
11:32 AM: quickprojects.cab (ID = 0)
11:32 AM: rdpcfgex.dll (ID = 0)
11:32 AM: quickprojects.msi (ID = 0)
11:32 AM: qrecord.wav (ID = 0)
11:32 AM: qrecord1.wav (ID = 0)
11:32 AM: rdpwsx.dl_ (ID = 0)
11:32 AM: ql1080.sy_ (ID = 0)
11:32 AM: ql1240.sy_ (ID = 0)
11:32 AM: qappsrv.ex_ (ID = 0)
11:32 AM: qprocess.ex_ (ID = 0)
11:32 AM: ql10wnt.sy_ (ID = 0)
11:32 AM: rdpclip.ex_ (ID = 0)
11:32 AM: quser.ex_ (ID = 0)
11:32 AM: rdf.dll (ID = 0)
11:32 AM: quirk.css (ID = 0)
11:32 AM: recovery.ico (ID = 0)
11:32 AM: recycle.wa_ (ID = 0)
11:32 AM: qmgr.dll (ID = 0)
11:32 AM: query.dll (ID = 0)
11:32 AM: qwinsta.ex_ (ID = 0)
11:32 AM: recycle.ch_ (ID = 0)
11:32 AM: query.exe (ID = 0)
11:32 AM: quser.exe (ID = 0)
11:32 AM: rdpsnd.dll (ID = 0)
11:32 AM: rdsaddin.exe (ID = 0)
11:32 AM: rdpdd.dl_ (ID = 0)
11:32 AM: qappsrv.exe (ID = 0)
11:32 AM: qosname.dll (ID = 0)
11:32 AM: qmgrprxy.dll (ID = 0)
11:32 AM: qprocess.exe (ID = 0)
11:32 AM: rdpcdd.sys (ID = 0)
11:32 AM: qwinsta.exe (ID = 0)
11:32 AM: recover.exe (ID = 0)
11:32 AM: qasf.dl_ (ID = 0)
11:32 AM: ql12160.sy_ (ID = 0)
11:32 AM: recycle.chm (ID = 0)
11:32 AM: ql1280.sy_ (ID = 0)
11:32 AM: recycle.wav (ID = 0)
11:32 AM: qantas 22nd feb ~ 1st mar rooming.lnk (ID = 0)
11:32 AM: rdshost.ex_ (ID = 0)
11:32 AM: quartz.dl_ (ID = 0)
11:32 AM: rdbss.sy_ (ID = 0)
11:32 AM: qmgrprxy.dl_ (ID = 0)
11:32 AM: qosconw.ch_ (ID = 0)
11:32 AM: query.ex_ (ID = 0)
11:32 AM: rdpsnd.dl_ (ID = 0)
11:32 AM: rdsaddin.ex_ (ID = 0)
11:32 AM: rdchost.dl_ (ID = 0)
11:32 AM: qedit.dl_ (ID = 0)
11:32 AM: ql1280.sy_ (ID = 0)
11:32 AM: qdvd.dl_ (ID = 0)
11:32 AM: qt3.dll (ID = 0)
11:32 AM: qic117.htm (ID = 0)
11:32 AM: quick3.htm (ID = 0)
11:32 AM: recording_status_animation0.png (ID = 0)
11:32 AM: recording_status_animation1.png (ID = 0)
11:32 AM: recordstopd.png (ID = 0)
11:32 AM: recordstopdd.png (ID = 0)
11:32 AM: recordstopdh.png (ID = 0)
11:32 AM: recordstopdu.png (ID = 0)
11:32 AM: recordstopdx.png (ID = 0)
11:32 AM: recreational planning articles.doc (ID = 0)
11:32 AM: recordstoph.png (ID = 0)
11:32 AM: recordstopu.png (ID = 0)
11:32 AM: recordstopx.png (ID = 0)
11:32 AM: recreation and wellness.doc (ID = 0)
11:32 AM: qmark.gi_ (ID = 0)
11:32 AM: qmgr.in_ (ID = 0)
11:32 AM: qosname.dl_ (ID = 0)
11:32 AM: quattro.wb_ (ID = 0)
11:32 AM: qcap.dl_ (ID = 0)
11:32 AM: quotes._ (ID = 0)
11:32 AM: qedwipes.dl_ (ID = 0)
11:32 AM: rdpcdd.sy_ (ID = 0)
11:32 AM: rdpcfgex.dl_ (ID = 0)
11:32 AM: rdtone.ht_ (ID = 0)
11:32 AM: recover.ex_ (ID = 0)
11:32 AM: ql12160.sy_ (ID = 0)
11:32 AM: qmgr.dl_ (ID = 0)
11:32 AM: rdo_a3_e.tga (ID = 0)
11:32 AM: rdo_a3_h.tga (ID = 0)
11:32 AM: rdo_a3_n.tga (ID = 0)
11:32 AM: rdo_a3_r.tga (ID = 0)
11:32 AM: rdo_a3_t.tga (ID = 0)
11:32 AM: rdo_a3_u.tga (ID = 0)
11:32 AM: rdo_a4_e.tga (ID = 0)
11:32 AM: rdo_a4_h.tga (ID = 0)
11:32 AM: rdo_a4_n.tga (ID = 0)
11:32 AM: rdo_a4_r.tga (ID = 0)
11:32 AM: rdo_a4_t.tga (ID = 0)
11:32 AM: rdo_a4_u.tga (ID = 0)
11:32 AM: rdo_a5_e.tga (ID = 0)
11:32 AM: rdo_a5_h.tga (ID = 0)
11:32 AM: rdo_a5_n.tga (ID = 0)
11:32 AM: rdo_a5_r.tga (ID = 0)
11:32 AM: rdo_a5_t.tga (ID = 0)
11:32 AM: rdo_a5_u.tga (ID = 0)
11:32 AM: quick.ico (ID = 0)
11:32 AM: rdpwd.sys (ID = 0)
11:32 AM: quick_1.htm (ID = 0)
11:32 AM: quick_2.htm (ID = 0)
11:32 AM: quick_3.htm (ID = 0)
11:32 AM: quick_4.htm (ID = 0)
11:32 AM: quick_5.htm (ID = 0)
11:32 AM: recshp_m.vss_1033 (ID = 0)
11:32 AM: qvxgamet4.exe-0da7d65a.pf (ID = 0)
11:32 AM: q330994.pnf (ID = 0)
11:32 AM: q828750.pnf (ID = 0)
11:32 AM: q832483_271_winxpx.pnf (ID = 0)
11:32 AM: qmgr.pnf (ID = 0)
11:32 AM: qmark.gif (ID = 0)
11:32 AM: rdtone.htm (ID = 0)
11:32 AM: qappsrv.exe (ID = 0)
11:32 AM: qosname.dll (ID = 0)
11:32 AM: qprocess.exe (ID = 0)
11:32 AM: qwinsta.exe (ID = 0)
11:32 AM: qdata3.qdf (ID = 0)
11:32 AM: rdchost.dll (ID = 0)
11:32 AM: rdpclip.exe (ID = 0)
11:32 AM: rdpdd.dll (ID = 0)
11:32 AM: rdpsnd.dll (ID = 0)
11:32 AM: rdpwsx.dll (ID = 0)
11:32 AM: rdsaddin.exe (ID = 0)
11:32 AM: recover.exe (ID = 0)
11:32 AM: qfnerrs (ID = 0)
11:32 AM: quechua boys.tif (ID = 0)
11:32 AM: qwqfn.hlp (ID = 0)
11:32 AM: rdn_si_n.bmp (ID = 0)
11:32 AM: rdn_si_p.bmp (ID = 0)
11:33 AM: rdn_si_t.bmp (ID = 0)
11:33 AM: rdn_si_u.bmp (ID = 0)
11:33 AM: rdn_sl_n.bmp (ID = 0)
11:33 AM: rdn_sl_p.bmp (ID = 0)
11:33 AM: rdn_sl_t.bmp (ID = 0)
11:33 AM: rdn_sl_u.bmp (ID = 0)
11:33 AM: rdn_sp_n.bmp (ID = 0)
11:33 AM: rdn_sp_p.bmp (ID = 0)
11:33 AM: rdn_sp_t.bmp (ID = 0)
11:33 AM: rdn_sp_u.bmp (ID = 0)
11:33 AM: rdn_ss_n.bmp (ID = 0)
11:33 AM: rdn_ss_p.bmp (ID = 0)
11:33 AM: rdn_ss_t.bmp (ID = 0)
11:33 AM: rdn_ss_u.bmp (ID = 0)
11:33 AM: qvxgamet3.exe-2c23b7e6.pf (ID = 0)
11:33 AM: quattro.wb2 (ID = 0)
11:33 AM: qvxgamet2.exe-22db25cc.pf (ID = 0)
11:33 AM: qmark.ac_ (ID = 0)
11:33 AM: query.dl_ (ID = 0)
11:33 AM: q832894.exe (ID = 0)
11:33 AM: q832894.exe (ID = 0)
11:33 AM: q832894.exe (ID = 0)
11:33 AM: q832894.exe (ID = 0)
11:33 AM: q832894.exe (ID = 0)
11:33 AM: q832894.exe (ID = 0)
11:33 AM: q832894.exe (ID = 0)
11:33 AM: q832894.exe (ID = 0)
11:33 AM: q832894.exe (ID = 0)
11:33 AM: q832894.exe (ID = 0)
11:33 AM: rec_btn_cancel.bmp (ID = 0)
11:33 AM: rec_btn_lft.bmp (ID = 0)
11:33 AM: rec_btn_mid.bmp (ID = 0)
11:33 AM: rec_btn_rt.bmp (ID = 0)
11:33 AM: rec_btn_start.bmp (ID = 0)
11:33 AM: rec_btn_tools.bmp (ID = 0)
11:33 AM: rec_no_over_lft.bmp (ID = 0)
11:33 AM: rec_options.bmp (ID = 0)
11:33 AM: rec_sel_lft.bmp (ID = 0)
11:33 AM: qfpstr.sdb (ID = 0)
11:33 AM: qfprodat.ini (ID = 0)
11:33 AM: qwqfnerr.ini (ID = 0)
11:33 AM: qwipa.dll (ID = 0)
11:33 AM: qnet.dll (ID = 0)
11:33 AM: qcomlogo.bmp (ID = 0)
11:33 AM: qwsnap.dll (ID = 0)
11:33 AM: qsac.dll (ID = 0)
11:33 AM: qrep.dll (ID = 0)
11:33 AM: quad.elm (ID = 0)
11:33 AM: qtestm32.dll (ID = 0)
11:33 AM: qdappui.dll (ID = 0)
11:33 AM: qtest32.exe (ID = 0)
11:33 AM: qsapi.dll (ID = 0)
11:33 AM: rec_options.bmp (ID = 0)
11:33 AM: qdata1.qel (ID = 0)
11:33 AM: rec_btn_tools.bmp (ID = 0)
11:33 AM: rec_sel_lft.bmp (ID = 0)
11:33 AM: rec_no_over_lft.bmp (ID = 0)
11:33 AM: rec_btn_cancel.bmp (ID = 0)
11:33 AM: rec_btn_lft.bmp (ID = 0)
11:33 AM: rec_btn_mid.bmp (ID = 0)
11:33 AM: rec_btn_rt.bmp (ID = 0)
11:33 AM: rec_btn_start.bmp (ID = 0)
11:33 AM: qpsmyfi.cch (ID = 0)
11:33 AM: qwplan.dll (ID = 0)
11:33 AM: qdata2.qel (ID = 0)
11:33 AM: qwpr.dll (ID = 0)
11:33 AM: qwsync.dll (ID = 0)
11:33 AM: qwinver.dll (ID = 0)
11:33 AM: qsapi_eng.dll (ID = 0)
11:33 AM: qtax.dll (ID = 0)
11:33 AM: qsetup.dll (ID = 0)
11:33 AM: quicken.htm (ID = 0)
11:33 AM: qvault.dll (ID = 0)
11:33 AM: qbpro.gif (ID = 0)
11:33 AM: quicken.htm (ID = 0)
11:33 AM: q1_color.gif (ID = 0)
11:33 AM: qbc_brand_bottom.gif (ID = 0)
11:33 AM: qbc_brand.gif (ID = 0)
11:33 AM: qbc_header_onestep.gif (ID = 0)
11:33 AM: qbc_overview_table_top.gif (ID = 0)
11:33 AM: qbmc145x145.gif (ID = 0)
11:33 AM: qbp145x145.gif (ID = 0)
11:33 AM: qbppromo.gif (ID = 0)
11:33 AM: qbp_biz_145x145.gif (ID = 0)
11:33 AM: qbp_brand.gif (ID = 0)
11:33 AM: qbp_header_access.gif (ID = 0)
11:33 AM: qbp_header_alternative.gif (ID = 0)
11:33 AM: qbp_header_billsquicke.gif (ID = 0)
11:33 AM: qbp_header_billsquicken.gif (ID = 0)
11:33 AM: qbp_header_billsquicken_d.gif (ID = 0)
11:33 AM: qbp_header_billsweb.gif (ID = 0)
11:33 AM: qbp_header_billsweb_d.gif (ID = 0)
11:33 AM: qbp_header_demo.gif (ID = 0)
11:33 AM: qbp_header_designed.gif (ID = 0)
11:33 AM: qbp_header_how.gif (ID = 0)
11:33 AM: qbp_header_more.gif (ID = 0)
11:33 AM: qbp_reg_logo.bmp (ID = 0)
11:33 AM: qbp_screenshot.gif (ID = 0)
11:33 AM: qb_ss.css (ID = 0)
11:33 AM: qb_ttl_det1.gif (ID = 0)
11:33 AM: qb_ttl_det2.gif (ID = 0)
11:33 AM: qb_ttl_det3.gif (ID = 0)
11:33 AM: qb_ttl_det4.gif (ID = 0)
11:33 AM: qb_ttl_det5.gif (ID = 0)
11:33 AM: qb_ttl_details.gif (ID = 0)
11:33 AM: qb_ttl_nextstep.gif (ID = 0)
11:33 AM: qb_ttl_overvw1.gif (ID = 0)
11:33 AM: qb_ttl_overvw2.gif (ID = 0)
11:33 AM: qcc145x145.gif (ID = 0)
11:33 AM: qcc_brand.gif (ID = 0)
11:33 AM: qcc_brand_bottom.gif (ID = 0)
11:33 AM: qcc_button_white.gif (ID = 0)
11:33 AM: qcc_details_table_top.gif (ID = 0)
11:33 AM: qcc_header_how.gif (ID = 0)
11:33 AM: qcc_header_tracking.gif (ID = 0)
11:33 AM: qcc_overview_table_bot.gif (ID = 0)
11:33 AM: qcc_overview_table_top.gif (ID = 0)
11:33 AM: qcc_screenshot.gif (ID = 0)
11:33 AM: qd_sel.gif (ID = 0)
11:33 AM: qcc_screenshot2.gif (ID = 0)
11:33 AM: qd_tab.gif (ID = 0)
11:33 AM: qloans145x145.gif (ID = 0)
11:33 AM: ql_logo_102x33.gif (ID = 0)
11:33 AM: qn_03.gif (ID = 0)
11:33 AM: qn_01.gif (ID = 0)
11:33 AM: qn_05.gif (ID = 0)
11:33 AM: qn_07.gif (ID = 0)
11:33 AM: qn_08.gif (ID = 0)
11:33 AM: qn_08b.gif (ID = 0)
11:33 AM: qn_09.gif (ID = 0)
11:33 AM: qn_09c.gif (ID = 0)
11:33 AM: qn_11.gif (ID = 0)
11:33 AM: qn_11b.gif (ID = 0)
11:33 AM: qn_11b2.gif (ID = 0)
11:33 AM: qphb_sel.gif (ID = 0)
11:33 AM: qphb_tab.gif (ID = 0)
11:33 AM: qp_confid_guar.gif (ID = 0)
11:33 AM: qp_med_oval.gif (ID = 0)
11:33 AM: qp_screenshot.jpg (ID = 0)
11:33 AM: qp_sel.gif (ID = 0)
11:33 AM: qp_tab.gif (ID = 0)
11:33 AM: qs_onlinebanking.gif (ID = 0)
11:33 AM: qubrok_logo4.gif (ID = 0)
11:33 AM: quicken-logo.gif (ID = 0)
11:33 AM: qs_onlineinvest001.gif (ID = 0)
11:33 AM: quicken.css (ID = 0)
11:33 AM: quicken.gif (ID = 0)
11:33 AM: quicken_cs_black_150.gif (ID = 0)
11:33 AM: quicken_logo2.gif (ID = 0)
11:33 AM: q_red.gif (ID = 0)
11:33 AM: q_supplies_center_ds_110.gif (ID = 0)
11:33 AM: q_401kreg.gif (ID = 0)
11:33 AM: qw_pay_ss.dll (ID = 0)
11:33 AM: qsapi_plan.dll (ID = 0)
11:33 AM: qsapi_xsel.dll (ID = 0)
11:33 AM: qhi.dat (ID = 0)
11:33 AM: qhi.cnt (ID = 0)
11:33 AM: qhi.hlp (ID = 0)
11:33 AM: qhi.exe (ID = 0)
11:33 AM: qconnect.dll (ID = 0)
11:33 AM: qcon32.dll (ID = 0)
11:33 AM: qreqst_vs7.dat (ID = 0)
11:33 AM: qpas4.ocx (ID = 0)
11:33 AM: quicken_1.exe (ID = 0)
11:33 AM: qosconcepts.chm (ID = 0)
11:33 AM: record_1.swf (ID = 0)
11:33 AM: question_icon.jpg (ID = 0)
11:33 AM: q832483_271_winxpx.inf (ID = 0)
11:33 AM: qantas ski club tour 2006 (2).lnk (ID = 0)
11:33 AM: redhat.jpg (ID = 0)
11:33 AM: qtestm32.dll (ID = 0)
11:33 AM: qtest32.exe (ID = 0)
11:33 AM: qtestm32.dll (ID = 0)
11:33 AM: recshp_m.vss_1033 (ID = 0)
11:33 AM: quit.gif (ID = 0)
11:33 AM: quit.bmp (ID = 0)
11:33 AM: q330994.inf (ID = 0)
11:33 AM: q824145.pnf (ID = 0)
11:33 AM: qmgr.inf (ID = 0)
11:33 AM: qtest32.exe (ID = 0)
11:33 AM: quiet.atr (ID = 0)
11:33 AM: quiet_menu.jpg (ID = 0)
11:33 AM: quiet_chapterlist.png (ID = 0)
11:33 AM: quiet_mainmenu.png (ID = 0)
11:33 AM: quiet_next.png (ID = 0)
11:33 AM: quiet_play.png (ID = 0)
11:33 AM: quiet_previous.png (ID = 0)
11:33 AM: quiet_tb.bmp (ID = 0)
11:33 AM: rdbios32.dll (ID = 0)
11:33 AM: rdocurs.dll (ID = 0)
11:33 AM: qdv.dll (ID = 0)
11:33 AM: qedwipes.dll (ID = 0)
11:33 AM: qrpt50.bpl (ID = 0)
11:33 AM: quick.ime (ID = 0)
11:33 AM: q327979.cat (ID = 0)
11:33 AM: q329112.cat (ID = 0)
11:33 AM: q329909.cat (ID = 0)
11:33 AM: q811789.cat (ID = 0)
11:33 AM: q814995.cat (ID = 0)
11:33 AM: q815485.cat (ID = 0)
11:33 AM: q817357.cat (ID = 0)
11:33 AM: q832483_271_winxpx.cat (ID = 0)
11:33 AM: q329256.cat (ID = 0)
11:33 AM: q329623.cat (ID = 0)
11:33 AM: quitremote.exe (ID = 0)
11:33 AM: qt3asset.x32 (ID = 0)
11:33 AM: quicken.chm (ID = 0)
11:33 AM: q832894.exe (ID = 0)
11:33 AM: q832894.exe (ID = 0)
11:33 AM: q832894.exe (ID = 0)
11:33 AM: q330994.inf (ID = 0)
11:33 AM: qtestm32.dll (ID = 0)
11:33 AM: qwic1ai1.htm (ID = 0)
11:33 AM: rdo_a6_e.tga (ID = 0)
11:33 AM: rdo_a2_e.tga (ID = 0)
11:33 AM: rectangular tiles (10%).psd (ID = 0)
11:33 AM: q832894.exe (ID = 0)
11:33 AM: qca.ocx (ID = 0)
11:33 AM: quattro.wb2 (ID = 0)
11:33 AM: qcap.dll (ID = 0)
11:33 AM: qdv.dll (ID = 0)
11:33 AM: qdvd.dll (ID = 0)
11:33 AM: qedit.dll (ID = 0)
11:33 AM: qedwipes.dll (ID = 0)
11:33 AM: quartz.dll (ID = 0)
11:33 AM: quick.ime (ID = 0)
11:33 AM: qcalib.dll (ID = 0)
11:33 AM: rdo_a2_h.tga (ID = 0)
11:33 AM: rdpdr.sys (ID = 0)
11:33 AM: rdo_a2_n.tga (ID = 0)
11:33 AM: q327979.log (ID = 0)
11:33 AM: q329112.log (ID = 0)
11:33 AM: q329909.log (ID = 0)
11:33 AM: q330994.exe (ID = 0)
11:33 AM: q811789.log (ID = 0)
11:33 AM: q814995.log (ID = 0)
11:33 AM: q815485.log (ID = 0)
11:33 AM: q817357.log (ID = 0)
11:33 AM: q329256.log (ID = 0)
11:33 AM: q329623.log (ID = 0)
11:33 AM: rdo_a2_r.tga (ID = 0)
11:33 AM: rdo_a2_t.tga (ID = 0)
11:33 AM: rdo_a6_u.tga (ID = 0)
11:33 AM: rdo_a2_u.tga (ID = 0)
11:33 AM: q810243.cat (ID = 0)
11:33 AM: rdo_a6_h.tga (ID = 0)
11:33 AM: q832894.exe (ID = 0)
11:33 AM: q832894.exe (ID = 0)
11:33 AM: rdr60.mst (ID = 0)
11:33 AM: rdr60enu.itw (ID = 0)
11:33 AM: rdr60enu.mst (ID = 0)
11:33 AM: rdo_a6_n.tga (ID = 0)
11:33 AM: qtest32.exe (ID = 0)
11:33 AM: qmark.class (ID = 0)
11:33 AM: rdr60enu.mst (ID = 0)
11:33 AM: rdo_a6_r.tga (ID = 0)
11:33 AM: rdo_a6_t.tga (ID = 0)
11:33 AM: q832894.exe (ID = 0)
11:33 AM: quit.bmp (ID = 0)
11:33 AM: quit.gif (ID = 0)
11:33 AM: recording stops.ihtm.html (ID = 0)
11:33 AM: recording stops.ihtm.xml (ID = 0)
11:33 AM: recover hp software.ihtm.html (ID = 0)
11:33 AM: recover hp software.ihtm.xml (ID = 0)
11:33 AM: qasf.dll (ID = 0)
11:33 AM: qcap.dll (ID = 0)
11:33 AM: qdv.dll (ID = 0)
11:33 AM: qdvd.dll (ID = 0)
11:33 AM: qedit.dll (ID = 0)
11:33 AM: qedwipes.dll (ID = 0)
11:33 AM: quartz.dll (ID = 0)
11:33 AM: recguard.ini (ID = 0)
11:33 AM: recshp_m.vss_1033 (ID = 0)
11:33 AM: recshp_u.vss (ID = 0)
11:33 AM: recycle.wmf_0001 (ID = 0)
11:33 AM: quickentype.gif (ID = 0)
11:33 AM: record.dll (ID = 0)
11:33 AM: q.class (ID = 0)
11:33 AM: quicktime.mpp (ID = 0)
11:33 AM: qsave.jpg (ID = 0)
11:33 AM: quikpubs.poc (ID = 0)
11:33 AM: recshp_m.vss (ID = 0)
11:33 AM: qsetup_ss.dll (ID = 0)
11:33 AM: qwver.dll (ID = 0)
11:33 AM: qw_accts_ss.dll (ID = 0)
11:33 AM: qw_actpg_ss.dll (ID = 0)
11:33 AM: qw_ouss_ss.dll (ID = 0)
11:33 AM: qshowhelp.dll (ID = 0)
11:33 AM: q2000.bmp (ID = 0)
11:33 AM: quicken.gif (ID = 0)
11:33 AM: recovr32.cnv (ID = 0)
11:33 AM: qtca.chm (ID = 0)
11:33 AM: qwrdrt32.hlp (ID = 0)
11:33 AM: qlive.htm (ID = 0)
11:33 AM: qbp01.dat (ID = 0)
11:33 AM: qcc01.dat (ID = 0)
11:34 AM: qcc02.dat (ID = 0)
11:34 AM: qcc03.dat (ID = 0)
11:34 AM: qcc04.dat (ID = 0)
11:34 AM: recreation.png (ID = 0)
11:34 AM: recife (ID = 0)
11:34 AM: quattro.wb2 (ID = 0)
11:34 AM: quistococha.tif (ID = 0)
11:34 AM: q330994.cat (ID = 0)
11:34 AM: q824145.cat (ID = 0)
11:34 AM: q828750.cat (ID = 0)
11:34 AM: recordnow.chm (ID = 0)
11:34 AM: q.class (ID = 0)
11:34 AM: quicktimeplugin.class (ID = 0)
11:34 AM: qyzylorda (ID = 0)
11:34 AM: queen.png (ID = 0)
11:34 AM: queenattack.wav (ID = 0)
11:34 AM: queenspawn.wav (ID = 0)
11:34 AM: queendie.wav (ID = 0)
11:34 AM: qwplan_ss.dll (ID = 0)
11:34 AM: recshp_u.vss (ID = 0)
11:34 AM: qwcntr.dll (ID = 0)
11:34 AM: qwinet.dll (ID = 0)
11:34 AM: quarantine.dll.update (ID = 0)
11:34 AM: reconcil.xlt (ID = 0)
11:34 AM: recchk.xlt (ID = 0)
11:34 AM: quit.gif (ID = 0)
11:34 AM: quit.bmp (ID = 0)
11:34 AM: recshp_u.vss (ID = 0)
11:34 AM: qtestm32.dll (ID = 0)
11:34 AM: qtest32.exe (ID = 0)
11:34 AM: qmark.class (ID = 0)
11:34 AM: q.class (ID = 0)
11:34 AM: qv561405.cab (ID = 0)
11:34 AM: q5614d01.cab (ID = 0)
11:34 AM: q3561405.cab (ID = 0)
11:34 AM: qmgr0.dat (ID = 0)
11:34 AM: qmgr1.dat (ID = 0)
11:34 AM: q4561405.cab (ID = 0)
11:34 AM: qcom_color.gif (ID = 0)
11:34 AM: qreports.dll (ID = 0)
11:34 AM: qconres.dll (ID = 0)
11:34 AM: qtax.js (ID = 0)
11:34 AM: q2561405.cab (ID = 0)
11:34 AM: qmgr.dll (ID = 0)
11:34 AM: quechua boys 2.tif (ID = 0)
11:34 AM: recrt_m.vss (ID = 0)
11:34 AM: q.class (ID = 0)
11:34 AM: recsale.xlt (ID = 0)
11:34 AM: recpychk.xlt (ID = 0)
11:34 AM: recpo.xlt (ID = 0)
11:34 AM: qasf.dll (ID = 0)
11:34 AM: q.class (ID = 0)
11:34 AM: quad.elm (ID = 0)
11:34 AM: qmark.class (ID = 0)
11:34 AM: qmark.class (ID = 0)
11:34 AM: q.class (ID = 0)
11:34 AM: qmgrprxy.dll (ID = 0)
11:34 AM: q.dat (ID = 0)
11:34 AM: qw.cfg (ID = 0)
11:34 AM: qw.exe (ID = 0)
11:34 AM: qwmain.dll (ID = 0)
11:34 AM: qcomutil.dll (ID = 0)
11:34 AM: qwwin.dll (ID = 0)
11:34 AM: qaccess.dll (ID = 0)
11:34 AM: qdb.dll (ID = 0)
11:34 AM: qindex.dll (ID = 0)
11:34 AM: qdapp.dll (ID = 0)
11:34 AM: qw.rmd (ID = 0)
11:34 AM: qwonline.dll (ID = 0)
11:34 AM: qwapp.dll (ID = 0)
11:34 AM: rdbss.sys (ID = 0)
11:34 AM: rdpcdd.sys (ID = 0)
11:34 AM: avpi64.sys (ID = 0)
11:34 AM: avpi32.dll (ID = 0)
11:34 AM: recguard.exe (ID = 0)
11:34 AM: HKLM\Software\Microsoft\Windows\CurrentVersion\Run || Recguard (ID = 0)
11:34 AM: rdshost.exe (ID = 0)
11:34 AM: qttask.exe (ID = 0)
11:34 AM: recordnow.exe (ID = 0)
11:34 AM: quarantine.dll (ID = 0)
11:34 AM: quartz.dll (ID = 0)
11:34 AM: recycle.wmf_0001 (ID = 0)
11:34 AM: qa06.lnk (ID = 0)
11:34 AM: qtestm32.dll (ID = 0)
11:34 AM: quicken_blk.gif (ID = 0)
11:34 AM: qdata1.qdf (ID = 0)
11:34 AM: ql_logo137x44.gif (ID = 0)
11:34 AM: ql_logo_250x130wurl.gif (ID = 0)
11:34 AM: qtestm32.dll (ID = 0)
11:34 AM: recycle.wmf_0001 (ID = 0)
11:34 AM: qtest32.exe (ID = 0)
11:34 AM: qtplugin.log (ID = 0)
11:34 AM: recycle.wmf_0001 (ID = 0)
11:34 AM: quad.elm (ID = 0)
11:34 AM: quicktimeplugin.class (ID = 0)
11:34 AM: recmoney-01.htm (ID = 0)
11:34 AM: recmoney-02.htm (ID = 0)
11:34 AM: recmoney-03.htm (ID = 0)
11:34 AM: recmoney-04.htm (ID = 0)
11:34 AM: recmoney-05.htm (ID = 0)
11:34 AM: recmoney-06.htm (ID = 0)
11:34 AM: recmoney-07.htm (ID = 0)
11:34 AM: recmoney-08.htm (ID = 0)
11:34 AM: recmoney-09.htm (ID = 0)
11:34 AM: recmoney-10.htm (ID = 0)
11:34 AM: recmoney-11.htm (ID = 0)
11:34 AM: recmoney-12.htm (ID = 0)
11:34 AM: recmoney-13.htm (ID = 0)
11:34 AM: recmoney-14.htm (ID = 0)
11:34 AM: recmoney-15.htm (ID = 0)
11:34 AM: recmoney-16.htm (ID = 0)
11:34 AM: recmoney-17.htm (ID = 0)
11:34 AM: recmoney-18.htm (ID = 0)
11:34 AM: recmoney-19.htm (ID = 0)
11:34 AM: recmoney-20.htm (ID = 0)
11:34 AM: recmoney-21.htm (ID = 0)
11:34 AM: recmoney-22.htm (ID = 0)
11:34 AM: recmoney-23.htm (ID = 0)
11:34 AM: recmoney.htm (ID = 0)
11:34 AM: quicktime player.lnk (ID = 0)
11:34 AM: quicken 2004.lnk (ID = 0)
11:34 AM: quicken scheduled updates.lnk (ID = 0)
11:34 AM: qtest32.exe (ID = 0)
11:34 AM: quicken.ini (ID = 0)
11:34 AM: recordnow!.lnk (ID = 0)
11:34 AM: quarantine.lnk (ID = 0)
11:34 AM: quicken 2004.lnk (ID = 0)
11:34 AM: quicken 2004 tour.lnk (ID = 0)
11:34 AM: quicktime player.lnk (ID = 0)
11:34 AM: quicktime read me.lnk (ID = 0)
11:34 AM: quicktime read me.htm (ID = 0)
11:34 AM: quicktime updater.lnk (ID = 0)
11:34 AM: quicken.ico (ID = 0)
11:34 AM: rdsf3260.dll (ID = 0)
11:34 AM: quicktimeplayer.exe (ID = 0)
11:34 AM: quicktime.qts (ID = 0)
11:34 AM: quicktime.qtp (ID = 0)
11:34 AM: qcf.xml (ID = 0)
11:34 AM: qwutil.dll (ID = 0)
11:34 AM: qspak32.dll (ID = 0)
11:34 AM: quicktimeupdater.exe (ID = 0)
11:34 AM: qconsole.exe (ID = 0)
11:34 AM: quicktimefavorites.qtr (ID = 0)
11:34 AM: q.class (ID = 0)
11:34 AM: qmark.class (ID = 0)
11:34 AM: quicktimestreamingextras.qtx (ID = 0)
11:34 AM: quicktimecapture.qtx (ID = 0)
11:34 AM: quicktimevrauthoring.qtx (ID = 0)
11:34 AM: quicktime3gpp.qtx (ID = 0)
11:34 AM: quit.gif (ID = 0)
11:34 AM: quit.bmp (ID = 0)
11:34 AM: quicktimeimage.qtx (ID = 0)
11:34 AM: quicktimestreamingauthoring.qtx (ID = 0)
11:34 AM: quicktimempeg.qtx (ID = 0)
11:34 AM: quicktimeeffects.qtx (ID = 0)
11:34 AM: quicktimeessentials.qtx (ID = 0)
11:34 AM: quicktimempeg4.qtx (ID = 0)
11:34 AM: quicktimeauthoring.qtx (ID = 0)
11:34 AM: quicktimeinternetextras.qtx (ID = 0)
11:34 AM: quicktimewebhelper.qtx (ID = 0)
11:34 AM: quicktimevr.qtx (ID = 0)
11:34 AM: quicktimempeg4authoring.qtx (ID = 0)
11:34 AM: quicktimemusic.qtx (ID = 0)
11:34 AM: quicktimestreaming.qtx (ID = 0)
11:34 AM: quicktimemusicalinstruments.qtx (ID = 0)
11:34 AM: qedit.dll (ID = 0)
11:34 AM: qmark.class (ID = 0)
11:34 AM: qcap.dll (ID = 0)
11:34 AM: qdvd.dll (ID = 0)
11:34 AM: q.class (ID = 0)
11:34 AM: qtplugin.ocx (ID = 0)
11:34 AM: recordnow.exe (ID = 0)
11:34 AM: recordnow.skn (ID = 0)
11:34 AM: recshp_m.vss_1033 (ID = 0)
11:34 AM: quar32.dll (ID = 0)
11:34 AM: quad.elm (ID = 0)
11:34 AM: qmark.class (ID = 0)
11:34 AM: qtjava.jar (ID = 0)
11:34 AM: query.dll (ID = 0)
11:34 AM: qt-mt335.dll (ID = 0)
11:34 AM: qmark.class (ID = 0)
11:34 AM: rec_img.dll (ID = 0)
11:34 AM: qsetup_ss.dat (ID = 0)
11:34 AM: qw_accts_ss.dat (ID = 0)
11:34 AM: qwplan_ss.dat (ID = 0)
11:34 AM: qw_actpg_ss.dat (ID = 0)
11:34 AM: qw_ouss_ss.dat (ID = 0)
11:34 AM: qw_pay_ss.dat (ID = 0)
11:34 AM: qt2.dll (ID = 0)
11:34 AM: quad precision.saf (ID = 0)
11:34 AM: qtestm32.dll (ID = 0)
11:34 AM: qtest32.exe (ID = 0)
11:34 AM: qa01.lnk (ID = 0)
11:34 AM: recgj.xlt (ID = 0)
11:34 AM: quit.gif (ID = 0)
11:34 AM: quit.bmp (ID = 0)
11:34 AM: recdep.xlt (ID = 0)
11:34 AM: record.dll (ID = 0)
11:34 AM: recdev.dll (ID = 0)
11:34 AM: qtrtt.xlt (ID = 0)
11:34 AM: quicktime player.lnk (ID = 0)
11:34 AM: qz.sys (ID = 0)
11:34 AM: q5614a01.cab (ID = 0)
11:34 AM: q5614b01.cab (ID = 0)
11:34 AM: q5614c01.cab (ID = 0)
11:34 AM: qmark.acs (ID = 0)
11:34 AM: q832894.inf (ID = 0)
11:34 AM: q832894.cat (ID = 0)
11:34 AM: q824145.cat (ID = 0)
11:34 AM: q330994.cat (ID = 0)
11:34 AM: q828750.cat (ID = 0)
11:34 AM: q832894.pnf (ID = 0)
11:34 AM: rdpcfgex.dll (ID = 0)
11:34 AM: q331958.log (ID = 0)
11:34 AM: q331958.cat (ID = 0)
11:34 AM: q810243.log (ID = 0)
11:34 AM: qwest.gif (ID = 0)
11:34 AM: qwelcome.gif (ID = 0)
11:34 AM: qbp.htm (ID = 0)
11:34 AM: recommen.htm (ID = 0)
11:34 AM: quicktimeplayerextras.qpx (ID = 0)
11:34 AM: qtplugininstaller.exe (ID = 0)
11:34 AM: qtuninst.dll (ID = 0)
11:34 AM: quicktime.cpl (ID = 0)
11:34 AM: quicktimecheck.ocx (ID = 0)
11:34 AM: qtinfo.exe (ID = 0)
11:34 AM: quicktimeupdatehelper.exe (ID = 0)
11:34 AM: quicklaunch.lnk (ID = 0)
11:34 AM: quad precision.saf (ID = 0)
11:34 AM: recordnow!.recordnowsendtoext (ID = 0)
11:34 AM: quote.gif (ID = 0)
11:34 AM: quote.htm (ID = 0)
11:34 AM: recordnow help.lnk (ID = 0)
11:34 AM: recordnow!.recordnowsendtoext (ID = 0)
11:34 AM: recordnow!.recordnowsendtoext (ID = 0)
11:34 AM: recife (ID = 0)
11:34 AM: qatar (ID = 0)
11:34 AM: questions and answers about snow.url (ID = 0)
11:34 AM: quad.inf (ID = 0)
11:34 AM: rec_help.bmp (ID = 0)
11:34 AM: quaropts.dat (ID = 0)
11:34 AM: qatar (ID = 0)
11:34 AM: recovery.lnk (ID = 0)
11:34 AM: qic117.txt (ID = 0)
11:34 AM: quick3.txt (ID = 0)
11:34 AM: quad.inf (ID = 0)
11:34 AM: quad.inf (ID = 0)
11:34 AM: qantas ski club.url (ID = 0)
11:34 AM: qantas ski club.url (ID = 0)
11:34 AM: qantas staff travel.url (ID = 0)
11:34 AM: quad.inf (ID = 0)
11:34 AM: stt82.ini (ID = 0)
11:34 AM: klgcptini.dat (ID = 0)
11:34 AM: redir.a3d (ID = 0)
11:34 AM: recache.idx (ID = 0)
11:34 AM: qdata2.qph (ID = 0)
11:34 AM: record.profile (ID = 0)
11:34 AM: qdata1.qph (ID = 0)
11:34 AM: ques.htm (ID = 0)
11:34 AM: quorea.htm (ID = 0)
11:34 AM: ques.htm (ID = 0)
11:34 AM: qbpbs.ini (ID = 0)
11:34 AM: qbp_table_dual_bottom.gif (ID = 0)
11:34 AM: qbp_table_dual_top.gif (ID = 0)
11:34 AM: qcc_overview_table_lt.gif (ID = 0)
11:34 AM: qcc_overview_table_rt.gif (ID = 0)
11:34 AM: qn_09b.gif (ID = 0)
11:34 AM: qn_10.gif (ID = 0)
11:34 AM: qn_12.gif (ID = 0)
11:34 AM: qn_18.gif (ID = 0)
11:34 AM: qn_22.gif (ID = 0)
11:34 AM: qn_23.gif (ID = 0)
11:34 AM: qn_24.gif (ID = 0)
11:34 AM: qn_25.gif (ID = 0)
11:34 AM: qwitem.ipa (ID = 0)
11:34 AM: qif_ub.dat (ID = 0)
11:34 AM: qwprem.dat (ID = 0)
11:34 AM: qwsb.dat (ID = 0)
11:34 AM: qwpa.ini (ID = 0)
11:34 AM: qif_ub.dat (ID = 0)
11:34 AM: q.gif (ID = 0)
11:34 AM: qclick.wav (ID = 0)
11:34 AM: qcompub.key (ID = 0)
11:34 AM: qnet.dat (ID = 0)
11:34 AM: qappid.ini (ID = 0)
11:34 AM: qappid.ini (ID = 0)
11:34 AM: qappid.ini (ID = 0)
11:34 AM: qappid.ini (ID = 0)
11:34 AM: qwpkg.cfg (ID = 0)
11:34 AM: qwtaxes.dat (ID = 0)
11:34 AM: qtax.htm (ID = 0)
11:34 AM: qappid.ini (ID = 0)
11:34 AM: qdata.qph (ID = 0)
11:34 AM: qwimp.ini (ID = 0)
11:34 AM: qdata3.qph (ID = 0)
11:34 AM: qantas customer service & cabin crew entry page - cs 2529.url (ID = 0)
11:34 AM: rec_no_over_mid.bmp (ID = 0)
11:34 AM: rec_no_over_rt.bmp (ID = 0)
11:34 AM: rec_sel_mid.bmp (ID = 0)
11:34 AM: rec_sel_rt.bmp (ID = 0)
11:34 AM: rec_upgrd_lft.bmp (ID = 0)
11:34 AM: rec_stat_lft.bmp (ID = 0)
11:34 AM: rec_stat_mid.bmp (ID = 0)
11:34 AM: rec_stat_rt.bmp (ID = 0)
11:34 AM: rec_upgrd_mid.bmp (ID = 0)
11:34 AM: rec_upgrd_rt.bmp (ID = 0)
11:34 AM: rec_help.bmp (ID = 0)
11:34 AM: rec_sel_mid.bmp (ID = 0)
11:34 AM: rec_sel_rt.bmp (ID = 0)
11:34 AM: rec_no_over_mid.bmp (ID = 0)
11:34 AM: rec_no_over_rt.bmp (ID = 0)
11:34 AM: rec_stat_lft.bmp (ID = 0)
11:34 AM: rec_stat_mid.bmp (ID = 0)
11:34 AM: rec_stat_rt.bmp (ID = 0)
11:34 AM: rec_upgrd_lft.bmp (ID = 0)
11:34 AM: rec_upgrd_mid.bmp (ID = 0)
11:34 AM: rec_upgrd_rt.bmp (ID = 0)
11:35 AM: ql1280.sys (ID = 0)
11:35 AM: Warning: File not found
11:35 AM: Warning: Invalid file - not a PKZip file
11:35 AM: Warning: Unhandled Archive Type
11:35 AM: Warning: Invalid file - not a PKZip file
11:35 AM: Warning: Invalid file - not a PKZip file
11:35 AM: Warning: Invalid file - not a PKZip file
11:35 AM: Warning: Invalid file - not a PKZip file
11:35 AM: Warning: Invalid file - not a PKZip file
11:35 AM: Warning: Invalid file - not a PKZip file
11:35 AM: Warning: Invalid file - not a PKZip file
11:35 AM: Warning: Invalid file - not a PKZip file
11:35 AM: Warning: Invalid file - not a PKZip file
11:35 AM: Warning: Invalid file - not a PKZip file
11:35 AM: quicktime player.lnk (ID = 0)
11:35 AM: quicken 2004.lnk (ID = 0)
11:35 AM: recordnow!.lnk (ID = 0)
11:35 AM: quarantine.lnk (ID = 0)
11:35 AM: quicken 2004.lnk (ID = 0)
11:35 AM: quicken 2004 tour.lnk (ID = 0)
11:35 AM: quicktime player.lnk (ID = 0)
11:35 AM: quicktime read me.lnk (ID = 0)
11:35 AM: quicktime updater.lnk (ID = 0)
11:35 AM: quicktime player.lnk (ID = 0)
11:36 AM: recordnow help.lnk (ID = 0)
11:36 AM: File Sweep Complete, Elapsed Time: 00:23:26
11:36 AM: Full Sweep has completed. Elapsed time 00:25:22
11:36 AM: Traces Found: 1610
11:37 AM: Removal process initiated
11:37 AM: Quarantining All Traces: 3proxy
11:37 AM: Quarantining All Traces: cws-aboutblank
11:37 AM: Quarantining All Traces: downloader-buffy
11:37 AM: Quarantining: potentially rootkit-masked files
11:37 AM: Registry: HKLM: Software\Microsoft\Windows\CurrentVersion\Run || Recguard
11:37 AM: Quarantining All Traces: spysheriff
11:37 AM: Quarantining All Traces: trojan-backdoor-5sec
11:37 AM: Quarantining All Traces: trojan-backdoor-haxdoor
11:37 AM: Quarantining All Traces: trojan-backdoor-satellite
11:37 AM: Quarantining All Traces: trojan-backdoor-securemulti
11:37 AM: Quarantining All Traces: trojan-backdoor-us15info
11:37 AM: Quarantining All Traces: trojan-backdoor-zubox
11:37 AM: Quarantining All Traces: trojan-downloader-hebeeaac
11:37 AM: Quarantining All Traces: trojan-downloader-pr-corp
11:37 AM: Quarantining All Traces: trojan-downloader-procounter.biz
11:37 AM: Quarantining All Traces: trojan-downloader-vxiframe
11:37 AM: Quarantining All Traces: azsearch toolbar
11:37 AM: Quarantining All Traces: coolwebsearch (cws)
11:37 AM: Quarantining All Traces: fastfind
11:37 AM: Quarantining All Traces: mspm-bot
11:37 AM: Quarantining All Traces: trojan backdoor ppdoor
11:37 AM: Quarantining All Traces: trojan-backdoor-core.psyche-evolution.com
11:37 AM: Quarantining All Traces: trojan-downloader-2pursuit
11:37 AM: Quarantining All Traces: trojan-downloader-asdbiz.biz
11:37 AM: Quarantining All Traces: trojan-downloader-infectedhost
11:37 AM: Quarantining All Traces: trojan-downloader-toolbarbiz
11:37 AM: Quarantining All Traces: trojan-phisher-egold
11:37 AM: Quarantining All Traces: 7adpower
11:37 AM: Quarantining All Traces: desktop hijacker
11:37 AM: Quarantining All Traces: dollarrevenue
11:37 AM: Quarantining All Traces: members area dialer
11:37 AM: Quarantining All Traces: subsearch
11:37 AM: Quarantining All Traces: trojan-downloader-evko.biz
11:37 AM: Quarantining All Traces: winhound spyware remover
11:38 AM: Removal process completed. Elapsed time 00:01:34
********
11:04 AM: | Start of Session, Saturday, 31 December 2005 |
11:04 AM: Spy Sweeper started
11:09 AM: Your spyware definitions have been updated.
11:10 AM: | End of Session, Saturday, 31 December 2005 |

Hope you have had a great xmas and all the best for the new year. Its 30+ degrees celcius here everyday - hot and humid. I'm sure its a little cooler where you're from!

Cheers :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP