Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Internet Problem
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 12-01-2006, 04:31 PM   #1 (permalink)
Registered User
 
Join Date: Nov 2006
Posts: 17
OS: xp home sp2, xp pro


Internet Problem
Ihaving a problem with IE shutting down when tryingto search with google as well as i can not even get firx to start up.


Logfile of HijackThis v1.99.1
Scan saved at 6:37:11 PM, on 12/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\DownloadManager\MPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DownloadManager\DownloadManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\Program Files\Pop Up Stopper and Ad Killer\pusak.exe" -minimized
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DaemonTools_WhenUSaveNow_Installer] C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DownloadManager] "C:\Program Files\DownloadManager\MPTray.exe"
O4 - HKCU\..\Run: [SysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /scan
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: PlanetLuck.com - {6F477182-DE4F-4326-ACE3-3110A676771B} - C:\Program Files\Planetluck Casino\bin\IEExtension_PL.dll
O9 - Extra 'Tools' menuitem: PlanetLuck.com - {6F477182-DE4F-4326-ACE3-3110A676771B} - C:\Program Files\Planetluck Casino\bin\IEExtension_PL.dll
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball...GameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0036.exe
O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} - http://www.clickedyclick.com/Downloa...sloader_v3.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/pl...IM.9.5.1.8.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: distributed.net client (dnetc) - Unknown owner - C:\WINDOWS\system32\iosdt\iosdt.exe (file missing)
Last edited by jspatriots; 12-01-2006 at 04:38 PM.
jspatriots is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 12-02-2006, 03:09 PM   #2 (permalink)
Mentor, Analyst - Security Team
 
Deckard's Avatar
 
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows


Hello jspatriots, welcome to TSF and thanks for your patience. You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

You have malware that is hiding from HijackThis. Please rename HijackThis.exe to Deckard.exe and scan your computer again. Post that log for me and I will then give you instructions on how to remove it from your system.

Thanks,
__________________
The chance to begin again in a golden land of opportunity and adventure.

Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all.


UNITE/ASAP: Proud member since 2006
Deckard is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-02-2006, 04:35 PM   #3 (permalink)
Registered User
 
Join Date: Nov 2006
Posts: 17
OS: xp home sp2, xp pro


Here it is thank you for your help

Logfile of HijackThis v1.99.1
Scan saved at 6:35:25 PM, on 12/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Pop Up Stopper and Ad Killer\pusak.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\deckard.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Local Spool support DLL - {20C9D850-244D-10E1-B3C1-20805E499D95} - C:\WINDOWS\system32\winspl32.dll (file missing)
O2 - BHO: Local Spool support DLL - {20C9D850-244D-11E1-B3C9-10805E499D95} - C:\WINDOWS\system32\loclspl.dll (file missing)
O2 - BHO: (no name) - {22999298-DA98-48CB-99A9-A8B30111ACAc} - C:\WINDOWS\system32\srujlntx.dll
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\edbfbtyr.dll
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {8F6F5DFF-D684-4F37-B151-3A5E14501A16} - C:\WINDOWS\system\cent.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\Program Files\Pop Up Stopper and Ad Killer\pusak.exe" -minimized
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DaemonTools_WhenUSaveNow_Installer] C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DownloadManager] "C:\Program Files\DownloadManager\MPTray.exe"
O4 - HKCU\..\Run: [SysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /scan
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: PlanetLuck.com - {6F477182-DE4F-4326-ACE3-3110A676771B} - C:\Program Files\Planetluck Casino\bin\IEExtension_PL.dll
O9 - Extra 'Tools' menuitem: PlanetLuck.com - {6F477182-DE4F-4326-ACE3-3110A676771B} - C:\Program Files\Planetluck Casino\bin\IEExtension_PL.dll
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball...GameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0036.exe
O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} - http://www.clickedyclick.com/Downloa...sloader_v3.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/pl...IM.9.5.1.8.cab
O20 - Winlogon Notify: cent - C:\WINDOWS\system\cent.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: distributed.net client (dnetc) - Unknown owner - C:\WINDOWS\system32\iosdt\iosdt.exe (file missing)
jspatriots is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-02-2006, 05:09 PM   #4 (permalink)
Mentor, Analyst - Security Team
 
Deckard's Avatar
 
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows


You may wish to Subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools (above the first post), then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any.


P2P Software
I see you have P2P software (i.e. Limewire) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.


Download ComboFix
Please download ComboFix to your Desktop. Highlight and copy the following:
"%userprofile%\desktop\combofix.exe" /v srujlntx edbfbtyr cent
Then go to Start > Run, paste it into the text field, and then click OK.
While ComboFix is running, please do not click or move the window, as this may cause the tool to stall. When the tool has finished, it will produce a log for you and save it as C:\ComboFix.txt. Post that log in your next reply.


With Your Next Post...
Please paste the following with your next reply (in this order please):
  1. The content of C:\ComboFix.txt,
  2. a new HiJackThis log taken after ComboFix finishes.
Let me know if your browser has stopped crashing. We still have quite a bit to clean up, but I want to see if we can knock off that problem off ASAP.
__________________
The chance to begin again in a golden land of opportunity and adventure.

Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all.


UNITE/ASAP: Proud member since 2006
Deckard is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-02-2006, 05:43 PM   #5 (permalink)
Registered User
 
Join Date: Nov 2006
Posts: 17
OS: xp home sp2, xp pro


combo fix
Jeff - 06-12-02 19:18:06.06 Service Pack 2
ComboFix 06.12.01W - Running from: "C:\Documents and Settings\Jeff\desktop"
Command switches used :: /v srujlntx edbfbtyr cent

(((((((((((((((((((((((((((((((((((((((((((((((( Vundo Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\srujlntx.dll
C:\WINDOWS\system32\edbfbtyr.dll
C:\WINDOWS\system32\drivers\dp.sys


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\p2pnetworking.exe
C:\xz.exe
C:\Program Files\Common Files\download
C:\Program Files\winupdate
C:\Program Files\winupdates


((((((((((((((((((((((((((((((( Files Created from 2006-11-02 to 2006-12-02 ))))))))))))))))))))))))))))))))))


2006-12-02 19:34 <DIR> d-------- C:\WINDOWS\erdnt
2006-12-01 20:12 126,996 --a------ C:\WINDOWS\SYSTEM32\iphyesad.dll
2006-12-01 18:59 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2006-12-01 18:59 <DIR> d-------- C:\Program Files\Grisoft
2006-12-01 18:57 <DIR> d-------- C:\Program Files\CleanUp!
2006-12-01 18:35 <DIR> d-------- C:\hjt
2006-11-28 08:02 88,340 --a------ C:\WINDOWS\SYSTEM32\ccrftkou.exe
2006-11-28 08:02 <DIR> d-------- C:\Program Files\VSAdd-in
2006-11-27 19:08 1,422,438 ---hs---- C:\WINDOWS\SYSTEM\tnec.ini2
2006-11-26 07:58 126,996 --a------ C:\WINDOWS\SYSTEM32\eymwpohc.dll
2006-11-23 08:01 38,420 --a------ C:\WINDOWS\SYSTEM32\itpdxfdh.dll
2006-11-23 08:01 1,488,318 ---hs---- C:\WINDOWS\SYSTEM\tnec.bak2
2006-11-21 08:00 692,244 ---hs---- C:\WINDOWS\SYSTEM\cent.dll
2006-11-21 08:00 1,441,243 ---hs---- C:\WINDOWS\SYSTEM\tnec.bak1
2006-11-19 07:59 126,996 --a------ C:\WINDOWS\SYSTEM32\fxdhuiqd.dll
2006-11-07 15:48 <DIR> d-------- C:\WINDOWS\WBEM
2006-11-07 15:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\en-US
2006-11-07 15:46 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-11-07 15:44 121,856 --------- C:\WINDOWS\SYSTEM32\xmllite.dll
2006-11-07 15:44 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-07 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-11-05 13:57 131,604 --a------ C:\WINDOWS\SYSTEM32\jkqogcof.dll
2006-11-04 19:11 60,436 --a------ C:\WINDOWS\SYSTEM32\vvvstlpg.dll
2006-11-04 19:11 110,612 --a------ C:\WINDOWS\SYSTEM32\asudajla.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-02 19:33 -------- d-------- C:\Program Files\Common Files
2006-11-24 18:42 -------- d-------- C:\Program Files\VSToolbar
2006-11-23 15:47 -------- d-------- C:\Program Files\PartyGaming
2006-11-07 15:50 -------- d-------- C:\Program Files\Internet Explorer
2006-10-27 15:09 6049280 --------- C:\WINDOWS\SYSTEM32\ieframe.dll
2006-10-27 15:09 50688 --------- C:\WINDOWS\SYSTEM32\msfeedsbs.dll
2006-10-27 15:09 458752 --------- C:\WINDOWS\SYSTEM32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
2006-10-27 15:09 180736 --------- C:\WINDOWS\SYSTEM32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\SYSTEM32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\SYSTEM32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll
2006-10-26 10:07 67604 --a------ C:\WINDOWS\SYSTEM32\wjsxkbrx.exe
2006-10-21 12:06 -------- d-------- C:\Program Files\7sultans
2006-10-17 13:06 78336 --a------ C:\WINDOWS\SYSTEM32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\SYSTEM32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\SYSTEM32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\SYSTEM32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\SYSTEM32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\SYSTEM32\corpol.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\SYSTEM32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\SYSTEM32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\SYSTEM32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\SYSTEM32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\SYSTEM32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\SYSTEM32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\SYSTEM32\ieapfltr.dll
2006-10-15 17:42 143380 --a------ C:\WINDOWS\SYSTEM32\ixsxuhts.exe
2006-10-14 17:42 143380 --a------ C:\WINDOWS\SYSTEM32\qufguvtp.exe
2006-10-13 14:53 143380 --a------ C:\WINDOWS\SYSTEM32\dyrpdgjl.exe
2006-10-13 07:35 142336 --a------ C:\WINDOWS\SYSTEM32\nwprovau.dll
2006-10-12 14:52 98324 --a------ C:\WINDOWS\SYSTEM32\xonnrawi.dll
2006-10-12 14:52 143380 --a------ C:\WINDOWS\SYSTEM32\jnfbrwug.exe
2006-10-11 14:51 143380 --a------ C:\WINDOWS\SYSTEM32\oiiwrbjs.exe
2006-10-10 14:50 86036 --a------ C:\WINDOWS\SYSTEM32\tqvghulx.dll
2006-10-10 14:50 143380 --a------ C:\WINDOWS\SYSTEM32\uubmpaxq.exe
2006-10-01 14:57 49 --a------ C:\Documents and Settings\Jeff\Application Data\internaldb41.dat
2006-10-01 14:57 334 --a------ C:\Documents and Settings\Jeff\Application Data\internaldb1942.dat
2006-10-01 14:56 13046 --a------ C:\Documents and Settings\Jeff\Application Data\internaldb5436.dat
2006-10-01 14:56 0 --a------ C:\Documents and Settings\Jeff\Application Data\internaldb4604.dat
2006-09-30 11:26 177152 --a------ C:\Documents and Settings\Jeff\Application Data\internaldb4827.dat
2006-09-21 14:03 0 --a------ C:\Documents and Settings\Jeff\Application Data\internaldb153.dat
2006-09-18 16:27 86068 --a------ C:\WINDOWS\SYSTEM32\njfnqpsn.dll
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2006-09-06 17:43 22752 --a------ C:\WINDOWS\SYSTEM32\spupdsvc.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"DownloadManager"="\"C:\\Program Files\\DownloadManager\\MPTray.exe\""
"SysProtect Free"="\"C:\\Program Files\\SysProtect Free\\USYP.exe\" /scan"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"sureshotpopupkiller"="\"C:\\Program Files\\Pop Up Stopper and Ad Killer\\pusak.exe\" -minimized"
"EPSON Stylus Photo R200 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2H1.EXE /P30 \"EPSON Stylus Photo R200 Series\" /O6 \"USB001\" /M \"Stylus Photo R200\""
"DaemonTools_WhenUSaveNow_Installer"="C:\\Program Files\\DaemonTools_WhenUSaveNow_Installer\\DaemonTools_WhenUSaveNow_Installer.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://i7.ebayimg.com/03/i/03/40/a5/2c_2.JPG"
"SubscribedURL"="http://i7.ebayimg.com/03/i/03/40/a5/2c_2.JPG"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,b8,01,00,00,18,01,00,00,c8,00,00,00,97,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,19,01,00,00,c8,00,00,00,96,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,02,06,41,c0,b4,74,98,f8,fb,07,68,de,02,06,20,6d,\
02,06,08,4b,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:ff,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Dialer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Verizon Online Dialer.lnk"
"backup"="C:\\WINDOWS\\pss\\Verizon Online Dialer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\VERIZO~1\\ConnMgr\\VERIZO~1.EXE /S"
"item"="Verizon Online Dialer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Verizon Online Support Center.lnk"
"backup"="C:\\WINDOWS\\pss\\Verizon Online Support Center.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\VERIZO~1\\SUPPOR~1\\bin\\matcli.exe -boot"
"item"="Verizon Online Support Center"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jeff^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"path"="C:\\Documents and Settings\\Jeff\\Start Menu\\Programs\\Startup\\LimeWire On Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\LimeWire On Startup.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\LimeWire\\LimeWire.exe -startup"
"item"="LimeWire On Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Support"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Dell\\EUSW\\Support.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDonkey2000]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="edonkey2000"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\eDonkey2000\\edonkey2000.exe\" -t"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Pass]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MediaPassK"
"hkey"="HKLM"
"command"="C:\\Program Files\\Media Pass\\MediaPassK.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\VERIZO~1\\SUPPOR~1\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preview AdService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PrevAdServ"
"hkey"="HKLM"
"command"="C:\\Program Files\\Preview AdService\\PrevAdServ.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sen]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tlii"
"hkey"="HKCU"
"command"="C:\\Program Files\\bama\\tlii.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SFP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vzSFPWin"
"hkey"="HKCU"
"command"="C:\\Program Files\\Common Files\\Verizon Online\\SFP\\vzSFPWin.EXE /s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TizzleTalk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TizzleTalk"
"hkey"="HKLM"
"command"="C:\\Program Files\\TizzleTalk\\TizzleTalk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tsa2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tsm2"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\tsa\\tsm2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall_TBPS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TBuninst"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\Temp\\TBuninst.exe /remove"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdStatus]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinStat"
"hkey"="HKLM"
"command"="C:\\Program Files\\Windows AdStatus\\WinStat.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WToolsA"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsA.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

Completion time: 06-12-02 19:37:00.67
C:\ComboFix.txt ... 06-12-02 19:36

hjt log

Logfile of HijackThis v1.99.1
Scan saved at 7:41:43 PM, on 12/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Pop Up Stopper and Ad Killer\pusak.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DownloadManager\MPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DownloadManager\DownloadManager.exe
C:\WINDOWS\system32\Notepad.exe
C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
C:\WINDOWS\explorer.exe
C:\hjt\deckard.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0FBDCCB8-7D6E-4F8D-BDE7-6D7B16B9C2D8} - C:\WINDOWS\system\cent.dll
O2 - BHO: Local Spool support DLL - {20C9D850-244D-10E1-B3C1-20805E499D95} - C:\WINDOWS\system32\winspl32.dll (file missing)
O2 - BHO: Local Spool support DLL - {20C9D850-244D-11E1-B3C9-10805E499D95} - C:\WINDOWS\system32\loclspl.dll (file missing)
O2 - BHO: (no name) - {22999298-DA98-48CB-99A9-A8B30111ACAc} - C:\WINDOWS\system32\srujlntx.dll (file missing)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\edbfbtyr.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\Program Files\Pop Up Stopper and Ad Killer\pusak.exe" -minimized
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DaemonTools_WhenUSaveNow_Installer] C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DownloadManager] "C:\Program Files\DownloadManager\MPTray.exe"
O4 - HKCU\..\Run: [SysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /scan
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: PlanetLuck.com - {6F477182-DE4F-4326-ACE3-3110A676771B} - C:\Program Files\Planetluck Casino\bin\IEExtension_PL.dll
O9 - Extra 'Tools' menuitem: PlanetLuck.com - {6F477182-DE4F-4326-ACE3-3110A676771B} - C:\Program Files\Planetluck Casino\bin\IEExtension_PL.dll
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball...GameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0036.exe
O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} - http://www.clickedyclick.com/Downloa...sloader_v3.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/pl...IM.9.5.1.8.cab
O20 - Winlogon Notify: cent - C:\WINDOWS\system\cent.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: distributed.net client (dnetc) - Unknown owner - C:\WINDOWS\system32\iosdt\iosdt.exe (file missing)
jspatriots is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-02-2006, 06:05 PM   #6 (permalink)
Mentor, Analyst - Security Team
 
Deckard's Avatar
 
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows


Acutally; disregard what I just wrote; I just realized that cent.dll is not in the system32 directory.

Download VundoFix
Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Right Click inside the listbox (white box) and click add more files
  • Copy&Paste the 2 entries below into the top 2 boxes

    C:\WINDOWS\system\cent.dll
    C:\WINDOWS\system\tnec.*
  • Click Add Files and click Close Window.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES.
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • It will produce a log of it's actions at C:\vundofix.txt.

Post that log with a new HijackThis log after it finishes. After we get rid of Vundo, we'll work at cleaning up what's left.
__________________
The chance to begin again in a golden land of opportunity and adventure.

Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all.


UNITE/ASAP: Proud member since 2006
Last edited by Deckard; 12-02-2006 at 06:10 PM.
Deckard is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-02-2006, 06:42 PM   #7 (permalink)
Registered User
 
Join Date: Nov 2006
Posts: 17
OS: xp home sp2, xp pro


hjt

Logfile of HijackThis v1.99.1
Scan saved at 8:41:41 PM, on 12/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Pop Up Stopper and Ad Killer\pusak.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\DownloadManager\MPTray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DownloadManager\DownloadManager.exe
C:\PROGRA~1\P2PNET~1\P2PNET~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\deckard.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0FBDCCB8-7D6E-4F8D-BDE7-6D7B16B9C2D8} - C:\WINDOWS\system\cent.dll (file missing)
O2 - BHO: Local Spool support DLL - {20C9D850-244D-10E1-B3C1-20805E499D95} - C:\WINDOWS\system32\winspl32.dll (file missing)
O2 - BHO: Local Spool support DLL - {20C9D850-244D-11E1-B3C9-10805E499D95} - C:\WINDOWS\system32\loclspl.dll (file missing)
O2 - BHO: (no name) - {22999298-DA98-48CB-99A9-A8B30111ACAc} - C:\WINDOWS\system32\srujlntx.dll (file missing)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\edbfbtyr.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\Program Files\Pop Up Stopper and Ad Killer\pusak.exe" -minimized
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [DaemonTools_WhenUSaveNow_Installer] C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DownloadManager] "C:\Program Files\DownloadManager\MPTray.exe"
O4 - HKCU\..\Run: [SysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /scan
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: PlanetLuck.com - {6F477182-DE4F-4326-ACE3-3110A676771B} - C:\Program Files\Planetluck Casino\bin\IEExtension_PL.dll
O9 - Extra 'Tools' menuitem: PlanetLuck.com - {6F477182-DE4F-4326-ACE3-3110A676771B} - C:\Program Files\Planetluck Casino\bin\IEExtension_PL.dll
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball...GameLoader.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0036.exe
O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} - http://www.clickedyclick.com/Downloa...sloader_v3.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/pl...IM.9.5.1.8.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: distributed.net client (dnetc) - Unknown owner - C:\WINDOWS\system32\iosdt\iosdt.exe (file missing)

vundofix log

VundoFix V6.2.13

Checking Java version...

Java version is 1.4.2.3

Java version is 1.5.0.3

Scan started at 8:28:23 PM 12/2/2006

Listing files found while scanning....

C:\WINDOWS\SYSTEM\cent.dll
C:\WINDOWS\SYSTEM\tnec.ini
C:\WINDOWS\SYSTEM\tnec.bak1
C:\WINDOWS\SYSTEM\tnec.bak2
C:\WINDOWS\SYSTEM\tnec.ini2
C:\WINDOWS\SYSTEM\tnec.tmp
C:\WINDOWS\SYSTEM32\njfnqpsn.dll
C:\WINDOWS\SYSTEM32\tqvghulx.dll
C:\WINDOWS\SYSTEM32\xonnrawi.dll
C:\WINDOWS\SYSTEM32\aflmxlwa.exe
C:\WINDOWS\SYSTEM32\bnnthuql.exe
C:\WINDOWS\SYSTEM32\dyrpdgjl.exe
C:\WINDOWS\SYSTEM32\inlaphsk.exe
C:\WINDOWS\SYSTEM32\ixsxuhts.exe
C:\WINDOWS\SYSTEM32\jnfbrwug.exe
C:\WINDOWS\SYSTEM32\jvqlqgha.exe
C:\WINDOWS\SYSTEM32\krmxpuep.exe
C:\WINDOWS\SYSTEM32\lsntcfdg.exe
C:\WINDOWS\SYSTEM32\oiiwrbjs.exe
C:\WINDOWS\SYSTEM32\omextqov.exe
C:\WINDOWS\SYSTEM32\qdrscndb.exe
C:\WINDOWS\SYSTEM32\qufguvtp.exe
C:\WINDOWS\SYSTEM32\uubmpaxq.exe
C:\WINDOWS\SYSTEM32\xsybdael.exe
C:\WINDOWS\system\cent.dll
C:\WINDOWS\SYSTEM\tnec.ini
C:\WINDOWS\SYSTEM\tnec.bak1
C:\WINDOWS\SYSTEM\tnec.bak2
C:\WINDOWS\SYSTEM\tnec.ini2
C:\WINDOWS\SYSTEM\tnec.tmp
C:\WINDOWS\system\tnec.ini
C:\WINDOWS\system\tnec.bak1
C:\WINDOWS\system\tnec.bak2
C:\WINDOWS\system\tnec.ini2
C:\WINDOWS\system\tnec.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\SYSTEM\cent.dll
C:\WINDOWS\SYSTEM\cent.dll Could not be deleted.

Attempting to delete C:\WINDOWS\SYSTEM\tnec.ini
C:\WINDOWS\SYSTEM\tnec.ini Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM\tnec.bak1
C:\WINDOWS\SYSTEM\tnec.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM\tnec.bak2
C:\WINDOWS\SYSTEM\tnec.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM\tnec.ini2
C:\WINDOWS\SYSTEM\tnec.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM\tnec.tmp
C:\WINDOWS\SYSTEM\tnec.tmp Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\njfnqpsn.dll
C:\WINDOWS\SYSTEM32\njfnqpsn.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\tqvghulx.dll
C:\WINDOWS\SYSTEM32\tqvghulx.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\xonnrawi.dll
C:\WINDOWS\SYSTEM32\xonnrawi.dll Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\aflmxlwa.exe
C:\WINDOWS\SYSTEM32\aflmxlwa.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\bnnthuql.exe
C:\WINDOWS\SYSTEM32\bnnthuql.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\dyrpdgjl.exe
C:\WINDOWS\SYSTEM32\dyrpdgjl.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\inlaphsk.exe
C:\WINDOWS\SYSTEM32\inlaphsk.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\ixsxuhts.exe
C:\WINDOWS\SYSTEM32\ixsxuhts.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jnfbrwug.exe
C:\WINDOWS\SYSTEM32\jnfbrwug.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\jvqlqgha.exe
C:\WINDOWS\SYSTEM32\jvqlqgha.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\krmxpuep.exe
C:\WINDOWS\SYSTEM32\krmxpuep.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\lsntcfdg.exe
C:\WINDOWS\SYSTEM32\lsntcfdg.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\oiiwrbjs.exe
C:\WINDOWS\SYSTEM32\oiiwrbjs.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\omextqov.exe
C:\WINDOWS\SYSTEM32\omextqov.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qdrscndb.exe
C:\WINDOWS\SYSTEM32\qdrscndb.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\qufguvtp.exe
C:\WINDOWS\SYSTEM32\qufguvtp.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\uubmpaxq.exe
C:\WINDOWS\SYSTEM32\uubmpaxq.exe Has been deleted!

Attempting to delete C:\WINDOWS\SYSTEM32\xsybdael.exe
C:\WINDOWS\SYSTEM32\xsybdael.exe Has been deleted!

Attempting to delete C:\WINDOWS\system\cent.dll
C:\WINDOWS\system\cent.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system\cent.dll
C:\WINDOWS\system\cent.dll Has been deleted!

Performing Repairs to the registry.
Done!
jspatriots is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-02-2006, 08:12 PM   #8 (permalink)
Mentor, Analyst - Security Team
 
Deckard's Avatar
 
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows


Nailed it. Now let's scan and get everything else cleaned up.

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. If there is anything you don't understand, please ask BEFORE proceeding with the fixes. Please do these steps in order and do not skip any.

Unhide Files
Go to My Computer > Tools > Folder Options > View tab and select "Show hidden files and folders". Uncheck the "Hide protected operating system files (Recommended)" option. Also make sure there is no checkmark beside "Hide file extensions for known file types". Click OK.

Download CleanUp!
Download and install CleanUp! but do not run it yet.

WARNING: CleanUp! deletes EVERYTHING out of temporary folders and does not make backups. If you have any documents or programs that are saved in any temporary folders, please make a backup of these before running CleanUp!

WARNING: Do not run cleanup under Windows XP x64 Edition. If you're not sure if you have the 64-bit version of Windows then you probably do not; however, you can check by using IE to download the whichcpu tool and then running it.


Download AVG Anti-Spyware
Please download, install, and update AVG Anti-Spyware.
  1. Load AVG Anti-Spyware and then click the Shield tab at the top
    • Click on the word active to change it to inactive.
  2. Click the Update tab at the top:
    • Under Manual update, click Start update. After the update finishes, the status bar at the bottom will display "Update successful". If you are having trouble updating, you can also download and run the manual updater.
    • Under Automatic update, change the Update interval to something more reasonable like 12 or 24 hours.
  3. Click the Scanner tab at the top and then the Settings sub-tab:
    • Under How to act?, click Recommended actions and select Quarantine.
    • Under Reports, select Automatically generate report after every scan
  4. Close AVG Anti-Spyware. Do not run a scan with it yet.

Disable Service
Click Start>Run - type SERVICES.MSC and then click on the OK button.
  1. Locate the service - distributed.net client
  2. Stop the service by using the Stop button.
  3. Change the Startup Type to Disabled and click the OK button.
  4. Start HiJackThis and go to Config... -> Misc.Tools -> Delete an NT service.
  5. In the popup box that appears, type in dnetc.
  6. Click the OK button and answer No if prompted to reboot.

Uninstall
Click Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist):
P2PNetworking
PartyGaming
VSAdd-in
VSToolbar
WeatherBug
Please let me know if any of these were unable to uninstall.


Reboot
Reboot your system to Safe Mode by repeatedly tapping the F8 key until the menu appears and choosing Safe Mode from the list. On some systems, this may be the F5 key so try that if F8 doesn't work. Login on with your usual account. Make sure to close any open windows.


HijackThis Fixes
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any):
O2 - BHO: (no name) - {0FBDCCB8-7D6E-4F8D-BDE7-6D7B16B9C2D8} - C:\WINDOWS\system\cent.dll (file missing)
O2 - BHO: Local Spool support DLL - {20C9D850-244D-10E1-B3C1-20805E499D95} - C:\WINDOWS\system32\winspl32.dll (file missing)
O2 - BHO: Local Spool support DLL - {20C9D850-244D-11E1-B3C9-10805E499D95} - C:\WINDOWS\system32\loclspl.dll (file missing)
O2 - BHO: (no name) - {22999298-DA98-48CB-99A9-A8B30111ACAc} - C:\WINDOWS\system32\srujlntx.dll (file missing)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\edbfbtyr.dll (file missing)
O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [DaemonTools_WhenUSaveNow_Installer] C:\Program Files\DaemonTools_WhenUSaveNow_Installer\DaemonTools_WhenUSaveNow_Installer.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O15 - Trusted Zone: http://locator.cdn.imageservr.com
O15 - Trusted Zone: http://locator1.cdn.imagesrvr.com
O15 - Trusted Zone: http://scanner.sysprotect.com
O15 - Trusted Zone: http://*.systemdoctor.com
O15 - Trusted Zone: http://www.winantivirus.com
O15 - Trusted Zone: http://www.winantiviruspro.com
O15 - Trusted Zone: http://download.cdn.winsoftware.com
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/supergerball...GameLoader.dll
Please remember to close all other windows, including browsers then click Fix checked. Close HijackThis.


Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
C:\Program Files\AWS
C:\Program Files\DaemonTools_WhenUSaveNow_Installer
C:\Program Files\PartyGaming
C:\Program Files\VSAdd-in
C:\Program Files\VSToolbar
C:\WINDOWS\system32\iosdt
C:\WINDOWS\system32\asudajla.exe
C:\WINDOWS\system32\ccrftkou.exe
C:\WINDOWS\system32\eymwpohc.dll
C:\WINDOWS\system32\fxdhuiqd.dll
C:\WINDOWS\system32\iphyesad.dll
C:\WINDOWS\system32\itpdxfdh.dll
C:\WINDOWS\system32\jkqogcof.dll
C:\WINDOWS\system32\nwprovau.dll
C:\WINDOWS\system32\vvvstlpg.dll
C:\WINDOWS\system32\wjsxkbrx.exe

Run CleanUp!
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
  • Click "Options..."
  • Move the arrow down to "Custom CleanUp!"
  • Put a check next to the following:
    • Empty Recycle Bins
    • Delete Cookies
    • Delete Prefetch files
    • Cleanup! All Users
    • Click on the "Temporary Files" and make sure the box for "Scan drives for file matching" is unchecked.
    Click OK.
  • Press the CleanUp! button to start the program.
Once it's finished CleanUp! will ask you to logoff/reboot. Please select NO as we will do this later.


Run AVG Anti-Spyware
  • Run AVG Anti-Spyware and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action.
  • If Set all elements to is not set to Quarantine (1), please click Recommended Action and choose Quarantine from the popup menu (2).
  • At the bottom of the window, click on the Apply all actions button (3).
  • When it has finished, click the Save Scan Report button (4), then click Save Report As and save the report it to your desktop.
  • Close AVG Anti-Spyware.

Reboot
Reboot your system to Normal Mode.


Online Scan
Perform an online scan using Internet Explorer with Kaspersky WebScanner. Click on Launch Kaspersky Anti-Virus Web Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded, click on NEXT.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database: extended
    • Scan Options: Scan Archives and Scan Mail Bases
  • Click OK
  • Turn off the real time scanner of any existing antivirus program before performing the online scan. You can turn it back on after the scan is done.
  • Now under select a target to scan, select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run all the way.
  • Once the scan is complete it will display if your system has been infected.
  • Click on the Save as Text button and save the file to your desktop.
  • Copy and paste that information in your next post.
Take note the names and locations of any file it detects but fails to clean.


Download Autoruns
  • Please download Autoruns and AutoCmd.
  • Extract the contents of Autoruns into a new folder.
  • Now extract the contents of AutoCmd into the same folder as Autoruns. This is important!
  • Double-click on AutoCmd.cmd & select option '1'
  • It will produce a log called autoruns_X_Y.txt (where X and Y are the date and time respectively). Please attach the log in your next reply.

Generate An Uninstall List
  • Open HijackThis.
  • Click on the "Configure" button on the bottom right.
  • Click on the tab "Misc Tools".
  • Click on the Box that says "Open Uninstall Manager".
  • Click on the button "Save list"
Please save a copy and paste the contents with your next reply.


With Your Next Post...
Please paste the following with your next reply (in this order please):
  1. AVG Anti-Spyware scan report,
  2. Kaspersky scan report,
  3. your Autoruns log,
  4. your uninstall list, and
  5. a new HiJackThis log taken after Kaspersky finishes.
Also let me know how your system is behaving now.
__________________
The chance to begin again in a golden land of opportunity and adventure.

Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all.


UNITE/ASAP: Proud member since 2006
Deckard is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-05-2006, 06:10 PM   #9 (permalink)
Registered User
 
Join Date: Nov 2006
Posts: 17
OS: xp home sp2, xp pro


Im sorry for the delayed response. I was not available to complete all tasks until now

AVG
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:54:59 PM 12/5/2006

+ Scan result:



HKU\S-1-5-21-2556060949-1402434469-386703592-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EA0D26BD-9029-431A-86E0-83152D67828A} -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\Installer -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\options -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\upgrades -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\blackjack -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\blackjackdll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\boardbabe -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\caribbeanpoker -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\client -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\coolbananas -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\flamingo -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\funkychicken -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\games -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\goannagold -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\goldeneagle -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\goldengopher -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\highlimitblackjack -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\hotroller -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\junglerumble -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\kangacash -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\kenodll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\kookakeno -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\letitride -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\magicmanslot -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\megaeuropeanroulette -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\metropolis -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\multiplayerblackjack -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\multiplayerblackjackdll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\nextgenvpdll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\piggypayback -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\pokerdll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\predatorslot -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\roulettedll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\safecrackerkeno -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\silvercity -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\slotsdll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\threecardpoker -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\tod -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\upgrader -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\vegasclub -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\videopokerdll -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\vpokerdw -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\vpokerjob -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\casino\version\vpokerjp -> Adware.AceClubCasino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\iGlobalMedia\planetluckcasino\server -> Adware.AceClubCasino : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP641\A0145734.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq83.tmp -> Adware.Apropos : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146207.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP647\A0145829.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP647\A0145831.dll -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-21-2556060949-1402434469-386703592-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{20C9D850-244D-10E1-B3C1-20805E499D95} -> Adware.ContextuAd : Cleaned with backup (quarantined).
HKU\S-1-5-21-2556060949-1402434469-386703592-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{20C9D850-244D-11E1-B3C9-10805E499D95} -> Adware.ContextuAd : Cleaned with backup (quarantined).
C:\Documents and Settings\Mom\Application Data\tlii.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Program Files\WhenUSearch -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Program Files\WhenUSearch\search.dll -> Adware.SaveNow : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP648\A0145952.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP648\A0145954.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP648\A0145955.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP648\A0145956.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP648\A0145959.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP648\A0145962.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP648\A0145963.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146093.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\VundoFix Backups\dyrpdgjl.exe.bad -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\VundoFix Backups\ixsxuhts.exe.bad -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\VundoFix Backups\jnfbrwug.exe.bad -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\VundoFix Backups\jvqlqgha.exe.bad -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\VundoFix Backups\oiiwrbjs.exe.bad -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\VundoFix Backups\qufguvtp.exe.bad -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\VundoFix Backups\uubmpaxq.exe.bad -> Adware.Searchcolor : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP641\A0145736.dll -> Adware.Searchcolours : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\{4F5E5D72-C915-4f3b-908B-527D064B0FAA} -> Adware.SysProtect : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TypeLib\{7EACF70B-302F-4049-AC68-2D62EB43E473} -> Adware.SysProtect : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP640\A0145663.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\sphracak.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
HKU\S-1-5-21-2556060949-1402434469-386703592-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC148228-87E1-4D00-AC06-58DCAA52A4D1} -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38.tmp -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A.tmp -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP641\A0145735.exe -> Adware.WeirWeb : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2556060949-1402434469-386703592-500\Dc3\PrevAdKeep.exe -> Adware.WinAD : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2556060949-1402434469-386703592-500\Dc7\WinStatComm.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP641\A0145737.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP648\A0145880.exe -> Backdoor.Rbot.rc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP648\A0145881.exe -> Backdoor.Rbot.rc : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\awtqn.dll -> Downloader.Agent.yf : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq80.tmp -> Downloader.Apropo.s : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA.tmp -> Downloader.Dyfuca.ei : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB.tmp -> Downloader.IstBar.ku : Cleaned with backup (quarantined).
C:\hjt\backups\backup-20061203-115627-972.dll -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\sysdebug32.exe -> Hijacker.VB.dn : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\abdwbull.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\adtdllrc.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\agwglqbs.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ahjlvkkx.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\aiywupsq.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\alswifsu.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\asogxsln.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\auerkbab.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\axlvrxyn.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\bfcclaig.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\bkdbcqkn.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\bmeygwch.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\bqhvpsgc.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\cannwiah.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\cdbyxjkl.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\cfgvleoe.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\cfweviht.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\clmxxcay.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\cpxguacl.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\cqfybqeh.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\crobinkq.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\cthhpjso.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\cwldvybe.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\devvhdbv.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dfcenovf.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dmdlkxsy.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dmivfdxl.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dqxmgunf.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dtmyumvx.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\eiuiguim.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ejeicsgh.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\epgqjiqm.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\eqpfmhwd.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\eucidryj.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\fbpycsto.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\fbwfjcas.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\fkkmppoy.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\fmysxcue.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\fndmehbx.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\fqtycdhk.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\froxanra.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\fsdngois.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\fvpfwuka.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\gafwnovq.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\gbkmkcys.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\gtqnbcgp.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\gwhsyeeb.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\gwrwmhkp.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\hteajqsj.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\hyeerlcp.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\iausvmji.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\iexopccm.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\iolncaxx.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ixkltset.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\japnutgg.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\jlfhsmgi.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\jrsngaww.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\jtcdudwc.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\kbbhgfya.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\kchxxcpr.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\kfsodinv.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\klboogkt.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\kljhwusm.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\kugowcou.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\kuvrqxgk.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\kvoxldil.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\kwsdbgus.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\kyemstcj.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\lakxmhpl.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\lecipoml.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\lpiodfon.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mekkvikh.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mitjglnm.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mkgmvskx.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\movkvtgg.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mrmuereo.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mswqvovv.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\mvcqhgus.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\nipwageo.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\nnmlbmxe.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\npktirnj.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\nrkwxmbt.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\nujxtldy.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\nxctbhxp.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\nxcwkgej.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\nxkjasgc.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\nxlrbgsh.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ogixwcjv.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\olxiqhui.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\olxswmkx.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\omnltkpq.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\omybytdf.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\oxcgjqik.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\pdlarwoa.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\pkiyuyws.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\pnmfdwkf.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\pqehhvkf.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\qawpvbls.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\qkvgbtxv.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\qsyukbcc.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\qyrejfcd.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\rewudruv.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\rmpmglcf.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\roqrgkmb.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\rqakretw.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\rtmckpgy.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\scaqjmna.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\sgqxyvnj.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\skhsyheq.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\smsgrvbe.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\sqndneco.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\squobbjx.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\svvfuhmt.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\swkrheqs.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\swslcyle.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\swtorelf.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\sxskljer.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\syoncwfv.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\tgoxtxdl.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\tpnrfeuf.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\tqbhrstx.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\trnxiiek.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\tyrpikab.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\udvhlpdg.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\umjyphtn.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\unvvcufv.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\utkktboi.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\uvkshmji.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\uwtemntx.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\uwuikcno.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\vayinkvn.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\vdimpssv.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\vedertlx.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\v****mks.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\vgrxkhqf.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\vkeaaveg.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\vofsclsr.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\vrnsjwgr.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\wiihjpua.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\wiuqclcb.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\wlobprgm.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\wmvtadwx.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\wmxisiio.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\wnfvrwkd.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\wrtsgxgb.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\wsutvpat.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\wtapjkha.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\xaxcauyn.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\xjpyvkiw.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\xkpharea.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\xmiudkpk.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\xmqirwln.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\xphcvhqf.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\xttqwcpx.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ydfffaax.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ydwrsfkh.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\yebtdvcb.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ygouhnay.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\yjwfokre.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ymkowwwy.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\yvixtyiy.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\yywxsdsu.dll -> Logger.Agent.kg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP648\A0145950.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP648\A0145953.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP648\A0145957.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP648\A0145958.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP648\A0145961.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP648\A0145964.exe -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\VundoFix Backups\aflmxlwa.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\VundoFix Backups\inlaphsk.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\VundoFix Backups\krmxpuep.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\VundoFix Backups\lsntcfdg.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\VundoFix Backups\qdrscndb.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\VundoFix Backups\xsybdael.exe.bad -> Not-A-Virus.Downloader.Win32.WinFixer.i : Cleaned with backup (quarantined).
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq39.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq53.tmp -> TrackingCookie.2o7 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9E.tmp -> TrackingCookie.Adserver : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq58.tmp -> TrackingCookie.Adtech : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq82.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA1.tmp -> TrackingCookie.Advertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA0.tmp -> TrackingCookie.Atdmt : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5B.tmp -> TrackingCookie.Bluestreak : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5E.tmp -> TrackingCookie.Burstnet : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq60.tmp -> TrackingCookie.Casalemedia : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq62.tmp -> TrackingCookie.Centrport : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A.tmp -> TrackingCookie.Com : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq75.tmp -> TrackingCookie.Com : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq59.tmp -> TrackingCookie.Counted : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp -> TrackingCookie.Directnetadvertising : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4B.tmp -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA2.tmp -> TrackingCookie.Doubleclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq89.tmp -> TrackingCookie.Falkag : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8A.tmp -> TrackingCookie.Findwhat : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA3.tmp -> TrackingCookie.Linksynergy : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA4.tmp -> TrackingCookie.Mediaplex : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8F.tmp -> TrackingCookie.Paycounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA5.tmp -> TrackingCookie.Paycounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq92.tmp -> TrackingCookie.Qksrv : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq93.tmp -> TrackingCookie.Questionmarket : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq95.tmp -> TrackingCookie.Revenue : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq88.tmp -> TrackingCookie.Ru4 : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq96.tmp -> TrackingCookie.Serving-sys : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA6.tmp -> TrackingCookie.Sexlist : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA7.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA8.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA9.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAA.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAB.tmp -> TrackingCookie.Sextracker : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq97.tmp -> TrackingCookie.Spylog : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq98.tmp -> TrackingCookie.Statcounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq99.tmp -> TrackingCookie.Trafficmp : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9A.tmp -> TrackingCookie.Tribalfusion : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9C.tmp -> TrackingCookie.Valueclick : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqAC.tmp -> TrackingCookie.Xxxcounter : Cleaned.
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9F.tmp -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP648\A0145899.sys -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\aafavswl.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\akugpsji.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dkunwdyh.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\dqsrbjed.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\elbffjie.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\matxynvj.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\nudileet.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ppskmxew.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\pvurapgr.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\wfxtjcpe.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\xtcaqmbw.exe -> Trojan.Agent.ny : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP641\A0145739.dll -> Trojan.Agent.qg : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP648\A0145947.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP648\A0145948.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146092.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\VundoFix Backups\njfnqpsn.dll.bad -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\VundoFix Backups\tqvghulx.dll.bad -> Trojan.BHO.g : Cleaned with backup (quarantined).
C:\Uploads\Galleria v1.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gallery Effects v1.52.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gallery Maker Pro 1.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gallery Maker Pro 1.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GalleryNow 2.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GalleryWizard 1.0 by PC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GalleryWizard 1.0 by Section8.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GalleryWizard 1.1 by AmoK.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GalleryWizard 1.1 by Karhu8.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gallinator v1.0.2.1 by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Galt Pictures 2.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Galt SafeKeeper Backup v1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamazura Super Reax v1.0 ARM XScale WM2003 Regged by RCAPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gambit MIMIC Virtual Lab CCNA 1.1 DateCode 20050208 by RBS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gambitron v1.00 Cracked READ NFO by DVT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Game Arena 1.9.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Game Arena 1.92.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Game Jack 3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Game Jack 4.00.590.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Game Maker (Mark Overmars) all v5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Game Maker 5.1, 5.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Game Maker 5.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Game Maker 5.3a.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Game Maker 6.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Game Master 7.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Game Optimizer 1.02.203.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Game Runner +v2.2a from QuarterDeck.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Game Show Wizard 1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Game jack 3.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Game maker 6.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost 1.1.31.2005.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost 1.2.21.2005.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost 1.3.21.2005.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost 1.4.4.2005.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost 1.6.6.2005.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost v1.1.17.2005 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost v1.1.31.2005 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost v1.10.25.2004 and Patch by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost v1.10.25.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost v1.10.4.2004 And Patch by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost v1.10.4.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost v1.11.1.2004 and Patch WORKING by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost v1.11.1.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost v1.11.15.2004 and Patch by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost v1.11.15.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost v1.12.13.2004 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost v1.12.27.2004 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost v1.2.21.2005 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost v1.3.21.2005 and Patch by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost v1.4.4.2005 and Patch by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost v1.5.16.2005 And Patch by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost v1.6.20.2005 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost v1.6.6.2005 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost v1.8.16.2004 and Patch by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost v1.8.16.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost v1.8.30.2004 and Patch by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost v1.8.30.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost v1.9.20.2004 And Patch by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameBoost v1.9.20.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameCam 1.2.0.15-Lz0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameCam 1.2.0.15.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameCheater 1.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameExecutor 2.06.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameExecutor 2.07.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameExecutor 2.08.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameFetch v0.2.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain 2.1.17.2005.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain 2.1.31.2005.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain 2.11.7.2005.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain 2.12.27.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain 2.2.21.2005.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain 2.4.4.2005.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain 2.5.16.2005.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain 2.6.6.2005.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain 2.9.20.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v1.10.14.2003.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v1.10.18.2003.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v1.10.27.2003.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v1.11.10.2003.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v1.11.24.2003.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v1.12.21.2003 Cracked by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v1.12.8.2003.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v1.7.21.2003.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v1.8.17.2003.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v1.8.4.2003.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v1.9.22.2003.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v1.9.8.2003.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.1.17.2005 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.1.31.2005 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.10.25.2004 and Patch by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.10.25.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.10.4.2004 And Patch by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.10.4.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.11.15.2004 and Patch by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.11.15.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.12.13.2004 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.12.27.2004 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.2.10.2004 by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.2.2.2004 and Patch by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.2.2.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.2.21.2005 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.2.25.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.3.11.2004 And Patch by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.3.11.2004 and Patch by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.3.21.2005 and Patch by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.3.25.2004 And Patch by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.4.19 by PH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.4.19.2004 and Patch by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.4.4.2005 and Patch by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.4.5.2004 And Patch by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.4.5.2004 Cracked by NGEN.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.5.10.2004 And Patch by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.5.10.2004 Cracked by NGEN.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.5.10.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.5.16.2005 And Patch by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.5.31.2004 And Patch by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.5.31.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.6.20.2005 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.6.6.2005 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.7.19.2004 and Patch by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.7.19.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.7.5.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.8.16.2004 and Patch by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.8.16.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.8.2.2004 and Patch by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.8.2.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.8.30.2004 and Patch WORKING by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.8.30.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.9.20.2004 And Patch by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.9.20.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameGain v2.x.x.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHack 1.0a.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHack v2.0 by DBC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHack v2.0 by PC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHike 1.11.7.2005.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHike 1.6.6.2005.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHike 2.1.17.2005.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHike 2.1.31.2005.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHike 2.12.27.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHike 2.2.21.2005.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHike v 1.11.29.2004 Regged by EXPLOSiON.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHike v 1.11.29.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHike v1.11.29.2004 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHike v1.11.29.2004 And Serv Auth.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHike v1.11.29.2004.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHike v1.3.21.2005 and Patch by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHike v1.4.25.2005 Cracked by CPHV.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHike v1.4.4.2005 and Patch by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHike v1.5.23.2005 And Serv Auth Patch-EMBRACE ZI.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHike v1.5.9.2005 Cracked by BRD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHike v1.5.9.2005 Working Cracked by CPHV.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHike v1.6.20.2005 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHike v1.6.6.2005 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHike v2.1.17.2005 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHike v2.1.31.2005 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHike v2.12.13.2004 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHike v2.12.27.2004 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHike v2.2.21.2005 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Ancient Tripeaks by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Ancient Tripeaks by Great Elmo.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Ancient Tripeaks v1.0 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Ancient Tripeaks v1.0 And Serv Auth.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Ancient Tripeaks v1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Bounce Out Blitz.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Candy Cruncher v1.52.00.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Chainz v1.1.2.75 GH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Collapse Crunch.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Combo Chaos.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Feeding Frenzy v1.4 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Feeding Frenzy v2.9.16.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Feeding Frenzy.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Fiber Twig v1.01 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Fiber Twig v1.01 And Serv Auth.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Flip Words v1.0 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Flip Words v1.0 And Serv Auth.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Gutterball 2 v2.0.a.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Gutterball 2 v2.0a And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Gutterball 2 v2.0a And Serv Auth.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Hello v1.15 by Great Elmo.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Incadia v1.03.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Insaniquarium Deluxe v1.0.0.1 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Insaniquarium Deluxe v1.0.0.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Insaniquarium Deluxe v1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Inspector Parker v1.02 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Inspector Parker v1.02 And Serv Auth.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Inspector Parker v1.02 by Great Elmo.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Inspector Parker v1.02.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Jewel Quest v1.206 by Great Elmo.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Jewel Quest v1.206.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Mad Caps v1.0.2.17 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Mad Caps v1.0.2.17 And Serv Auth.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Mad Caps v1.0.2.17 GH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Mad Caps v1.0.2.17.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Magic Inlay by Great Elmo.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Platypus v1.13b.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Platypus v1.13c And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Platypus v1.13c And Serv Auth.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Puzzle Express v1.0 GAH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Puzzle Inlay Deluxe v1.0 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Puzzle Inlay Deluxe v1.0 And Serv Auth.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Puzzle Inlay by Great Elmo.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Puzzle Inlay v1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Ricochet Lost Worlds v1.0 build 19-GH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Scrabble v1.0.48 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Scrabble v1.0.48 And Serv Auth.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Scrabble v1.0.48.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Shape Shifter.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse SpongeBob Collapse v1.10 by DELiGHT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse SpongeBob Collapse v1.10-DELiGHT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse SpongeBob SquarePants Collapse v1.0 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Super Bounce Out v2 30 Plus 3 Trainer by SEiZE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Super Bounce Out v2 30 Plus 3 Trainer-SEiZE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Super Collapse II v1.21.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Super Collapse II.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Super Gemdrop v1.1.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Super Jigsaw Flowers v1.2.3.2 Regged-F4CG.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Super Jigsaw Flowers v1.2.3.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Super Jigsaw Puzzle Medley 2.v1.3 Keygen.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Super Mah Jong Solitaire v2 05 Trainer by SEiZE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Super Mah Jong Solitaire v2 05 Trainer-SEiZE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Super Solitaire Volume 3 v1.3.015 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Super SpongeBob Collapse.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Super TextTwist.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Tennis Titans v1.0i Cracked-F4CG.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Turtle Bay v1.03 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Turtle Bay v1.03 And Serv Auth.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Turtle Bay v1.03.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Turtle Bay.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Ultimate Dominoes by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Ultimate Dominoes by Great Elmo.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Varmintz Deluxe by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Varmintz Deluxe by Great Elmo.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Varmintz v1.0 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Varmintz v1.0 And Serv Auth.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Word Collection v1.00.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Zuma Deluxe v1.0.0.1 Crack by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Zuma Deluxe v1.0.0.1 Trainer by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Zuma Deluxe v1.0.0.1 by Embrace.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Zuma Deluxe v1.001 And Serv Auth Patch by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameHouse Zuma Deluxe v1.001 And Serv Auth.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameIDE 2.4.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack 4 v4.00.590.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack 4.0.572.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack 4.00.506.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack 4.00.570.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack 4.00.572.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack 5.0.3.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack 5.0.3.6.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack 5.0.4.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack 5.0.4.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack v1.0 by Billy the Kid.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack v1.0 by Inferno.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack v1.0.0.0 German.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack v1.01.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack v2.00.136 Beta German.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack v4.0.506.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack v4.0.590 by CORE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack v4.0.590.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack v4.00.351.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack v4.00.401 by LasH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack v4.00.506 by F4cg.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack v4.00.506 by MeTaL CrK.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack v4.00.543.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack v4.00.570 Cracked-F4CG.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack v5.0.3.1 by AGAiN.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack v5.0.3.3 Win2kXP Multilanguage by TBE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack v5.0.3.3 by AGAiN.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack4 v4.00.590.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameJack4 v4.00590.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameLaunch 3D 1.51.0668.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameLaunch 3D 1.7.0101.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameMaker 5.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameMaker 5.3a.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameMaker v5.3 Incl Keygen-PARADOX.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameMaker v5.3 by PARADOX.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameMaker v5.3a by PARADOX.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameMaker v5.3a.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GamePort v3.0 Crack by TSRH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GamePort v3.0 Keygen by TSRH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GamePort v3.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GamePort4.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameShock v1.2 by LasH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\GameShock v1.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamegain 1.10.8.2003 cracked by rev.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamegain 2.2.10.2004 cracked by rev.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamegain 2.3.14.2005 by rev.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamegain 2.7.19.2004 read nfo by tsrh.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamegain 2.7.19.2004 read nfo.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamegain-2.2.17.2004 cracked exe+serial.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamegain-2.2.25.2004 cracked exe+serial.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Adventure Inlay Safari Edition 1.1.0.26.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Aloha Solitaire 1.0.1.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Aloha TriPeaks 1.0.1.4.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Bejeweled 2 Deluxe 1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Big Kahuna Reef 1.2.23.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Boggle Supreme 1.0.0.0 CRK by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Boggle Supreme 1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Bounce Out Blitz 1.0.3.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Casino Island To Go 1.0.4.9.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Chainz 1.1.2.75.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Chainz 2 Relinked 1.0.5.12.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Charm Solitaire 1.0.4.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Chicktionary 2.09.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Chuzzle Deluxe 1.0 CRK by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Chuzzle Deluxe 1.0.0.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Collapse Crunch 1.3.4.19.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Crystal Path 1.16.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Cubis Gold 2 1.03.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Digbys Donuts 3.1.0.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Feeding Frenzy 2.9.16.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Fresco Wizard 1.0.9.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Gearz 1.0.2.12.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Hello v1.15.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Holiday Express 1.3gah.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Iggle Pop 4.12.7.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Incadia 1.03.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Incredible Ink 1.0.0.45.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Jewel Quest 1.215.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Magic Ball 2 New Worlds 1.1.4.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Magic Inlay.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Mahjong Garden To Go 1.3GH CRK by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Mahjong Garden To Go.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Maui Wowee 1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Poker Superstars Invitional Tournament 1.1.0.19 CRK by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Puzzle Inlay.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Super Candy Cruncher.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Super Jigsaw Butterflies 1.2.3.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Super Jigsaw Flowers 1.2.3.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Tennis Titan 1.0k CRK by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse The Walls of Jericho 1.001.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Tradewinds 2 1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Tumblebugs CRK by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Twistingo 1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Ultimate Dominoes.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse Word Jong To Go.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
jspatriots is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-05-2006, 06:11 PM   #10 (permalink)
Registered User
 
Join Date: Nov 2006
Posts: 17
OS: xp home sp2, xp pro


continued
C:\Uploads\Gamehouse feeding frenzy 2.4.2.1 crack by rev.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse hello! 1.1.5.0 crack by rev.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse magic inlay 1.0 crack by rev.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse scrabble.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse super collapse ii cracked exe by rev.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse super glinx! 1.01 cracked exe by rev.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse super mah jong 2.06 cracked exe by rev.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamehouse super spongebob collapse! 1.10 crack by rev.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamejack 2.00.203.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamejack 2.00.208.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamejack 4.00.590.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamejack 4.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamejack V3.01.005 Regkey.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamejack v3.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gameloft Rayman v2.0 PalmOS Cracked by CSCPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gameloft Siberian Strike v1.2 PalmOS Cracked by CSCPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamemaker 5.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Gamemaker 6.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Games05.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\H!dden 7.1 crack by rev.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\H!dden 7.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\H2Omarker 1.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\H3D 1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HAEGEMONIA THE SOLON HERITAGE by DEViANCE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HAM Label Professionell 3.5.4.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HAM Office 3.4.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HAM Office 3.4.5b.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HAM Office v3.3.2 German.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HAM Office v3.4.3 German by ViRiLiTY.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HAM Office v3.4.5 German by ViRiLiTY.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HAM Office v3.4.5b German by ViRiLiTY.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HAM Utilities 1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HAM Utilities 1.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HAM-LOG v2.33.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HAMPSON RUSSELL CE V6 R5 LINUX by CAX.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HAMPSON RUSSELL CE V6 R5 WIN32 by CAX.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Ha! CD Burner (+DVD) 5.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaBu 8.5.2w.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaBu.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaLWorks 2.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaLWorks 2.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hack all world.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hack v0.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hacker Proof 98 v1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hacker Proof 98 v1.12.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hacker Smacker 1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hacker Smacker v1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hacker v1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hacker v2.0 by FHCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hacker v2.0 by RH Factor.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hacker's Black Book.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HackerSmacker 1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hacking Tools v.2.12.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hackman 7.03.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hackman Disassembler 8.01.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hackman Disassembler v8.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hackman Disassembler v8.01.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hackman Disassembler v8.02 PRO Cracked-F4CG.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hackman Hex Editor 7.03.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hackman Hex Editor 8.02.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hackman Hex Editor Pro 7.05.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hackman Hex Editor v7.03.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hackman Hex Editor v7.04.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hackman Hex Editor v7.05.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hackman Hex Editor v8.02 PRO Regged-F4CG.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hackman v5.01 NEW.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hackman v5.01 by AAOCG.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hackman v5.01 by TMG.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hackman v5.01.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hackman v5.04.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hackman v6.01.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hackman v7.03.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Haegemonia Legions of Iron.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Haegemonia The Solon Heritage v2.01 Plus 2 Trainer-Lz0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Haegemonia The Solon Heritage.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hailstorm v3.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hairy Harry v1.0 ALL ACCESS CHEAT by PiZZA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hairy Harry v1.0 PLUS 4 TRAINER by PiZZA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HalWorks 2.3.1.4.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halcyon 6.05.01.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half Life 1 ALL.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half Life 1.00.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half Life 2 ALL ACCESS CHEATS by RVL.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half Life 2 ALL ACCESS CHEATS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half Life 2 ALL VERSIONS FIX by RVL.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half Life 2 EMPORiO FIX REPACK by ape.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half Life 2 OFFLINE ACTIVATION PATCH by oWNAGE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half Life 2 ONLINE PLAY METHOD by iND.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half Life 2 PLUS 14 TRAiNER by iND.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half Life 2 PROPER FIX by LOGiC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half Life 2 Plus 19 Trainer by AGES.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half Lifeuding Condition Zero CDKEY by ANON.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life - Counter-Strike.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life - Opposing Force No-CD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life - Opposing Force v1.1.0.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life - Opposing Force.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life All Version.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life Blue Shift Keygen.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life CD Key Changer v3.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life CD Keygen.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life CD-Key Utility.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life Counter Strike Keygen.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life Dedicated Server v4.1.1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life Keygen.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life Opposing Force Keygen.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life v1.0.1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life v1.0.1.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life v1.0.1.6 NEW.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life v1.0.1.6 No-CD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life v1.0.1.6.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life v1.1.0.0 NEW.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life v1.1.0.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life v1.1.0.6 Online Patch.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life v1.1.1.1 tjomi4.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life v1.1.1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life v1.107.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life v1.1101.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Half-Life.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HalfLife v1.0.0.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HalloSat 5.15.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HalloSat 5.30.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HalloSat 5.41.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HalloSat v5.14 GERMAN REGGED by LUCiD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HalloSat v5.14 GERMAN.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HalloSat v5.15 GERMAN REGGED by LUCiD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HalloSat v5.15 German by ViRiLiTY.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HalloSat v5.21 GERMAN REGGED by LUCiD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HalloSat v5.30 German by ViRiLiTY.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halloween 1.999.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halloween 3D v1 2 Level Unlocker by SEiZE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halloween 3D v1 2 Level Unlocker-SEiZE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halloween 3D v1 2 Plus 6 Trainer by SEiZE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halloween 3D v1 2 Plus 6 Trainer-SEiZE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halloween Cheats by CLS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halloween Cheats by FLTDOX.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halloween Cheats-CLS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halloween Haunts v1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halloween Haunts v1.11.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halloween Haunts v1.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halloween Plus 6 Trainer by SEiZE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halloween Plus 6 Trainer-SEiZE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halloween Slots.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halloween v1.3p Trainer by ESI.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halloween v1.666.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halloween v1.999 PLUS 8 TRAINER by PiZZA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halloween v1.999.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halloween v1.999.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halloween v2.71.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halloween v2.8.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halloween2000 v2.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halma 3D v1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halo 1.0.0.564 from 7wolf multimedia no-cd by rev.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halo 1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halo Alias El Diablo Glitches and Secrets Guide V3.8.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halo Any.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halo CE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halo Combat Envolved.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halo Combat Evloved.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halo Combat Evolved RETAIL.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halo Combat Evolved Update v1.05.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halo Combat Evolved v1.01 PLUS 4 TRAINER by PiZZADOX.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halo Combat Evolved v1.031 French.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halo Combat Evolved v1.04 PLUS 4 TRAINER.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halo Custom Edition.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halo Evolved.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halo GLITCHES SECRETS GUIDE v2.7.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halo Kampf Um Die Zukunft.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halo Kampf um die Zuckunft ;Real Serial.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halo PC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halo by El Diablo.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halo by RTE-dlazz.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halo combat evolved for the pc.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halo no intro.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halo v1.0.0.564.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halo.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Halsovakten Plus v2.10 o SWEDiSH by ABSOKT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Ham Club DB v1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Ham Helper 1.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Ham Helper v1.21.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Ham Helper v1.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Ham Helper v1.31.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Ham Helper v2.01 Keygen.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Ham Helper v2.01 Regfile.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Ham Helper v2.01 Serial.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Ham Label Professionell v3.5.1 German by ViRiLiTY.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Ham Office 3.3.2b.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Ham Office 3.4.1b.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Ham Office v3.3.2 GERMAN REGGED by LUCiD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Ham Office v3.3.2b German by ViRiLiTY.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Ham Office v3.3.2b German.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Ham Office v3.4.1b German by ViRiLiTY.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Ham Office v3.4.2 German by ViRiLiTY.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HamAtlas Pro 3.3.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HamAtlas Pro v3.3.0 GERMAN by LUCiD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HamOffice 3.4.1b.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HamOffice 3.4.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HamOffice v3.4.1b GERMAN REGGED by LUCiD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HamOffice v3.4.3 GERMAN REGGED by LUCiD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamic v1.01.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamic v2.0 by CHiCNCREAM.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hammer Reminders 1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HammerTap Auction Informant v1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hampson Russell CE v7 R1 Linux by CROSSFiRE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hampson Russell CE v7 R1 Linux.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hampson Russell CE v7 R1 by CROSSFiRE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hampson Russell CE v7 R1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hampson Russell CE v7 R2 Linux by CROSSFiRE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hampson Russell CE v7 R2 Solaris by CROSSFiRE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hampson Russell CE v7 R2 by CROSSFiRE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamrick Software VueScan v7.6.84 Linux Regged by iNFECTED.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamrick Software VueScan v7.6.84 MacOSX Regged by iNFECTED.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamrick Software VueScan v7.6.84 Regged by iNFECTED.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamrick Software VueScan v8.0.1 Linux.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamrick Software VueScan v8.0.1 MAC OS X.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamrick Software VueScan v8.0.1 Regged Linux by iNFECTED.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamrick Software VueScan v8.0.1 Regged MAC OS X by iNFECTED.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamrick Software VueScan v8.0.2 Linux by iNFECTED.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamrick Software VueScan v8.0.2 Linux.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamrick Software VueScan v8.0.2 MAC OS X by iNFECTED.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamrick Software VueScan v8.0.2 MAC OS X.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamrick Software VueScan v8.0.2 MacOSX by iNFECTED.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamrick Software VueScan v8.0.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamrick Software VueScan v8.0.4 by iNFECTED.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamrick Software VueScan v8.0.4.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamrick Software VueScan v8.0.9 Linux by iNFECTED.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamrick Software VueScan v8.0.9 Linux.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamrick Software VueScan v8.0.9 MAC OS X by iNFECTED.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamrick Software VueScan v8.0.9 MAC OS X.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamrick Software VueScan v8.0.9 for Mac OS X.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamrick VuePrint Pro v8.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamster Blocks v1.0 by ECLiPSE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HamsterFamily Viewer v 1.0.100 Regged by EiT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HamsterFamily Viewer v.1.0.100.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamsterball v1.1R Crack by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hamsterball v1.1R Patch by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HanDbase 2.50 for Palm Pilot.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hanami v1.0.0.8 by Elila.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hanami v1.0.0.8 by SC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hanami v1.0.0.8 by crack4you.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hanami v1.0.0.8.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hanami v1.0.0.9 by Elila.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hanami v1.0.0.9 by RAC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hanami v1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hanami! v1.0.0.8 by Elila.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hanami! v1.0.0.8 by SC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hanami! v1.0.0.8 by crack4you.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hanami! v1.0.0.9 by Elila.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hanami! v1.0.0.9 by RAC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandBrowser.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandDee GTuner Guitar Tuner v1.2.1 PocketPC WinMobile 2003 ARM.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandDee GTuner v1.2.1 ARM PPC Regged by aSxPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandDee GTuner v1.2.1 ARM PPC by aSxPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandMap v4.7.4 PalmOS Cracked by CSCPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandMine 1.14 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandMine 1.15 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandMine v1.14 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandMine v1.15 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandMine v1.16 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandMine v1.20 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandNotes v3.5.2 All PPC by aSxPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandPainter-PRO v1.5.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandPainter-PRO v1.7.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandPainter-PRO v1.8.0 PalmOS5 Cracked by CSCPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandScape Lite 2.2.0 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandScape Pro 1.5.0 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandScape v3.0.1 Leap for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handball Manager v1.3.1 GERMAN Cracked by DVT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handdee gtuner ppc guitar tuner 1.2.1 winmobile 2003 arm cracked by tsrh.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handdee gtuner ppc guitar tuner 1.2.1 winmobile 2003 arm.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handheld Basic v1.03.681.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandheldBasic v1.03.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandheldBasic++ v1.03.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handheldmed Book Reader v6.00.38 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handheldmed EZ Reader Books v6.01.20 ARM XScale PPC Cracked.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handheldmed book reader 6.00.38 [palmos] cracked prc by rev.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handheldmed book reader 6.00.38.[palmos] prc.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandiGolf 1.6 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandiGolf v2.0 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handicap Manager for Excel 3.6a.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handicap Manager for Excel v3.6a Regged by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handicap Manager for Excel v3.6a.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handicap Manager for Excel v3.6d Regged by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handicapper 3.03.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handleheld-Basic HB v1.02 by Txomin.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handleheld-Basic++ (HB++) v1.02 by Txomin.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmap for pocketpc cracked by tsrh.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmap for pocketpc.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmark Crossword 365 v2.01 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmark GolftracPro 4.0 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmark Hearts and Spades 1.0 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmark Kaplan SAT v1.0 ARM PPC by COREPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmark Las Vegas Casino 2.0 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmark Microsoft Links.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmark MobileDB 2.1 for PalmOS Crack.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmark MobileDB 2.1 for PalmOS Serial.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmark MobileDB v2.1 for PalmOS Crack.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmark MobileDB v2.1 for PalmOS Serial.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmark MobileDB v4.02 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmark MobileDB-Excel v1.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmark MobileSafe 2.2 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmark Monopoly PocketPC Fixed.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmark Monopoly v1.23 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmark Scrabble.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmark Super Solitaire 15 v2.0 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmark SuperClock 3.0 for PalmOS by Core.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmark SuperClock 3.0 for PalmOS by Elila.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmark SuperUtility 4.01 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmark checklist 1.0 ppc read nfo cracked by tsrh.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmark checklist 1.0 ppc read nfo.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmark monopoly 1.23 for palmos cracked prc by tsrh.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handmark v4.0 Student.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandoVideo Converter Pro 1.0.0.1060.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandoVideo Converter Pro 2.0.0.1095.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandoVideo Converter Pro v1.2.0.1080 by DVT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handpainter Pro v1.7.2 PalmOS Cracked by BLZPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handpainter Pro v1.8.5 PalmOS5 Cracked by BLZPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handpainter-pro 1.7.0 cracked prc by tsrh.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handpainter-pro hires 1.6.0 cracked prc by tsrh.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hands Off 1.4.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hands Off v2.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandsFree ScreenSaver by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandsFree ScreenSaver.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandsFree Screensaver 1.0 build 943.30611.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandsFree Screensaver Management v1.0.958.30618 by ACME.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandsFree Screensaver Management v1.0.958.30618.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handstory media suite 3.1.0.21 mopack.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handwerker v2.00 Fixed.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handwerkerprogramm HCS-Win v5.2.0.23 GERMAN by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Address Book 1.5 DC 20050601 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Address Book 1.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Address Book 2.0.0.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Address Book v1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Address Book v1.1 Cracked by FFI.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Address Book v1.3 Cracked by FFI.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Address Book v1.3 by SND.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Address Book v1.3 by TSRH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Address Book v1.4 Cracked by CPHV.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Address Book v1.4.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Address Book v1.5 Cracked by FFI.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Address Book v1.5 by LUCiD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Address Book v1.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Animated Emoticons v1.0.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Animated Emoticons v2.30 by TBE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Animated Emoticons v2.30.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Animated Emoticons v3.0 Cracked by iNFECTED.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Animated Icons v2.30.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Backup DVD Edition v4.5 by QUARTEX.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Backup DVD Edition v4.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Backup Pro v1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Backup v3.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Backup v3.5 NEW.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Backup v3.5 by Almarakby.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Backup v3.5 by TSRH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Backup v3.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Backup v3.9 (Dec 10).zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Backup v3.9 (Feb 18).zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Backup v3.9 Dec 10.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Backup v3.9 Feb 18.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Backup v3.9 build Dec 10.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Backup v3.9.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Backup v3.9x.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Backup v4.1 by Core.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Backup v4.5.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Backup v4.6 by TBE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy CD Ripper and Mp3 Wma Converter v1.9 by TBE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Car 3.0.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Car 3.5.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Car v4.0.0 DIRFIX by iPA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Car v4.0.0 by iPA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Car v4.0.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Car v4.2.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Diary v2.0 PalmOS CRACKED by SHOCKpDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Entertainment Riverland Screensaver v1.00.02 for PocketPC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy HTML v1.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Label v1.4 PalmOS by BLZPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy MP3 Recorder v3.1 by MP2K.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy MP3 Recorder v3.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy MP3 Splitter v1.13.0.12 CRACKED by LUCiD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Password v2.0 PalmOS CRACKED by SHOCKpDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Password v3.0 PalmOS CRACKED by SHOCKpDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Print98 v3.79.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Randy 2.0.1 for PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Randy v2.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Recovery v2.0 by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Recovery v2.0 by TBE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Recovery v2.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy The Tribe v1.1 XScale WM2003 Cracked by RCAPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Tots N Togs Christmas Edition v1.1 ARM.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Tots N Togs Christmas Edition v1.1 All PPC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Tots N Togs Christmas Edition v1.1 PalmOS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Tots N Togs Christmas Edition v1.1 XScale WM2003 Cracked by RCAP.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Tots N Togs Christmas Edition v1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy Tots N Togs v1.0 XScale WM2003 Cracked by RCAPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy entertainment riverland screensaver 1.00.02 pocket pc by tsrh.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy entertainment riverland screensaver 2 0 pocket pc.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy entertainment timberland screensaver 1 0 pocket pc.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handy explorer.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyCafe v1.1.16 Universal.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyExpense v2.0 PalmOS CRACKED by SHOCKpDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyGraph 1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyHTML Editor v1.5.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyHTML Editor v1.52.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyHTML HTML Editor v1.1 by AAOCG.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyHTML HTML Editor v1.1 by TNT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyHTML HTML Editor v1.12 by DBC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyHTML HTML Editor v1.12 by Eminence.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyHTML HTML Editor v1.2 by DBC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyHTML HTML Editor v1.2 by IMS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyHTML HTML Editor v1.3 by DBC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyHTML HTML Editor v1.3 by IMS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyHTML HTML Editor v1.4.005 by Enfusia.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyHTML HTML Editor v1.4.005 by Prinsobo312.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyHTML HTML Editor v1.4.005 by TMG.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyHTML HTML Editor v1.4.005 by TNT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyHTML HTML Editor v1.4.007 by IMS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyHTML HTML Editor v1.4.007 by TMG.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyHTML HTML Editor v1.4.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyHTML HTML Editor v1.5 by RP2K.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyHTML HTML Editor v1.5 by TSRH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyHTML Studio v2.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyHTML v1.4 build 007.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyLauncher v3.2 ARM PPC2002 by aSxPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyMenu v2.7 ARM PPC2002 by aSxPDA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyPad v1.6.0.0 Cracked by iPA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyPrint 98 v3.51.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyPrint 98 v3.54.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyPrint 98 v3.61.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyPrint 98 v3.72 by LasH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyPrint 98 v3.72 by oloo.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyPrint 98 v3.74.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyPrint 98 v3.75 Keygen.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyPrint 98 v3.75 Serial.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyPrint 98 v3.77.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyPrint 98 v3.78.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyPrint 98 v3.79 Keygen.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyPrint 98 v3.79 Serial by DBC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyPrint 98 v3.79 Serial by Silence.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyPrint 98 v3.79 Serial by TNT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyPrint XP v2.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandyRec Professional v4.0 by TBE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandySIM v4.2 German Cracked by xRTC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HandySIM v4.2 German-xRTC.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Handyaddressbookv 1.3 patch.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWIN DHCP Server v2.0.23 by AGAiN.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWIN DHCP Server v2.0.23.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWIN DTMF Batch 1.2.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWIN DTMF Batch v1.2.1 German by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWIN WinSMS v1.2.4 German by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin DHCP Server 2.0.32.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin DHCP Server 2.0.38.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin DHCP Server 2.1.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin DHCP Server 2.1.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin DHCP Server 2.1.6.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin DHCP Server 2.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin DHCP Server v2.0.32 German by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin DHCP Server v2.0.32 German.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin DHCP Server v2.0.35 German by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin DHCP Server v2.0.36 German by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin DHCP Server v2.0.38 German by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin DHCP Server v2.1 German by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin DHCP Server v2.1.2 German Ke.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin DHCP Server v2.1.3 German.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin DNS Server 1.3.14.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin DNS Server 1.4.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin DNS Server v1.3.14 German by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin DNS Server v1.3.15 German by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin ISLA 1.9.26.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin ISLA v1.9.25 German by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin ISLA v1.9.25 German.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin ISLA v1.9.26 German by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin NFS Server 1.1.38.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin NFS Server 1.1.43.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin NFS Server v1.1.34 German by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin NFS Server v1.1.34 German.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin NFS Server v1.1.37 German by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin NFS Server v1.1.38 German by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin NFS Server v1.1.39 German by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin NFS Server v1.1.41 German Ke.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin TFTP Server v1.4.2 German by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin TFTP Server v1.4.2 German.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin TFTP Server v1.4.3 German by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\HaneWin TFTP Server v1.4.4 German by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hanewin TFTP Server v1.3.6.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hang2000 v1.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hang2000 v1.21.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hang2000 v1.3.1 by Intension.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hang2000 v1.3.1 by TNT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hang2000 v1.3.2 Keygen by Elila.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hang2000 v1.3.2 Patch.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hang2000 v1.3.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hang2000 v1.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hang2000.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hang3000 v1.0 by AmoK.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hang3000 v1.0 by Elila.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hang3000 v1.0 by Intension.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hang3000 v1.0 by Lash.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hang3000 v1.01 Keygen.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hang3000 v1.01 Serial by LasH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hang3000 v1.01 Serial by TNT.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hang3001 v1.03 PLUS 1 TRAINER by PiZZA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hangflash 1.0 for palmos palmos self.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hangflash 1.0 for palmos palmos selfkeygen by tsrh.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hangman 2.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hangman 3.0.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hangman 3D Graphix v2.0 Multilingual.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hangman 3D Graphix v2.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hangman Bible 1.01.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hangman Bible v1.01 by Sphynx.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hangman Bible v1.01.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hangman Pro 1.02.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hangman Pro 1.03.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\Hangman Pro 1.05.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\g3Bay v1.0.4.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\haneWIN DNS Server v1.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Uploads\haneWIN TFTP Server v1.34.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup (quarantined).
C:\Program Files\Pndkzgg\Rnxc.exe -> Trojan.Small.cy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP648\A0145951.exe -> Trojan.Small.ju : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP648\A0145960.exe -> Trojan.Small.ju : Cleaned with backup (quarantined).
C:\VundoFix Backups\bnnthuql.exe.bad -> Trojan.Small.ju : Cleaned with backup (quarantined).
C:\VundoFix Backups\omextqov.exe.bad -> Trojan.Small.ju : Cleaned with backup (quarantined).


::Report end
jspatriots is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-05-2006, 06:13 PM   #11 (permalink)
Registered User
 
Join Date: Nov 2006
Posts: 17
OS: xp home sp2, xp pro


kaspersky

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, December 05, 2006 7:57:43 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 5/12/2006
Kaspersky Anti-Virus database records: 248255
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 92302
Number of viruses found: 39
Number of infected objects: 247 / 0
Number of suspicious objects: 2
Duration of the scan process: 01:40:33

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy2.zip/trkgif.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\eXactAdvertisingBargainsBuddy2.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d35111a-32874931.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d35111a-32874931.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d35111a-32874931.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d35111a-32874931.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d35111a-32874931.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba448-1c218de9.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba448-1c218de9.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba448-1c218de9.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba448-20ddbe39.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba448-20ddbe39.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba448-20ddbe39.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-1dbf9af3-37ea06c1.zip/Matrix.class Infected: Trojan-Downloader.Java.OpenStream.c skipped
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-1dbf9af3-37ea06c1.zip/Counter.class Infected: Trojan.Java.ClassLoader.h skipped
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-1dbf9af3-37ea06c1.zip/Parser.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Documents and Settings\Jeff\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv470.jar-1dbf9af3-37ea06c1.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Jeff\Application Data\tizupd.bin/data0002 Infected: Trojan-Downloader.Win32.PurityScan.be skipped
C:\Documents and Settings\Jeff\Application Data\tizupd.bin/data0003 Infected: Trojan-Downloader.Win32.PurityScan.ak skipped
C:\Documents and Settings\Jeff\Application Data\tizupd.bin NSIS: infected - 2 skipped
C:\Documents and Settings\Jeff\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jeff\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jeff\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jeff\Local Settings\History\History.IE5\MSHist012006120520061206\index.dat Object is locked skipped
C:\Documents and Settings\Jeff\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Jeff\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jeff\My Documents\xbox\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\Jeff\My Documents\xbox\mirc616.exe mIRC: infected - 1 skipped
C:\Documents and Settings\Jeff\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jeff\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mom\Application Data\tizupd.bin/data0002 Infected: Trojan-Downloader.Win32.PurityScan.be skipped
C:\Documents and Settings\Mom\Application Data\tizupd.bin/data0003 Infected: Trojan-Downloader.Win32.PurityScan.ak skipped
C:\Documents and Settings\Mom\Application Data\tizupd.bin NSIS: infected - 2 skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Steph\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7340b669-46184b75.zip/BlackBox.class Infected: Trojan.Java.ClassLoader.z skipped
C:\Documents and Settings\Steph\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7340b669-46184b75.zip/VB.class Infected: Trojan.Java.ClassLoader.ak skipped
C:\Documents and Settings\Steph\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7340b669-46184b75.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\Steph\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7340b669-46184b75.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Steph\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cced6-4b68c28d.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\Steph\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cced6-4b68c28d.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Steph\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cced6-4b68c28d.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\Steph\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cced6-4b68c28d.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\Steph\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cced6-4b68c28d.zip ZIP: infected - 4 skipped
C:\Documents and Settings\Steph\Application Data\tizupd.bin/data0002 Infected: Trojan-Downloader.Win32.PurityScan.be skipped
C:\Documents and Settings\Steph\Application Data\tizupd.bin/data0003 Infected: Trojan-Downloader.Win32.PurityScan.ab skipped
C:\Documents and Settings\Steph\Application Data\tizupd.bin NSIS: infected - 2 skipped
C:\I386\InstaFinder_inst245.exe/stream Infected: not-a-virus:AdWare.Win32.InstaFinder.a skipped
C:\I386\InstaFinder_inst245.exe NSIS: infected - 1 skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7B.tmp Infected: not-a-virus:AdWare.Win32.EZula.u skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7C.tmp/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.EZula.ak skipped
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7C.tmp WiseSFX: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP583\A0134120.exe/stream/data0005/data0002 Infected: Trojan-Clicker.Win32.VB.ip skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP583\A0134120.exe/stream/data0005/data0003 Infected: not-a-virus:AdWare.Win32.MediaBack.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP583\A0134120.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.MediaBack.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP583\A0134120.exe/stream Infected: not-a-virus:AdWare.Win32.MediaBack.a skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP583\A0134120.exe NSIS: infected - 4 skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP648\A0145898.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP648\A0145949.dll Infected: Trojan.Win32.BHO.g skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP648\A0145969.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fj skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146084.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146086.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146087.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146088.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146211.exe Infected: Trojan.Win32.Small.cy skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146212.exe Infected: Trojan.Win32.Agent.ny skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146213.exe Infected: Trojan.Win32.Agent.ny skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146214.exe Infected: Trojan.Win32.Agent.ny skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146215.exe Infected: Trojan.Win32.Agent.ny skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146216.exe Infected: Trojan.Win32.Agent.ny skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146217.exe Infected: Trojan.Win32.Agent.ny skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146218.exe Infected: Trojan.Win32.Agent.ny skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146219.exe Infected: Trojan.Win32.Agent.ny skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146220.exe Infected: Trojan.Win32.Agent.ny skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146221.exe Infected: Trojan.Win32.Agent.ny skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146222.exe Infected: Trojan.Win32.Agent.ny skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146223.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146224.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146225.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146226.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146227.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146228.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146229.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146230.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146231.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146232.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146233.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146234.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146235.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146236.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146237.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146238.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146239.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146240.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146241.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146242.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146243.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146244.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146245.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146246.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146247.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146248.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146249.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146250.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146251.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146252.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146253.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146254.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146255.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146256.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146257.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146258.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146259.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146260.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146261.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146262.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146263.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146264.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146265.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146266.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146267.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146268.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146269.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146270.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146271.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146272.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146273.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146274.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146275.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146276.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146277.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146278.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146279.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146280.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146281.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146282.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146283.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146284.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146285.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146286.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146287.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146288.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146289.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146290.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146291.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146292.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146293.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146294.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146295.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146296.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146297.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146298.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146299.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146300.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146301.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146302.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146303.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146304.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146305.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146306.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146307.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146308.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146309.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146310.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146311.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146312.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146313.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146314.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146315.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146316.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146317.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146318.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146319.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146320.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146321.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146322.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146323.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146324.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146325.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146326.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146327.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146328.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146329.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146330.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146331.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146332.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146333.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146334.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146335.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146336.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146337.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146338.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146339.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146340.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146341.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146342.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146343.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146344.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146345.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146346.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146347.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146348.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146349.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146350.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146351.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146352.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146353.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146354.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146355.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146356.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146357.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146358.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146359.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146360.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146361.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146362.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146363.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146364.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146365.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146366.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146367.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146368.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146369.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146370.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146371.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146372.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146373.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146374.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146375.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146376.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146377.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146378.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146379.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146380.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146381.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146382.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146383.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146384.dll Infected: Trojan-Spy.Win32.Agent.kg skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146385.dll Infected: Trojan-Downloader.Win32.Agent.yf skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146386.exe Infected: Trojan-Clicker.Win32.VB.dn skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146387.dll Infected: not-a-virus:AdTool.Win32.WhenU.c skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146388.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.cq skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146389.exe Infected: not-a-virus:AdWare.Win32.PurityScan.w skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146390.exe Infected: not-a-virus:AdWare.Win32.WinAD.ab skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\A0146391.dll Infected: not-a-virus:AdWare.Win32.WinAD.u skipped
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP649\change.log Object is locked skipped
C:\VundoFix Backups\cent.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fj skipped
C:\VundoFix Backups\xonnrawi.dll.bad Infected: Trojan.Win32.BHO.g skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{306015A7-FD26-44D1-B752-6B7D53CFFA4C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\DRIVERS\sptd0445.sys Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\hpq26.exe/data0002 Infected: not-a-virus:AdWare.Win32.BetterInternet skipped
C:\WINDOWS\SYSTEM32\hpq26.exe/data0003 Infected: Trojan-Clicker.Win32.VB.dn skipped
C:\WINDOWS\SYSTEM32\hpq26.exe NSIS: infected - 2 skipped
C:\WINDOWS\SYSTEM32\imdinqek.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.am skipped
C:\WINDOWS\SYSTEM32\InstaFinder_inst245.exe/stream Infected: not-a-virus:AdWare.Win32.InstaFinder.a skipped
C:\WINDOWS\SYSTEM32\InstaFinder_inst245.exe NSIS: infected - 1 skipped
C:\WINDOWS\SYSTEM32\itpdxfdh.dll Infected: Trojan.Win32.BHO.o skipped
C:\WINDOWS\SYSTEM32\ntupd32.exe Infected: Trojan.Win32.VB.yb skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\xpsuptu.exe/data0002 Infected: not-a-virus:AdWare.Win32.MediaBack.b skipped
C:\WINDOWS\SYSTEM32\xpsuptu.exe/data0003 Infected: Trojan-Clicker.Win32.VB.dn skipped
C:\WINDOWS\SYSTEM32\xpsuptu.exe/data0004 Infected: Trojan.Win32.VB.yb skipped
C:\WINDOWS\SYSTEM32\xpsuptu.exe NSIS: infected - 3 skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Autoruns
Jeff - Tue 12/05/2006@20:03:38.43
running from C:\Documents and Settings\Jeff\Desktop\autoruns\

Other users of this machine:
* Administrator
* Dad
* Mike
* Mom
* Steph

----------------------------------------------------------------------------------

HKLM\System\CurrentControlSet\Services
AVG Anti-Spyware Guard
AVG Anti-Spyware guard
(Not verified) Anti-Malware Development a.s.
c:\program files\grisoft\avg anti-spyware 7.5\guard.exe

HKLM\System\CurrentControlSet\Services
ApiMon
File not found: C:\WINDOWS\system32\drivers\ApiMon.sys
Aspi32
ASPI for WIN32 Kernel Driver
(Not verified) Adaptec
c:\windows\system32\drivers\aspi32.sys
AVG Anti-Spyware Driver
c:\program files\grisoft\avg anti-spyware 7.5\guard.sys
AvgAsCln
AVG7 Clean Driver
(Not verified) GRISOFT, s.r.o.
c:\windows\system32\drivers\avgascln.sys
dtscsi
SCSI miniport
(Verified) DAEMON Tools Code Signing Services
c:\windows\system32\drivers\dtscsi.sys
ENTECH
File not found: C:\WINDOWS\system32\DRIVERS\ENTECH.SYS
omci
OMCI Device Driver
(Not verified) Dell Computer Corporation
c:\windows\system32\drivers\omci.sys
sptd
c:\windows\system32\drivers\sptd.sys
usbsermpt
USB Modem Driver
(Not verified) Microsoft Corporation
c:\windows\system32\drivers\usbsermpt.sys
wanatw
File not found: system32\DRIVERS\wanatw4.sys

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
sureshotpopupkiller
popupkiller MFC Application
c:\program files\pop up stopper and ad killer\pusak.exe
QuickTime Task
(Not verified) Apple Computer, Inc.
c:\program files\quicktime\qttask.exe
!AVG Anti-Spyware
AVG Anti-Spyware
(Not verified) Anti-Malware Development a.s.
c:\program files\grisoft\avg anti-spyware 7.5\avgas.exe

HKLM\SOFTWARE\Classes\Protocols\Filter
application/octet-stream
Microsoft .NET Runtime Execution Engine
(Not verified) Microsoft Corporation
c:\windows\system32\mscoree.dll
application/x-complus
Microsoft .NET Runtime Execution Engine
(Not verified) Microsoft Corporation
c:\windows\system32\mscoree.dll
application/x-msdownload
Microsoft .NET Runtime Execution Engine
(Not verified) Microsoft Corporation
c:\windows\system32\mscoree.dll

HKLM\SOFTWARE\Classes\Protocols\Handler
cdo
Microsoft SharePoint Portal Server Object Model
(Not verified) Microsoft Corporation
c:\program files\common files\microsoft shared\web folders\pkmcdo.dll

HKCU\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components
0
File not found: http://i7.ebayimg.com/03/i/03/40/a5/2c_2.JPG
1
File not found: About:Home

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
n/a
Microsoft .NET IE SECURITY REGISTRATION
(Not verified) Microsoft Corporation
c:\windows\system32\mscories.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SysProtect Free
File not found: C:\Program Files\SysProtect Free\USYP.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
AcroIEHlprObj Class
Adobe Acrobat IE Helper Version 6.0 for ActivieX
(Verified) Adobe Systems, Incorporated
c:\program files\adobe\acrobat 6.0\reader\activex\acroiehelper.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
AVG Anti-Spyware 7.5
AVG Anti-Spyware shellexecutehook
(Not verified) Anti-Malware Development a.s.
c:\program files\grisoft\avg anti-spyware 7.5\shellexecutehook.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
Display Panning CPL Extension
File not found: deskpan.dll
Fusion Cache
Microsoft .NET Runtime Execution Engine
(Not verified) Microsoft Corporation
c:\windows\system32\mscoree.dll
Web Folders
Microsoft Web Folders
(Not verified) Microsoft Corporation
c:\program files\common files\microsoft shared\web folders\msonsext.dll
WinRAR shell extension
c:\program files\winrar\rarext.dll
WinZip
WinZip Shell Extension DLL
(Not verified) WinZip Computing, Inc.
c:\program files\winzip\wzshlstb.dll
WinZip
WinZip Shell Extension DLL
(Not verified) WinZip Computing, Inc.
c:\program files\winzip\wzshlstb.dll
WinZip
WinZip Shell Extension DLL
(Not verified) WinZip Computing, Inc.
c:\program files\winzip\wzshlstb.dll
WinZip
WinZip Shell Extension DLL
(Not verified) WinZip Computing, Inc.
c:\program files\winzip\wzshlstb.dll
Yahoo! Mail
YMMAPI Module
(Verified) Yahoo! Inc.
c:\program files\yahoo!\common\ymmapi.dll
FileSystem ObjExt Extension
FileSystem Obj Extension Module
c:\windows\system32\mkdir52e.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions
PartyCasino.com
File not found: C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe
PartyPoker.com
File not found: C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
@xpsp3res.dll,-20001
File not found: C:\WINDOWS\Network


uninstall

7 Sultans Online Casino
Ad-Aware SE Personal
Ad-Aware SE Professional
Adobe Acrobat - Reader 6.0.2 Update
Adobe Photoshop CS
Adobe Reader 6.0.1
AVG Anti-Spyware 7.5
BitTornado 0.3.7
CASINO_G-FED2
CleanUp!
Cool MP3 Splitter 2.2
Dell Driver Reset Tool
Dell Picture Studio v3.0
Dell Support 5.0.0 (766)
DivX
DivX Player
DivxToDVD 0.4.2
Dope Wars Online 1.5.10
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EPSON Print CD
EPSON Printer Software
Free File Splitter 1.0
HijackThis 1.99.1
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hoyle Casino 2006 (remove only)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics Driver
Internet Explorer Default Page
J2SE Runtime Environment 5.0 Update 3
Jackpot City Online Casino
Jagged Alliance 2 Gold
Jagged Alliance 2 Wildfire
Java 2 Runtime Environment, SE v1.4.2_03
Kaspersky Online Scanner
LimeWire 4.10.9
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Publisher 2002
Motorola Phone Tools
Mozilla Firefox (1.0.2)
Musicmatch for Windows Media Player
Nero 6 Ultra Edition
PlanetLuck Casino Online Download Deluxe Suite
Platinum Play Online Casino
Pop Up Stopper and Ad Killer
PowerDVD
QuickTime
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Snood for Windows version 3.52-W
Spybot - Search & Destroy 1.4
SuperslotsCasino
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888240
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
WinZip
XviD MPEG-4 Video Codec
Yahoo! Anti-Spy
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar

hjt log

Logfile of HijackThis v1.99.1
Scan saved at 8:00:50 PM, on 12/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hjt\deckard.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\Program Files\Pop Up Stopper and Ad Killer\pusak.exe" -minimized
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /scan
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: PlanetLuck.com - {6F477182-DE4F-4326-ACE3-3110A676771B} - C:\Program Files\Planetluck Casino\bin\IEExtension_PL.dll
O9 - Extra 'Tools' menuitem: PlanetLuck.com - {6F477182-DE4F-4326-ACE3-3110A676771B} - C:\Program Files\Planetluck Casino\bin\IEExtension_PL.dll
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted IP range: http://202.67.220.225
O15 - Trusted IP range: http://59.148.220.121
O15 - Trusted IP range: http://62.4.84.53
O15 - Trusted IP range: http://82.98.235.58
O15 - Trusted IP range: http://85.12.25.90
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} - http://www.alwaysupdatednews.com/install/aun_0036.exe
O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} - http://www.clickedyclick.com/Downloa...sloader_v3.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/pl...IM.9.5.1.8.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
jspatriots is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-05-2006, 09:30 PM   #12 (permalink)
Mentor, Analyst - Security Team
 
Deckard's Avatar
 
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows


No worries -- I'm subscribed to this thread so I'll see any replies when you make them. Feel free to take as much time as you need. The good news is those scans took care of a lot of stuff lying about on your machine, but there is still a little hanging around. Let's take care of those and run another online scan. That should hopefully find whatever else is left. Because you had a lot of found malware, I may have you run a third online scan just to make sure we got everything.


Download DelO15Domains
Right click on DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.


Download ComboFix
Please download ComboFix and save it to your Desktop, but do not do anything with it yet.


HijackThis Fixes
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any):
O9 - Extra button: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyCasino.com - {B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - C:\Program Files\PartyGaming\PartyCasino\RunCasino.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
Please remember to close all other windows, including browsers then click Fix checked. Close HijackThis.


Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
C:\Documents and Settings\Jeff\Application Data\tizupd.bin
C:\Documents and Settings\Jeff\My Documents\xbox\mirc616.exe
C:\Documents and Settings\Mom\Application Data\tizupd.bin
C:\Documents and Settings\Steph\Application Data\tizupd.bin
C:\I386\InstaFinder_inst245.exe
C:\Program Files\Pndkzgg
C:\Program Files\WhenUSearch
C:\Uploads
C:\VundoFix Backups
C:\WINDOWS\system32\InstaFinder_inst245.exe
C:\WINDOWS\system32\hpq26.exe
C:\WINDOWS\system32\imdinqek.dll
C:\WINDOWS\system32\itpdxfdh.dll
C:\WINDOWS\system32\ntupd32.exe
C:\WINDOWS\system32\xpsuptu.exe

Clear Your Java Cache
Please see Clearing the Java Runtime Environment (JRE) Cache for instructions on how to clear Java's cache. I need you to do this for both the user Jeff and Steph. To get to that dialog, go into the Control Panel and double-click the Java Icon. (looks like a coffee cup). If you do not see this icon, look to your left and click 'Switch to Classic Mode'.
  1. Under Temporary Internet Files, click the Delete Files button.
  2. There are three options in the window to clear the cache - leave all three checked:
    Downloaded Applets
    Downloaded Applications
    Other Files
  3. Click OK on Delete Temporary Files Window. Note: this deletes ALL of the downloaded applications and applets from the cache.
  4. Click OK to leave the Java Control Panel.

Submit For Analysis
Please submit the following file to VirusTotal Scan:
C:\WINDOWS\system32\mkdir52e.dll
At the top of the window you should see "Select file" and a blank box. Copy and paste the red text from above into the box. Then click "Send". When it is finished, please copy the information listed the two tables (i.e., the scan results and "Additional Information") into Notepad and save it on your Desktop so you can paste it with your next reply.


Online Scan
Perform an online scan with Internet Explorer with Panda ActiveScan.
  1. Click on the "Scan your PC" button located at the bottom of the page. A popup window should appear -- make sure you allow it if you have a popup blocker.
  2. Enter your e-mail address, country, and state and click Scan Now.
  3. Your computer will download Panda's 8 megabyte ActiveX control at this point. Follow the on-screen directions if it asks you to install the ActiveX control.
  4. Begin the scan by selecting My Computer. Note:
    • Please turn off the real time scanner of any existing antivirus program while performing the online scan.
    • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
    • Click on See report then click Save report.
    • It is not necessary to remain online while it's doing the scan, but you will have to re-connect after it has finished to see the report.

Run ComboFix
Double click combofix.exe & follow the prompts. While ComboFix is running, please do not click or move the window, as this may cause the tool to stall. When the tool has finished, it will produce a log for you and save it as C:\ComboFix.txt. Post that log in your next reply.


With Your Next Post...
Please paste the following with your next reply (in this order please):
  1. The results from VirusTotal,
  2. Panda scan report,
  3. the contents of C:\ComboFix.txt,
  4. a new HiJackThis log taken after ComboFix finishes.
__________________
The chance to begin again in a golden land of opportunity and adventure.

Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all.


UNITE/ASAP: Proud member since 2006
Deckard is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2006, 05:03 PM   #13 (permalink)
Registered User
 
Join Date: Nov 2006
Posts: 17
OS: xp home sp2, xp pro


Antivirus Version Update Result
AntiVir 7.2.0.49 12.07.2006 no virus found
Authentium 4.93.8 12.07.2006 no virus found
Avast 4.7.892.0 12.07.2006 no virus found
AVG 386 12.07.2006 no virus found
BitDefender 7.2 12.07.2006 no virus found
CAT-QuickHeal 8.00 12.07.2006 no virus found
ClamAV devel-20060426 12.07.2006 no virus found
DrWeb 4.33 12.07.2006 no virus found
eSafe 7.0.14.0 12.07.2006 no virus found
eTrust-InoculateIT 23.73.79 12.07.2006 no virus found
eTrust-Vet 30.3.3236 12.07.2006 no virus found
Ewido 4.0 12.07.2006 no virus found
Fortinet 2.82.0.0 12.07.2006 no virus found
F-Prot 3.16f 12.07.2006 no virus found
F-Prot4 4.2.1.29 12.07.2006 no virus found
Ikarus T3.1.0.26 12.07.2006 no virus found
Kaspersky 4.0.2.24 12.07.2006 no virus found
McAfee 4913 12.07.2006 no virus found
Microsoft 1.1804 12.07.2006 no virus found
NOD32v2 1909 12.07.2006 no virus found
Norman 5.80.02 12.07.2006 no virus found
Panda 9.0.0.4 12.07.2006 no virus found
Prevx1 V2 12.07.2006 no virus found
Sophos 4.12.0 12.06.2006 no virus found
Sunbelt 2.2.907.0 11.30.2006 no virus found
TheHacker 6.0.3.130 12.06.2006 no virus found
UNA 1.83 12.07.2006 no virus found
VBA32 3.11.1 12.07.2006 no virus found
VirusBuster 4.3.15:9 12.07.2006 no virus found


Aditional Information
File size: 94208 bytes
MD5: 48b702154b121397b4a1ae85cdd1cdcb

ncident Status Location

Potentially unwanted tool:application/sysprotect Not disinfected hkey_local_machine\software\classes\appid\CheckProduct2_1.DLL
Adware:adware/wupd Not disinfected Windows Registry
Virus:trj/downloader.coy Disinfected Operating system
Adware:adware/azesearch Not disinfected Windows Registry
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Adware:adware/topconvert Not disinfected Windows Registry
Adware:adware/whenusearch Not disinfected Windows Registry
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\1r4bhdu6.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\1r4bhdu6.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\1r4bhdu6.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\1r4bhdu6.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\1r4bhdu6.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\1r4bhdu6.default\cookies.txt[media.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\1r4bhdu6.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\1r4bhdu6.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\1r4bhdu6.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\1r4bhdu6.default\cookies.txt[.2o7.net/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\1r4bhdu6.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\1r4bhdu6.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\1r4bhdu6.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Jeff\Cookies\jeff@2o7[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Jeff\Cookies\jeff@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jeff\Cookies\jeff@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Jeff\Cookies\jeff@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Jeff\Cookies\jeff@advertising[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Jeff\Cookies\jeff@as-us.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jeff\Cookies\jeff@atdmt[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Jeff\Cookies\jeff@casalemedia[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Jeff\Cookies\jeff@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jeff\Cookies\jeff@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Jeff\Cookies\jeff@fastclick[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Jeff\Cookies\jeff@media.adrevolver[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Jeff\Cookies\jeff@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Jeff\Cookies\jeff@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Jeff\Cookies\jeff@realmedia[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Jeff\Cookies\jeff@statse.webtrendslive[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Jeff\Cookies\jeff@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Jeff\Cookies\jeff@tribalfusion[1].txt
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Steph\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7340b669-46184b75.zip[BlackBox.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Steph\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7340b669-46184b75.zip[VB.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Steph\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7340b669-46184b75.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Steph\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7340b669-46184b75.zip[Beyond.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Steph\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cced6-4b68c28d.zip[GetAccess.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Steph\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cced6-4b68c28d.zip[InsecureClassLoader.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Steph\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cced6-4b68c28d.zip[Dummy.class]
Hacktool:Exploit/ByteVerify Not disinfected C:\Documents and Settings\Steph\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cced6-4b68c28d.zip[Installer.class]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Steph\Cookies\steph@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Steph\Cookies\steph@adrevolver[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Steph\Cookies\steph@ads.addynamix[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Steph\Cookies\steph@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Steph\Cookies\steph@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Steph\Cookies\steph@doubleclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Steph\Cookies\steph@fastclick[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Steph\Cookies\steph@media.adrevolver[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Steph\Cookies\steph@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Steph\Cookies\steph@tribalfusion[1].txt
Potentially unwanted tool:Application/MediaPipe Not disinfected C:\Program Files\DownloadManager\insdl.dll
Adware:Adware/Itbill Not disinfected C:\Program Files\fsupport\notifier.exe
Spyware:Cookie/Versiontracker Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq50.tmp
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5C.tmp
Spyware:Cookie/Cd Freaks Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq61.tmp
Spyware:Cookie/Clicktracks Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq73.tmp
Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq79.tmp
Spyware:Cookie/DomainSponsor

Jeff - 06-12-07 18:48:37.56 Service Pack 2
ComboFix 06.12.01W - Running from: "C:\Documents and Settings\Jeff\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-11-07 to 2006-12-07 ))))))))))))))))))))))))))))))))))


2006-12-07 17:42 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2006-12-07 17:41 <DIR> d-------- C:\WINDOWS\LastGood
2006-12-05 18:06 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2006-12-02 19:34 <DIR> d-------- C:\WINDOWS\erdnt
2006-12-01 18:59 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2006-12-01 18:59 <DIR> d-------- C:\Program Files\Grisoft
2006-12-01 18:57 <DIR> d-------- C:\Program Files\CleanUp!
2006-12-01 18:35 <DIR> d-------- C:\hjt
2006-11-07 15:48 <DIR> d-------- C:\WINDOWS\WBEM
2006-11-07 15:48 <DIR> d-------- C:\WINDOWS\SYSTEM32\en-US
2006-11-07 15:46 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-11-07 15:44 121,856 --------- C:\WINDOWS\SYSTEM32\xmllite.dll
2006-11-07 15:44 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-07 15:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-07 18:35 -------- d-------- C:\Program Files\WinZip
2006-12-07 18:35 -------- d-------- C:\Program Files\WinRAR
2006-12-07 18:31 -------- d-------- C:\Program Files\Pop Up Stopper and Ad Killer
2006-12-07 18:20 -------- d-------- C:\Program Files\Internet Explorer
2006-12-07 13:22 -------- d-------- C:\Program Files\Mozilla Firefox
2006-12-05 18:01 -------- d-------- C:\Program Files\DownloadManager
2006-12-03 11:56 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-12-02 19:33 -------- d-------- C:\Program Files\Common Files
2006-10-27 15:09 6049280 --------- C:\WINDOWS\SYSTEM32\ieframe.dll
2006-10-27 15:09 50688 --------- C:\WINDOWS\SYSTEM32\msfeedsbs.dll
2006-10-27 15:09 458752 --------- C:\WINDOWS\SYSTEM32\msfeeds.dll
2006-10-27 15:09 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2006-10-27 15:09 231424 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
2006-10-27 15:09 180736 --------- C:\WINDOWS\SYSTEM32\ieui.dll
2006-10-27 15:09 156160 --a------ C:\WINDOWS\SYSTEM32\msls31.dll
2006-10-27 02:44 71680 --a------ C:\WINDOWS\SYSTEM32\admparse.dll
2006-10-27 02:44 55296 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2006-10-27 02:44 54784 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
2006-10-27 02:44 43008 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll
2006-10-27 02:44 382976 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
2006-10-27 02:44 229376 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
2006-10-27 02:44 152064 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
2006-10-27 02:44 13312 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe
2006-10-27 02:44 123904 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
2006-10-27 02:42 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll
2006-10-21 12:06 -------- d-------- C:\Program Files\7sultans
2006-10-17 13:06 78336 --a------ C:\WINDOWS\SYSTEM32\ieencode.dll
2006-10-17 13:05 40960 --a------ C:\WINDOWS\SYSTEM32\licmgr10.dll
2006-10-17 13:05 206336 --------- C:\WINDOWS\SYSTEM32\WinFXDocObj.exe
2006-10-17 13:05 105984 --a------ C:\WINDOWS\SYSTEM32\url.dll
2006-10-17 13:04 101376 --a------ C:\WINDOWS\SYSTEM32\occache.dll
2006-10-17 13:03 17408 --a------ C:\WINDOWS\SYSTEM32\corpol.dll
2006-10-17 12:58 61952 --------- C:\WINDOWS\SYSTEM32\icardie.dll
2006-10-17 12:58 12288 --------- C:\WINDOWS\SYSTEM32\msfeedssync.exe
2006-10-17 12:57 36352 --a------ C:\WINDOWS\SYSTEM32\imgutil.dll
2006-10-17 12:57 266752 --------- C:\WINDOWS\SYSTEM32\iertutil.dll
2006-10-17 12:56 45568 --a------ C:\WINDOWS\SYSTEM32\mshta.exe
2006-10-17 12:28 48128 --a------ C:\WINDOWS\SYSTEM32\mshtmler.dll
2006-10-17 12:27 380928 --------- C:\WINDOWS\SYSTEM32\ieapfltr.dll
2006-10-01 14:57 49 --a------ C:\Documents and Settings\Jeff\Application Data\internaldb41.dat
2006-10-01 14:57 334 --a------ C:\Documents and Settings\Jeff\Application Data\internaldb1942.dat
2006-10-01 14:56 13046 --a------ C:\Documents and Settings\Jeff\Application Data\internaldb5436.dat
2006-10-01 14:56 0 --a------ C:\Documents and Settings\Jeff\Application Data\internaldb4604.dat
2006-09-30 11:26 177152 --a------ C:\Documents and Settings\Jeff\Application Data\internaldb4827.dat
2006-09-21 14:03 0 --a------ C:\Documents and Settings\Jeff\Application Data\internaldb153.dat
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SysProtect Free"="\"C:\\Program Files\\SysProtect Free\\USYP.exe\" /scan"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"sureshotpopupkiller"="\"C:\\Program Files\\Pop Up Stopper and Ad Killer\\pusak.exe\" -minimized"
"EPSON Stylus Photo R200 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_S4I2H1.EXE /P30 \"EPSON Stylus Photo R200 Series\" /O6 \"USB001\" /M \"Stylus Photo R200\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://i7.ebayimg.com/03/i/03/40/a5/2c_2.JPG"
"SubscribedURL"="http://i7.ebayimg.com/03/i/03/40/a5/2c_2.JPG"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,b8,01,00,00,18,01,00,00,c8,00,00,00,97,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,19,01,00,00,c8,00,00,00,96,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,02,06,41,c0,b4,74,98,f8,fb,07,68,de,02,06,20,6d,\
02,06,08,4b,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,38,01,00,00,00,00,00,00,c8,02,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=hex:ff,00,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Gamma Loader.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma Loader.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma Loader"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Microsoft Office.lnk"
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\MICROS~2\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Dialer.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Verizon Online Dialer.lnk"
"backup"="C:\\WINDOWS\\pss\\Verizon Online Dialer.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\VERIZO~1\\ConnMgr\\VERIZO~1.EXE /S"
"item"="Verizon Online Dialer"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Verizon Online Support Center.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Verizon Online Support Center.lnk"
"backup"="C:\\WINDOWS\\pss\\Verizon Online Support Center.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\VERIZO~1\\SUPPOR~1\\bin\\matcli.exe -boot"
"item"="Verizon Online Support Center"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Jeff^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
"path"="C:\\Documents and Settings\\Jeff\\Start Menu\\Programs\\Startup\\LimeWire On Startup.lnk"
"backup"="C:\\WINDOWS\\pss\\LimeWire On Startup.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\LimeWire\\LimeWire.exe -startup"
"item"="LimeWire On Startup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DwlClient]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Support"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Dell\\EUSW\\Support.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDonkey2000]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="edonkey2000"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\eDonkey2000\\edonkey2000.exe\" -t"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Pass]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MediaPassK"
"hkey"="HKLM"
"command"="C:\\Program Files\\Media Pass\\MediaPassK.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\VERIZO~1\\SUPPOR~1\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Preview AdService]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PrevAdServ"
"hkey"="HKLM"
"command"="C:\\Program Files\\Preview AdService\\PrevAdServ.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sen]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tlii"
"hkey"="HKCU"
"command"="C:\\Program Files\\bama\\tlii.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SFP]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="vzSFPWin"
"hkey"="HKCU"
"command"="C:\\Program Files\\Common Files\\Verizon Online\\SFP\\vzSFPWin.EXE /s"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TizzleTalk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TizzleTalk"
"hkey"="HKLM"
"command"="C:\\Program Files\\TizzleTalk\\TizzleTalk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tsa2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="tsm2"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\tsa\\tsm2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall_TBPS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TBuninst"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\Temp\\TBuninst.exe /remove"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows AdStatus]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WinStat"
"hkey"="HKLM"
"command"="C:\\Program Files\\Windows AdStatus\\WinStat.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinTools]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WToolsA"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\COMMON~1\\WinTools\\WToolsA.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe -quiet"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

Completion time: 06-12-07 18:58:47.62
C:\ComboFix.txt ... 06-12-07 18:58
C:\ComboFix2.txt ... 06-12-02 19:37


Logfile of HijackThis v1.99.1
Scan saved at 7:01:32 PM, on 12/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Pop Up Stopper and Ad Killer\pusak.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\internet explorer\iexplore.exe
C:\hjt\deckard.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\Program Files\Pop Up Stopper and Ad Killer\pusak.exe" -minimized
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /scan
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: PlanetLuck.com - {6F477182-DE4F-4326-ACE3-3110A676771B} - C:\Program Files\Planetluck Casino\bin\IEExtension_PL.dll
O9 - Extra 'Tools' menuitem: PlanetLuck.com - {6F477182-DE4F-4326-ACE3-3110A676771B} - C:\Program Files\Planetluck Casino\bin\IEExtension_PL.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} - http://www.clickedyclick.com/Downloa...sloader_v3.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/pl...IM.9.5.1.8.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
jspatriots is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-07-2006, 09:22 PM   #14 (permalink)
Mentor, Analyst - Security Team
 
Deckard's Avatar
 
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows


Was that all of the Panda report? It looks like it might have been cut off at the end.

HijackThis Fixes
Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they still exist (make sure you do not miss any):
O4 - HKCU\..\Run: [SysProtect Free] "C:\Program Files\SysProtect Free\USYP.exe" /scan
Please remember to close all other windows, including browsers then click Fix checked. Close HijackThis.

Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.
C:\Documents and Settings\Jeff\Application Data\internaldb153.dat
C:\Documents and Settings\Jeff\Application Data\internaldb1942.dat
C:\Documents and Settings\Jeff\Application Data\internaldb41.dat
C:\Documents and Settings\Jeff\Application Data\internaldb4604.dat
C:\Documents and Settings\Jeff\Application Data\internaldb4827.dat
C:\Documents and Settings\Jeff\Application Data\internaldb5436.dat
C:\Documents and Settings\Steph\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7340b669-46184b75.zip
C:\Documents and Settings\Steph\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-690cced6-4b68c28d.zip
C:\Program Files\DownloadManager
C:\Program Files\SysProtect Free
C:\Program Files\fsupport

Clear Cookies
Clear your IE cookies. Start>Settings>Control Panel>Internet Options>General. Under Temporary Internet Files, click on Delete Cookies. Then click Delete Files.

Clear your Firefox cookies. From the open browser, go to Tools>Options>Privacy>Cookies>Clear.


Online Scan
Please perform an BitDefender Online Scan using Internet Explorer. Once finished, click on the Details button to view the results. To the upper right of the results you will see an option saying "Click here to export the scan results". Please do so and save it to your desktop. Copy and paste the results of the scan with your next post.


Post the result from Bitdefender and a new HijackThis log. How is your machine behaving now?
__________________
The chance to begin again in a golden land of opportunity and adventure.

Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all.


UNITE/ASAP: Proud member since 2006
Deckard is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-08-2006, 05:46 PM   #15 (permalink)
Registered User
 
Join Date: Nov 2006
Posts: 17
OS: xp home sp2, xp pro


pc working perfectly. here are the new logs

BitDefender Online Scanner - Real Time Virus Report



Generated at: Fri, Dec 08, 2006 - 19:45:12


--------------------------------------------------------------------------------





Scan Info



Scanned Files
372678

Infected Files
3








Virus Detected



Trojan.Clicker.VB.DN
1

Dropped:Trojan.Clicker.Vb.IP
1

Trojan.Vb.YB
1










--------------------------------------------------------------------------------



This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.


Logfile of HijackThis v1.99.1
Scan saved at 5:26:34 PM, on 12/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Pop Up Stopper and Ad Killer\pusak.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\hjt\deckard.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/mywaybiz
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [sureshotpopupkiller] "C:\Program Files\Pop Up Stopper and Ad Killer\pusak.exe" -minimized
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: PlanetLuck.com - {6F477182-DE4F-4326-ACE3-3110A676771B} - C:\Program Files\Planetluck Casino\bin\IEExtension_PL.dll
O9 - Extra 'Tools' menuitem: PlanetLuck.com - {6F477182-DE4F-4326-ACE3-3110A676771B} - C:\Program Files\Planetluck Casino\bin\IEExtension_PL.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...38&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {7565A160-5C60-4866-A120-F4D5B2BA3AAE} - http://www.clickedyclick.com/Downloa...sloader_v3.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {9E17A5F9-2B9C-4C66-A592-199A4BA1FBC8} - http://pictures04.aim.com/ygp/aol/pl...IM.9.5.1.8.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
jspatriots is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-08-2006, 08:33 PM   #16 (permalink)
Mentor, Analyst - Security Team
 
Deckard's Avatar
 
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows


Did BitDefender tell you what files those were?
__________________
The chance to begin again in a golden land of opportunity and adventure.

Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all.


UNITE/ASAP: Proud member since 2006
Deckard is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-09-2006, 11:38 AM   #17 (permalink)
Registered User
 
Join Date: Nov 2006
Posts: 17
OS: xp home sp2, xp pro


ok i guess i submitted the wrong log because when i went and looked today this is what i found in it

BitDefender Online Scanner



Scan report generated at: Fri, Dec 08, 2006 - 19:03:28





Scan path: C:\;D:\;E:\;







Statistics

Time
01:30:01

Files
371368

Folders
7423

Boot Sectors
4

Archives
4677

Packed Files
28747




Results

Identified Viruses
3

Infected Files
3

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
3




Engines Info

Virus Definitions
329798

Engine build
AVCORE v1.0 (build 2368) (i386) (Nov 16 2006 11:31:19)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP583\A0134120.exe=>(NSIS o)=>lzma_solid_nsis0005
Infected with: Dropped:Trojan.Clicker.Vb.IP

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP583\A0134120.exe=>(NSIS o)=>lzma_solid_nsis0005
Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP583\A0134120.exe=>(NSIS o)=>lzma_solid_nsis0005
Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP583\A0134120.exe=>(NSIS o)
Update failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP651\A0147553.exe=>(NSIS o)=>zlib_nsis0002
Infected with: Trojan.Clicker.VB.DN

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP651\A0147553.exe=>(NSIS o)=>zlib_nsis0002
Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP651\A0147553.exe=>(NSIS o)
Update failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP651\A0147553.exe=>(NSIS o)=>zlib_nsis0003
Infected with: Trojan.Vb.YB

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP651\A0147553.exe=>(NSIS o)=>zlib_nsis0003
Disinfection failed

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP651\A0147553.exe=>(NSIS o)=>zlib_nsis0003
Deleted

C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP651\A0147553.exe=>(NSIS o)
Update failed
jspatriots is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 12-09-2006, 12:39 PM   #18 (permalink)
Mentor, Analyst - Security Team
 
Deckard's Avatar
 
Join Date: May 2006
Location: Oregon
Posts: 2,503
OS: MacOS X, Debian, OpenBSD, Windows


Ah good. Those were all in your System Restore, which we're about to reset anyway.

Well done, your logs are clean! Any more issues? If not, you should be good to go but we still have a few items we'd like to address.

Reset hidden/system files and folders
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View tab.
  • Deselect the Show hidden files and folders option.
  • Select the Hide file extensions for known types option.
  • Select the Hide protected operating system files option.
  • Click Yes to confirm and then click OK.

Reset System Restore
  • Go to Start>Run, type SYSDM.CPL and press Enter.
  • Select the System Restore tab.
  • Check "Turn off System Restore on all drives" and click Apply.
  • Now uncheck the same option and click OK.

Re-enable Protection
Turn back on any malware prevention tools we might have had you switch off.

Microsoft Updates
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by malware. Using Internet Explorer, please go to Microsoft's Windows Update and download all of the critical updates to help prevent possible re-infection.

Enable Windows Auto Update:
  • Go to Start>Run, type WUAUCPL.CPL and press Enter.
  • Make sure "Keep my computer up to date" is checked.
  • Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
  • Click on "OK".

Update Java
You need to update your Java as it is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  1. Download the latest version of Java Runtime Environment (JRE) 5.0 Update 10.
  2. Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
  3. Click the "Download" button to the right.
  4. Check the box that says: "Accept License Agreement".
  5. The page will refresh.
  6. Click on the link to download Windows Offline Installation with or without multi-language and save to your desktop.
  7. Close any programs you may have running -- especially your web browser(s).
  8. Go to Start→Control Panel double-click on Add/Remove Programs.
  9. Check any item with Java Runtime Environment (JRE or J2SE) in the name (ie., J2SE Runtime Environment 5.0 Update 3 and Java 2 Runtime Environment, SE v1.4.2_03)
  10. Click the Remove or Change/Remove button.
  11. Repeat as many times as necessary to remove each version of Java.
  12. Reboot your computer once all Java components are removed.
  13. Then from your desktop double-click on jre-1_5_0_10-windowsi586-p.exe to install the newest version.
  14. After the reboot, go back into the Control Panel and double-click the Java icon.
  15. Under Temporary Internet Files, click the Delete Files button.
  16. There are three options in the window to clear the cache - Leave ALL three checked:
    • Downloaded Applets
    • Downloaded Applications
    • Other Files
  17. Click OK on Delete Temporary Files Window. NOTE: This deletes ALL of the Downloaded Applications and Applets from the cache.
  18. Click OK to leave the Java Control Panel.

Tool Deletions
Feel free to remove these tools and their folders:
  • Autoruns
  • CleanUp! (uninstall from Add/Remove Programs)
  • ComboFix
  • VundoFix
  • DelO15Domains
You may want to keep AVG Anti-Spyware, as it will offer you some additional protection. It is a free 30 day trial, after which time you will need to manually update it yourself.


Malware Prevention
This is a good time to set up protection against further attacks. You might want to read Tony Klein's "How Did I Get Infected In The First Place?". At the minimum, you need an antivirus that is continually updated, a good firewall, a spyware blocker such as Spyware Blaster, and a real time spyware program such as Spyware Guard to prevent spyware intrusions. I also recommend IE-Spyad, which places over 4,000 websites and domains in the IE Restricted list, thus helping prevent attempts to re-infect your system. All of these have no-strings-attached free versions available. However, be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use but often have malware in them.

Two more articles you may want to read at your leisure are "KRC Anti-Spyware Tutorial" and "Making Internet Explorer Safer".

The following is a list of free software we recommend:

Antivirus
AV software should be updated at least once a week for optimum protection. Here are some free AV programs available for personal use. NOTE: Do not install more than one AV program because they will conflict with each other. Only pick one.
Firewalls
A good firewall is the first-line of defense for your computer and will monitor incoming and outgoing traffic. NOTE: Microsoft's Firewall does not monitor outgoing traffic. If you are unfamiliar with how a firewall works, you can read "Understanding and Using Firewalls". Here are some free firewalls available for personal use:Realtime Malware Prevention Tools
These programs actively watch your computer for possible malware-related changes and help prevent them. You can run more than one of these at a time.Passive Malware Prevention Tools
These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources.
  • SpywareBlaster - Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items. Check regularly for updates.
  • IE-Spyad - Extract to your desktop and double-click install.bat. Install options #2 and #4. IE-Spyad places more than 4,000 dubious domains in the IE Restricted list, which impairs attempts to infect your system. It prevents any downloads from the sites although you will still be able to connect to them. You can read more about it on it's homepage.
  • MVPS Hosts File - extract and double-click the mvps.bat file. This will replace your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements, preventing your computer from connecting to those sites.
  • McAfee SiteAdvisor - helps to warn you before you interact with a dangerous Web site. Works with both IE and Firefox.
Alternative Web Browsers
Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites.Alternative Miscellaneous
Here are some alternatives that are worth looking into if you use their features:
  • Trillian - an Instant Messenger client that speaks multiple IM services (AIM, Yahoo!, ICQ, MSN, etc.)
  • Miranda-IM - another Instant Messenger client with multiple IM capabilities.
  • Desktop Weather - A taskbar weather program that is free and resource light.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
The chance to begin again in a golden land of opportunity and adventure.

Need HijackThis help? Please read MicroBell's Five Step Process before posting.
Please donate and help keep this site free to all.


UNITE/ASAP: Proud member since 2006
Deckard is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!