Hi Carolyn,
I am still having trouble with the start/search facility, in as much as i just get an untitled window, which i can do nothing with, also and i dont know if it is of any significance, but i have lost my desktop theme, and cannot retrieve it.
I have just done a scan with avast antivirus, and the same malware is coming up that i have had for a long time.
It comes up about 8 times in groups of 4, and consists of just 2 filenames as follows.
C:\system volume information \_restore 699879AF-FOCA-4BBE-849F-43E
C:\system volume information \_restore 699879A5-FOCA-4BBE-849F-43E
Malware name win32 adware-gen (adw)
Malware type these are normally firstly Adware then Trojan horse then adware and finally Dialer
I have enclosed some log errors that i managed to copy from avast, but i dont know if they will be of any use to you, and also the latest hijack this log.
I hope this makes sense to you,
Kind regards,
Peter
09/02/2007 20:37:00 SYSTEM 656 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.
09/02/2007 20:37:00 SYSTEM 656 An error has occured while attempting to update. Please check the logs.
14/02/2007 15:19:04 SYSTEM 252 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
14/02/2007 15:19:04 SYSTEM 252 An error has occured while attempting to update. Please check the logs.
11/03/2007 13:34:09 SYSTEM 672 Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Program Files\Morpheus\mymorpheusToolbar.exe" file.
13/03/2007 17:49:11 SYSTEM 644 Sign of "Win32:VB-IE [Wrm]" has been found in "C:\Documents and Settings\User\Shared\'Heroes Of Might And Magic Coleccion [PC][DVD][Spanish-English][www.emwreloaded.com].zip\Setup.exe" file.
08/04/2007 21:15:28 SYSTEM 680 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\DOCUME~1\User\LOCALS~1\Temp\loudcash3.exe" file.
08/04/2007 21:16:15 SYSTEM 680 Sign of "Win32:VB-MM [Wrm]" has been found in "C:\DOCUME~1\User\LOCALS~1\Temp\63mm.exe" file.
08/04/2007 21:16:40 SYSTEM 680 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\DOCUME~1\User\LOCALS~1\Temp\loudcash3.exe" file.
08/04/2007 21:17:19 SYSTEM 680 Sign of "Win32:VB-MM [Wrm]" has been found in "C:\DOCUME~1\User\LOCALS~1\Temp\63mm.exe" file.
08/04/2007 21:19:54 SYSTEM 680 Sign of "Win32:Trojan-gen. {UPX!}" has been found in "C:\DOCUME~1\User\LOCALS~1\Temp\loudcash3.exe" file.
08/04/2007 21:20:05 SYSTEM 680 Sign of "Win32:VB-MM [Wrm]" has been found in "C:\DOCUME~1\User\LOCALS~1\Temp\63mm.exe" file.
09/04/2007 16:33:28 User 684 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\DOCUME~1\User\LOCALS~1\Temp\tzl19.tmp" file.
16/07/2007 21:22:23 SYSTEM 856 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.
16/07/2007 21:22:23 SYSTEM 856 An error has occured while attempting to update. Please check the logs.
30/09/2007 10:07:24 User 844 Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\Program Files\Morpheus\mymorpheusToolbar.exe" file.
25/10/2007 16:17:46 SYSTEM 844 Function setifaceUpdateFiles() has failed. Return code is 0xC0000142, dwRes is C0000142.
25/10/2007 16:17:46 SYSTEM 844 An error has occured while attempting to update. Please check the logs.
28/10/2007 13:15:19 User 4044 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\Passware\un-ariskkey.exe" file.
28/10/2007 13:21:16 User 4044 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP306\A0025771.exe" file.
29/10/2007 16:24:11 SYSTEM 880 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.
29/10/2007 16:24:11 SYSTEM 880 An error has occured while attempting to update. Please check the logs.
21/11/2007 14:27:31 SYSTEM 976 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
21/11/2007 14:27:33 SYSTEM 976 An error has occured while attempting to update. Please check the logs.
11/12/2007 17:47:05 SYSTEM 1096 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\DOCUME~1\User\LOCALS~1\Temp\RarSFX0\whAgent.exe" file.
11/12/2007 17:47:11 SYSTEM 1096 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\DOCUME~1\User\LOCALS~1\Temp\RarSFX0\whInstaller.exe" file.
11/12/2007 17:47:13 SYSTEM 1096 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\DOCUME~1\User\LOCALS~1\Temp\RarSFX0\webhdll.dll" file.
11/12/2007 17:47:16 SYSTEM 1096 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\DOCUME~1\User\LOCALS~1\Temp\RarSFX0\whiehlpr.dll" file.
22/12/2007 20:11:55 SYSTEM 1104 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.
22/12/2007 20:11:56 SYSTEM 1104 An error has occured while attempting to update. Please check the logs.
23/12/2007 18:04:03 SYSTEM 1140 Sign of "Win32:Dialer-gen [Trj]" has been found in "C:\WINDOWS\Downloaded Program Files\btwebcontrol.dll" file.
26/12/2007 13:03:32 SYSTEM 1072 Sign of "Win32:TrafficSol [Adw]" has been found in "C:\Documents and Settings\User\Shared\burn dvd windows shareware wet and wild.zip\setup.exe\$[37]\$PLUGINSDIR\bann.exe\$SYSDIR\$SYSDIR\spads.dll\[UPX]" file.
27/12/2007 14:43:55 SYSTEM 1072 Sign of "Win32:TrafficSol [Adw]" has been found in "C:\WINDOWS\system32\spads.dll\[UPX]" file.
27/12/2007 14:44:14 SYSTEM 1072 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\DOCUME~1\User\LOCALS~1\Temp\RarSFX0\whInstaller.exe" file.
27/12/2007 14:44:19 SYSTEM 1072 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\DOCUME~1\User\LOCALS~1\Temp\RarSFX0\whiehlpr.dll" file.
27/12/2007 14:50:58 SYSTEM 1072 Sign of "Win32:TrafficSol [Adw]" has been found in "C:\Documents and Settings\User\Shared\[Full] file converters with Bonus.zip\setup.exe\$[37]\$PLUGINSDIR\bann.exe\$SYSDIR\$SYSDIR\spads.dll\[UPX]" file.
27/12/2007 14:51:05 SYSTEM 1072 Sign of "Win32:TrafficSol [Adw]" has been found in "C:\Documents and Settings\User\Shared\file converters (uncensored).zip\setup.exe\$[37]\$PLUGINSDIR\bann.exe\$SYSDIR\$SYSDIR\spads.dll\[UPX]" file.
27/12/2007 15:09:59 SYSTEM 1072 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\PlayMP3z\PlayMP3.exe" file.
27/12/2007 18:37:18 SYSTEM 1072 AAVM - scanning warning: x_AavmCheckFileDirectEx:
http://www.top5soft.com/files/avi-pro_r77019.exe (C:\WINDOWS\TEMP\_avast4_\unp165446069.tmp) returning error, 00000084.
27/12/2007 19:09:43 SYSTEM 1072 AAVM - scanning warning: x_AavmCheckFileDirectEx:
http://wgt.digitalriver.com/wgt/9ae15da ... Thk707.exe (C:\WINDOWS\TEMP\_avast4_\unp66718165.tmp) returning error, 00000084.
08/01/2008 21:32:07 SYSTEM 1076 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.
08/01/2008 21:32:07 SYSTEM 1076 An error has occured while attempting to update. Please check the logs.
09/01/2008 15:11:35 User 2372 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\ezt\webhancer.exe\whAgent.exe" file.
09/01/2008 16:59:26 User 2372 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Program Files\ezt\webhancer.exe\whInstaller.exe" file.
09/01/2008 16:59:32 User 2372 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\ezt\webhancer.exe\webhdll.dll" file.
09/01/2008 16:59:38 User 2372 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\Program Files\ezt\webhancer.exe\whiehlpr.dll" file.
09/01/2008 17:08:44 User 2372 Sign of "Win32:180Solutions-C [Adw]" has been found in "C:\Program Files\ZangoToolbar\ZangoInstaller.exe" file.
09/01/2008 17:14:08 User 2372 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP345\A0027882.exe\$INSTDIR\Downloads\webhancer.exe\whAgent.exe" file.
09/01/2008 17:14:15 User 2372 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP345\A0027882.exe\$INSTDIR\Downloads\webhancer.exe\whInstaller.exe" file.
09/01/2008 17:14:21 User 2372 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP345\A0027882.exe\$INSTDIR\Downloads\webhancer.exe\webhdll.dll" file.
09/01/2008 17:14:25 User 2372 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP345\A0027882.exe\$INSTDIR\Downloads\webhancer.exe\whiehlpr.dll" file.
09/01/2008 17:19:01 User 2372 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whAgent.exe" file.
09/01/2008 17:19:09 User 2372 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whInstaller.exe" file.
09/01/2008 17:19:14 User 2372 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\webhdll.dll" file.
09/01/2008 17:19:18 User 2372 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whiehlpr.dll" file.
09/01/2008 17:19:21 User 2372 Sign of "Win32:180Solutions-C [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030315.exe" file.
13/01/2008 16:30:41 User 972 Sign of "Win32:Adan-156 [Adw]" has been found in "C:\Program Files\DivX\DivX Pro Codec\Gain_Trickler.exe" file.
16/01/2008 11:10:35 User 3760 Sign of "Win32:WimAD-I [Trj]" has been found in "C:\Documents and Settings\User\My Documents\My Music\TOTALLY HIP TRACK.wma" file.
16/01/2008 11:20:33 User 3760 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\ezt\webhancer.exe\whAgent.exe" file.
16/01/2008 11:20:39 User 3760 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Program Files\ezt\webhancer.exe\whInstaller.exe" file.
16/01/2008 11:20:46 User 3760 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\ezt\webhancer.exe\webhdll.dll" file.
16/01/2008 11:20:51 User 3760 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\Program Files\ezt\webhancer.exe\whiehlpr.dll" file.
16/01/2008 11:33:51 User 3760 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP345\A0027882.exe\$INSTDIR\Downloads\webhancer.exe\whAgent.exe" file.
16/01/2008 11:34:05 User 3760 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP345\A0027882.exe\$INSTDIR\Downloads\webhancer.exe\whInstaller.exe" file.
16/01/2008 11:34:11 User 3760 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP345\A0027882.exe\$INSTDIR\Downloads\webhancer.exe\webhdll.dll" file.
16/01/2008 11:34:14 User 3760 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP345\A0027882.exe\$INSTDIR\Downloads\webhancer.exe\whiehlpr.dll" file.
16/01/2008 11:38:46 User 3760 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whAgent.exe" file.
16/01/2008 11:38:57 User 3760 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whInstaller.exe" file.
16/01/2008 11:38:59 User 3760 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\webhdll.dll" file.
16/01/2008 11:39:02 User 3760 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whiehlpr.dll" file.
16/01/2008 11:39:50 User 3760 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whAgent.exe" file.
16/01/2008 11:40:00 User 3760 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whInstaller.exe" file.
16/01/2008 11:40:05 User 3760 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\webhdll.dll" file.
16/01/2008 11:40:29 User 3760 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whiehlpr.dll" file.
16/01/2008 11:58:16 User 3760 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\ezt\webhancer.exe\whAgent.exe" file.
16/01/2008 11:58:42 User 3760 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\ezt\webhancer.exe\whAgent.exe" file.
16/01/2008 11:59:07 User 3760 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\ezt\webhancer.exe\whAgent.exe" file.
16/01/2008 12:19:37 User 3760 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\ezt\webhancer.exe\whAgent.exe" file.
16/01/2008 12:19:50 User 3760 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Program Files\ezt\webhancer.exe\whInstaller.exe" file.
16/01/2008 12:19:50 User 3760 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\ezt\webhancer.exe\webhdll.dll" file.
16/01/2008 12:19:50 User 3760 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\Program Files\ezt\webhancer.exe\whiehlpr.dll" file.
16/01/2008 12:32:47 User 3760 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP345\A0027882.exe\$INSTDIR\Downloads\webhancer.exe\whAgent.exe" file.
16/01/2008 12:32:47 User 3760 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP345\A0027882.exe\$INSTDIR\Downloads\webhancer.exe\whInstaller.exe" file.
16/01/2008 12:32:47 User 3760 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP345\A0027882.exe\$INSTDIR\Downloads\webhancer.exe\webhdll.dll" file.
16/01/2008 12:32:47 User 3760 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP345\A0027882.exe\$INSTDIR\Downloads\webhancer.exe\whiehlpr.dll" file.
16/01/2008 12:37:56 User 3760 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whAgent.exe" file.
16/01/2008 12:37:56 User 3760 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whInstaller.exe" file.
16/01/2008 12:37:56 User 3760 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\webhdll.dll" file.
16/01/2008 12:37:56 User 3760 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whiehlpr.dll" file.
16/01/2008 12:38:41 User 3760 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whAgent.exe" file.
16/01/2008 12:38:41 User 3760 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whInstaller.exe" file.
16/01/2008 12:38:41 User 3760 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\webhdll.dll" file.
16/01/2008 12:38:42 User 3760 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whiehlpr.dll" file.
16/01/2008 15:21:17 User 1080 Sign of "Win32:Adan-156 [Adw]" has been found in "C:\Program Files\DivX\DivX Pro Codec\Gain_Trickler.exe" file.
28/01/2008 08:06:23 User 1092 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" file.
29/01/2008 08:44:12 User 5660 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\ezt\webhancer.exe\whAgent.exe" file.
29/01/2008 08:51:36 User 5660 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Program Files\ezt\webhancer.exe\whInstaller.exe" file.
29/01/2008 08:51:39 User 5660 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\ezt\webhancer.exe\webhdll.dll" file.
29/01/2008 08:51:42 User 5660 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\Program Files\ezt\webhancer.exe\whiehlpr.dll" file.
29/01/2008 09:03:50 User 5660 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP345\A0027882.exe\$INSTDIR\Downloads\webhancer.exe\whAgent.exe" file.
29/01/2008 09:18:47 User 5660 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP345\A0027882.exe\$INSTDIR\Downloads\webhancer.exe\whInstaller.exe" file.
29/01/2008 09:18:47 User 5660 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP345\A0027882.exe\$INSTDIR\Downloads\webhancer.exe\webhdll.dll" file.
29/01/2008 09:18:48 User 5660 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP345\A0027882.exe\$INSTDIR\Downloads\webhancer.exe\whiehlpr.dll" file.
29/01/2008 09:23:30 User 5660 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whAgent.exe" file.
29/01/2008 09:31:57 User 5660 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whInstaller.exe" file.
29/01/2008 09:32:08 User 5660 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\webhdll.dll" file.
29/01/2008 09:32:10 User 5660 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whiehlpr.dll" file.
29/01/2008 09:32:58 User 5660 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whAgent.exe" file.
29/01/2008 09:38:34 User 5660 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whInstaller.exe" file.
29/01/2008 09:38:37 User 5660 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\webhdll.dll" file.
29/01/2008 09:38:38 User 5660 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whiehlpr.dll" file.
29/01/2008 09:39:35 User 5660 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP396\A0030922.DLL" file.
29/01/2008 10:07:01 User 5660 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\whAgent.exe" file.
29/01/2008 10:30:57 User 5660 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\whInstaller.exe" file.
29/01/2008 10:31:08 User 5660 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\webhdll.dll" file.
29/01/2008 10:31:08 User 5660 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\whiehlpr.dll" file.
06/02/2008 10:14:02 SYSTEM 948 Function setifaceUpdatePackages() has failed. Return code is 0x20000004, dwRes is 20000004.
06/02/2008 10:14:03 SYSTEM 948 An error has occured while attempting to update. Please check the logs.
06/02/2008 20:30:40 User 1756 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\ezt\webhancer.exe\whAgent.exe" file.
06/02/2008 20:31:03 User 1756 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Program Files\ezt\webhancer.exe\whInstaller.exe" file.
06/02/2008 20:31:11 User 1756 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\ezt\webhancer.exe\webhdll.dll" file.
06/02/2008 20:31:25 User 1756 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\Program Files\ezt\webhancer.exe\whiehlpr.dll" file.
06/02/2008 20:43:03 User 1756 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP345\A0027882.exe\$INSTDIR\Downloads\webhancer.exe\whAgent.exe" file.
06/02/2008 20:43:37 User 1756 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP345\A0027882.exe\$INSTDIR\Downloads\webhancer.exe\whInstaller.exe" file.
06/02/2008 20:43:43 User 1756 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP345\A0027882.exe\$INSTDIR\Downloads\webhancer.exe\webhdll.dll" file.
06/02/2008 20:43:48 User 1756 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP345\A0027882.exe\$INSTDIR\Downloads\webhancer.exe\whiehlpr.dll" file.
06/02/2008 20:48:40 User 1756 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whAgent.exe" file.
06/02/2008 20:49:15 User 1756 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whInstaller.exe" file.
06/02/2008 20:49:18 User 1756 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\webhdll.dll" file.
06/02/2008 20:49:22 User 1756 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whiehlpr.dll" file.
06/02/2008 20:50:19 User 1756 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whAgent.exe" file.
06/02/2008 20:50:25 User 1756 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whInstaller.exe" file.
06/02/2008 20:50:29 User 1756 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\webhdll.dll" file.
06/02/2008 20:50:33 User 1756 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whiehlpr.dll" file.
06/02/2008 20:51:38 User 1756 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\whAgent.exe" file.
06/02/2008 20:51:51 User 1756 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\whInstaller.exe" file.
06/02/2008 20:51:54 User 1756 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\webhdll.dll" file.
06/02/2008 20:51:58 User 1756 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\whiehlpr.dll" file.
06/02/2008 20:53:43 User 1756 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\whAgent.exe" file.
06/02/2008 20:53:50 User 1756 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\whInstaller.exe" file.
06/02/2008 20:53:54 User 1756 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\webhdll.dll" file.
06/02/2008 20:53:57 User 1756 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\whiehlpr.dll" file.
14/02/2008 09:27:45 SYSTEM 892 AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: D:\VBRUN300.DLL (D:\VBRUN300.DLL) returning error, 0000001E.
06/03/2008 17:56:54 User 3956 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\ezt\webhancer.exe\whAgent.exe" file.
06/03/2008 17:57:08 User 3956 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Program Files\ezt\webhancer.exe\whInstaller.exe" file.
06/03/2008 17:57:15 User 3956 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\ezt\webhancer.exe\webhdll.dll" file.
06/03/2008 17:57:21 User 3956 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\Program Files\ezt\webhancer.exe\whiehlpr.dll" file.
06/03/2008 18:09:14 User 3956 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP345\A0027882.exe\$INSTDIR\Downloads\webhancer.exe\whAgent.exe" file.
06/03/2008 18:09:24 User 3956 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP345\A0027882.exe\$INSTDIR\Downloads\webhancer.exe\whInstaller.exe" file.
06/03/2008 18:09:31 User 3956 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP345\A0027882.exe\$INSTDIR\Downloads\webhancer.exe\webhdll.dll" file.
06/03/2008 18:09:36 User 3956 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP345\A0027882.exe\$INSTDIR\Downloads\webhancer.exe\whiehlpr.dll" file.
06/03/2008 18:13:39 User 3956 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP369\A0029931.exe" file.
06/03/2008 18:13:57 User 3956 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP369\A0029944.dll" file.
06/03/2008 18:15:22 User 3956 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whAgent.exe" file.
06/03/2008 18:15:28 User 3956 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whInstaller.exe" file.
06/03/2008 18:15:35 User 3956 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\webhdll.dll" file.
06/03/2008 18:15:42 User 3956 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whiehlpr.dll" file.
06/03/2008 18:16:41 User 3956 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whAgent.exe" file.
06/03/2008 18:16:46 User 3956 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whInstaller.exe" file.
06/03/2008 18:16:52 User 3956 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\webhdll.dll" file.
06/03/2008 18:16:57 User 3956 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whiehlpr.dll" file.
06/03/2008 18:18:12 User 3956 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\whAgent.exe" file.
06/03/2008 18:18:17 User 3956 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\whInstaller.exe" file.
06/03/2008 18:18:22 User 3956 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\webhdll.dll" file.
06/03/2008 18:18:28 User 3956 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\whiehlpr.dll" file.
06/03/2008 18:19:45 User 3956 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP403\A0031360.dll" file.
06/03/2008 18:19:53 User 3956 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP403\A0031366.dll" file.
06/03/2008 18:20:26 User 3956 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\whAgent.exe" file.
06/03/2008 18:20:33 User 3956 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\whInstaller.exe" file.
06/03/2008 18:20:38 User 3956 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\webhdll.dll" file.
06/03/2008 18:20:43 User 3956 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\whiehlpr.dll" file.
06/03/2008 18:22:23 User 3956 Sign of "Win32:Gaobot-2435 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP412\A0032350.exe" file.
06/03/2008 18:25:30 User 3956 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP427\A0035041.exe\whAgent.exe" file.
06/03/2008 18:25:35 User 3956 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP427\A0035041.exe\whInstaller.exe" file.
06/03/2008 18:25:41 User 3956 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP427\A0035041.exe\webhdll.dll" file.
06/03/2008 18:25:47 User 3956 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP427\A0035041.exe\whiehlpr.dll" file.
13/03/2008 14:38:21 User 892 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\PlayMP3z\PlayMP3.exe" file.
14/03/2008 07:32:03 User 892 Sign of "Win32:Agent-OQR [Trj]" has been found in "C:\DOCUME~1\User\LOCALS~1\Temp\GUQF296\en.exe" file.
14/03/2008 07:32:18 User 892 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\DOCUME~1\User\LOCALS~1\Temp\GUQF296\vnk.exe" file.
14/03/2008 07:32:22 User 892 Sign of "Win32:Small-IKZ [Trj]" has been found in "C:\DOCUME~1\User\LOCALS~1\Temp\GUQF296\we.exe\[UPX]" file.
14/03/2008 09:36:18 User 892 Sign of "Win32:Agent-OQR [Trj]" has been found in "C:\DOCUME~1\User\LOCALS~1\Temp\GUQF296\en.exe" file.
14/03/2008 09:36:22 User 892 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\DOCUME~1\User\LOCALS~1\Temp\GUQF296\vnk.exe" file.
14/03/2008 09:36:25 User 892 Sign of "Win32:Small-IKZ [Trj]" has been found in "C:\DOCUME~1\User\LOCALS~1\Temp\GUQF296\we.exe\[UPX]" file.
15/03/2008 10:17:32 User 3900 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\ezt\webhancer.exe\whAgent.exe" file.
15/03/2008 15:26:26 User 3900 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Program Files\ezt\webhancer.exe\whInstaller.exe" file.
15/03/2008 15:26:27 User 3900 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\ezt\webhancer.exe\webhdll.dll" file.
15/03/2008 15:26:28 User 3900 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\Program Files\ezt\webhancer.exe\whiehlpr.dll" file.
15/03/2008 15:41:00 User 3900 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whAgent.exe" file.
15/03/2008 15:41:03 User 3900 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whInstaller.exe" file.
15/03/2008 15:41:04 User 3900 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\webhdll.dll" file.
15/03/2008 15:41:05 User 3900 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whiehlpr.dll" file.
15/03/2008 15:41:54 User 3900 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whAgent.exe" file.
15/03/2008 15:41:59 User 3900 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whInstaller.exe" file.
15/03/2008 15:42:00 User 3900 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\webhdll.dll" file.
15/03/2008 15:42:01 User 3900 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whiehlpr.dll" file.
15/03/2008 15:43:14 User 3900 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\whAgent.exe" file.
15/03/2008 15:43:18 User 3900 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\whInstaller.exe" file.
15/03/2008 15:43:19 User 3900 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\webhdll.dll" file.
15/03/2008 15:43:21 User 3900 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\whiehlpr.dll" file.
15/03/2008 15:45:05 User 3900 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\whAgent.exe" file.
15/03/2008 15:45:08 User 3900 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\whInstaller.exe" file.
15/03/2008 15:45:09 User 3900 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\webhdll.dll" file.
15/03/2008 15:45:11 User 3900 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\whiehlpr.dll" file.
15/03/2008 15:49:26 User 3900 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP427\A0035041.exe\whAgent.exe" file.
15/03/2008 15:49:31 User 3900 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP427\A0035041.exe\whInstaller.exe" file.
15/03/2008 15:49:33 User 3900 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP427\A0035041.exe\webhdll.dll" file.
15/03/2008 15:49:34 User 3900 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP427\A0035041.exe\whiehlpr.dll" file.
15/03/2008 15:51:28 User 3900 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP436\A0035798.exe\whAgent.exe" file.
15/03/2008 15:51:36 User 3900 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP436\A0035798.exe\whInstaller.exe" file.
15/03/2008 15:51:37 User 3900 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP436\A0035798.exe\webhdll.dll" file.
15/03/2008 15:51:39 User 3900 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP436\A0035798.exe\whiehlpr.dll" file.
19/03/2008 08:03:19 SYSTEM 920 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\IntelligentAdvisor\IntelligentAdvisor-2.dll" file.
20/03/2008 12:22:30 User 2972 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\ezt\webhancer.exe\whAgent.exe" file.
20/03/2008 12:22:40 User 2972 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Program Files\ezt\webhancer.exe\whInstaller.exe" file.
20/03/2008 12:22:52 User 2972 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\ezt\webhancer.exe\webhdll.dll" file.
20/03/2008 12:23:06 User 2972 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\Program Files\ezt\webhancer.exe\whiehlpr.dll" file.
20/03/2008 12:35:06 User 2972 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP370\A0029973.dll" file.
20/03/2008 12:36:14 User 2972 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whAgent.exe" file.
20/03/2008 13:02:02 User 2972 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whInstaller.exe" file.
20/03/2008 13:02:06 User 2972 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\webhdll.dll" file.
20/03/2008 13:02:08 User 2972 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whiehlpr.dll" file.
20/03/2008 13:02:56 User 2972 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whAgent.exe" file.
20/03/2008 13:03:03 User 2972 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whInstaller.exe" file.
20/03/2008 13:03:06 User 2972 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\webhdll.dll" file.
20/03/2008 13:03:07 User 2972 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whiehlpr.dll" file.
20/03/2008 13:04:09 User 2972 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\whAgent.exe" file.
20/03/2008 13:04:13 User 2972 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\whInstaller.exe" file.
20/03/2008 13:04:15 User 2972 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\webhdll.dll" file.
20/03/2008 13:05:00 User 2972 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\whiehlpr.dll" file.
20/03/2008 13:06:17 User 2972 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP403\A0031375.dll" file.
20/03/2008 13:06:44 User 2972 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP403\A0031395.exe" file.
20/03/2008 13:06:56 User 2972 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\whAgent.exe" file.
20/03/2008 13:07:01 User 2972 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\whInstaller.exe" file.
20/03/2008 13:07:20 User 2972 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\webhdll.dll" file.
20/03/2008 13:07:22 User 2972 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\whiehlpr.dll" file.
20/03/2008 13:11:29 User 2972 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP427\A0035041.exe\whAgent.exe" file.
20/03/2008 13:11:36 User 2972 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP427\A0035041.exe\whInstaller.exe" file.
20/03/2008 13:11:38 User 2972 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP427\A0035041.exe\webhdll.dll" file.
20/03/2008 13:11:41 User 2972 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP427\A0035041.exe\whiehlpr.dll" file.
20/03/2008 13:13:40 User 2972 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP436\A0035798.exe\whAgent.exe" file.
20/03/2008 13:13:45 User 2972 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP436\A0035798.exe\whInstaller.exe" file.
20/03/2008 13:13:48 User 2972 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP436\A0035798.exe\webhdll.dll" file.
20/03/2008 13:13:49 User 2972 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP436\A0035798.exe\whiehlpr.dll" file.
20/03/2008 13:14:08 User 2972 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP439\A0035894.dll" file.
20/03/2008 13:14:21 User 2972 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP440\A0035924.exe" file.
20/03/2008 13:14:24 User 2972 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP440\A0035929.exe\whAgent.exe" file.
20/03/2008 13:14:26 User 2972 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP440\A0035929.exe\whInstaller.exe" file.
20/03/2008 13:14:28 User 2972 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP440\A0035929.exe\webhdll.dll" file.
20/03/2008 13:14:29 User 2972 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP440\A0035929.exe\whiehlpr.dll" file.
20/03/2008 17:03:36 SYSTEM 892 Function setifaceUpdatePackages() has failed. Return code is 0xC0000142, dwRes is C0000142.
20/03/2008 17:03:38 SYSTEM 892 An error has occured while attempting to update. Please check the logs.
20/03/2008 21:26:12 User 2140 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\ezt\webhancer.exe\whAgent.exe" file.
20/03/2008 21:26:25 User 2140 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\Program Files\ezt\webhancer.exe\whInstaller.exe" file.
20/03/2008 21:26:27 User 2140 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\ezt\webhancer.exe\webhdll.dll" file.
20/03/2008 21:26:28 User 2140 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\Program Files\ezt\webhancer.exe\whiehlpr.dll" file.
20/03/2008 21:39:47 User 2140 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whAgent.exe" file.
20/03/2008 21:39:58 User 2140 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whInstaller.exe" file.
20/03/2008 21:40:00 User 2140 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\webhdll.dll" file.
20/03/2008 21:40:01 User 2140 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whiehlpr.dll" file.
20/03/2008 21:40:50 User 2140 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whAgent.exe" file.
20/03/2008 21:40:56 User 2140 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whInstaller.exe" file.
20/03/2008 21:40:57 User 2140 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\webhdll.dll" file.
20/03/2008 21:40:58 User 2140 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whiehlpr.dll" file.
20/03/2008 21:42:02 User 2140 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\whAgent.exe" file.
20/03/2008 21:43:42 User 2140 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\whInstaller.exe" file.
20/03/2008 21:43:45 User 2140 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\webhdll.dll" file.
20/03/2008 21:43:47 User 2140 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\whiehlpr.dll" file.
20/03/2008 21:45:14 User 2140 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\whAgent.exe" file.
20/03/2008 21:45:21 User 2140 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\whInstaller.exe" file.
20/03/2008 21:45:22 User 2140 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\webhdll.dll" file.
20/03/2008 21:45:23 User 2140 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\whiehlpr.dll" file.
20/03/2008 21:49:33 User 2140 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP427\A0035041.exe\whAgent.exe" file.
20/03/2008 21:49:42 User 2140 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP427\A0035041.exe\whInstaller.exe" file.
20/03/2008 21:49:43 User 2140 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP427\A0035041.exe\webhdll.dll" file.
20/03/2008 21:49:44 User 2140 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP427\A0035041.exe\whiehlpr.dll" file.
20/03/2008 21:51:40 User 2140 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP436\A0035798.exe\whAgent.exe" file.
20/03/2008 21:51:47 User 2140 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP436\A0035798.exe\whInstaller.exe" file.
20/03/2008 21:51:48 User 2140 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP436\A0035798.exe\webhdll.dll" file.
20/03/2008 21:51:49 User 2140 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP436\A0035798.exe\whiehlpr.dll" file.
20/03/2008 21:52:14 User 2140 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP440\A0035929.exe\whAgent.exe" file.
20/03/2008 21:52:20 User 2140 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP440\A0035929.exe\whInstaller.exe" file.
20/03/2008 21:52:20 User 2140 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP440\A0035929.exe\webhdll.dll" file.
20/03/2008 21:52:21 User 2140 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP440\A0035929.exe\whiehlpr.dll" file.
20/03/2008 21:53:07 User 2140 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP442\A0036349.exe\whAgent.exe" file.
20/03/2008 21:53:10 User 2140 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP442\A0036349.exe\whInstaller.exe" file.
20/03/2008 21:53:11 User 2140 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP442\A0036349.exe\webhdll.dll" file.
20/03/2008 21:53:12 User 2140 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP442\A0036349.exe\whiehlpr.dll" file.
03/04/2008 18:47:27 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whAgent.exe" file.
03/04/2008 19:05:21 User 2496 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whInstaller.exe" file.
03/04/2008 19:05:42 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\webhdll.dll" file.
03/04/2008 19:05:48 User 2496 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whiehlpr.dll" file.
03/04/2008 19:06:37 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whAgent.exe" file.
03/04/2008 19:06:42 User 2496 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whInstaller.exe" file.
03/04/2008 19:06:44 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\webhdll.dll" file.
03/04/2008 19:06:45 User 2496 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whiehlpr.dll" file.
03/04/2008 19:07:52 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\whAgent.exe" file.
03/04/2008 19:08:25 User 2496 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\whInstaller.exe" file.
03/04/2008 19:08:28 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\webhdll.dll" file.
03/04/2008 19:08:30 User 2496 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\whiehlpr.dll" file.
03/04/2008 19:09:57 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\whAgent.exe" file.
03/04/2008 19:10:28 User 2496 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\whInstaller.exe" file.
03/04/2008 19:10:32 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\webhdll.dll" file.
03/04/2008 19:10:34 User 2496 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\whiehlpr.dll" file.
03/04/2008 19:14:47 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP427\A0035041.exe\whAgent.exe" file.
03/04/2008 19:15:27 User 2496 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP427\A0035041.exe\whInstaller.exe" file.
03/04/2008 19:15:28 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP427\A0035041.exe\webhdll.dll" file.
03/04/2008 19:15:42 User 2496 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP427\A0035041.exe\whiehlpr.dll" file.
03/04/2008 19:17:37 User 2496 Sign of "Win32:Agent-TPR [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP435\A0035760.exe\$INSTDIR\vnk.dat" file.
03/04/2008 19:18:15 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP436\A0035798.exe\whAgent.exe" file.
03/04/2008 19:18:23 User 2496 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP436\A0035798.exe\whInstaller.exe" file.
03/04/2008 19:18:25 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP436\A0035798.exe\webhdll.dll" file.
03/04/2008 19:18:26 User 2496 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP436\A0035798.exe\whiehlpr.dll" file.
03/04/2008 19:18:51 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP440\A0035929.exe\whAgent.exe" file.
03/04/2008 19:18:57 User 2496 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP440\A0035929.exe\whInstaller.exe" file.
03/04/2008 19:18:59 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP440\A0035929.exe\webhdll.dll" file.
03/04/2008 19:19:00 User 2496 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP440\A0035929.exe\whiehlpr.dll" file.
03/04/2008 19:19:46 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP442\A0036349.exe\whAgent.exe" file.
03/04/2008 19:19:49 User 2496 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP442\A0036349.exe\whInstaller.exe" file.
03/04/2008 19:19:49 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP442\A0036349.exe\webhdll.dll" file.
03/04/2008 19:19:50 User 2496 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP442\A0036349.exe\whiehlpr.dll" file.
03/04/2008 19:21:38 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP453\A0037674.exe\whAgent.exe" file.
03/04/2008 19:21:40 User 2496 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP453\A0037674.exe\whInstaller.exe" file.
03/04/2008 19:21:41 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP453\A0037674.exe\webhdll.dll" file.
03/04/2008 19:21:42 User 2496 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP453\A0037674.exe\whiehlpr.dll" file.
03/04/2008 20:44:09 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whAgent.exe" file.
03/04/2008 20:44:31 User 2496 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whInstaller.exe" file.
03/04/2008 20:44:34 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\webhdll.dll" file.
03/04/2008 20:44:37 User 2496 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP381\A0030314.exe\whiehlpr.dll" file.
03/04/2008 20:45:26 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whAgent.exe" file.
03/04/2008 20:45:31 User 2496 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whInstaller.exe" file.
03/04/2008 20:45:35 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\webhdll.dll" file.
03/04/2008 20:45:45 User 2496 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP387\A0030621.exe\whiehlpr.dll" file.
03/04/2008 20:46:49 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\whAgent.exe" file.
03/04/2008 20:48:20 User 2496 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\whInstaller.exe" file.
03/04/2008 20:48:22 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\webhdll.dll" file.
03/04/2008 20:48:31 User 2496 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP397\A0030995.exe\whiehlpr.dll" file.
03/04/2008 20:50:00 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\whAgent.exe" file.
03/04/2008 20:51:31 User 2496 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\whInstaller.exe" file.
03/04/2008 20:51:34 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\webhdll.dll" file.
03/04/2008 20:51:37 User 2496 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP404\A0031448.exe\whiehlpr.dll" file.
03/04/2008 20:55:41 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP427\A0035041.exe\whAgent.exe" file.
03/04/2008 20:56:06 User 2496 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP427\A0035041.exe\whInstaller.exe" file.
03/04/2008 20:56:09 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP427\A0035041.exe\webhdll.dll" file.
03/04/2008 20:56:11 User 2496 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP427\A0035041.exe\whiehlpr.dll" file.
03/04/2008 20:58:04 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP436\A0035798.exe\whAgent.exe" file.
03/04/2008 20:58:30 User 2496 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP436\A0035798.exe\whInstaller.exe" file.
03/04/2008 20:58:33 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP436\A0035798.exe\webhdll.dll" file.
03/04/2008 20:58:37 User 2496 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP436\A0035798.exe\whiehlpr.dll" file.
03/04/2008 20:59:03 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP440\A0035929.exe\whAgent.exe" file.
03/04/2008 20:59:47 User 2496 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP440\A0035929.exe\whInstaller.exe" file.
03/04/2008 20:59:49 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP440\A0035929.exe\webhdll.dll" file.
03/04/2008 20:59:52 User 2496 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP440\A0035929.exe\whiehlpr.dll" file.
03/04/2008 21:00:42 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP442\A0036349.exe\whAgent.exe" file.
03/04/2008 21:00:46 User 2496 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP442\A0036349.exe\whInstaller.exe" file.
03/04/2008 21:00:48 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP442\A0036349.exe\webhdll.dll" file.
03/04/2008 21:00:50 User 2496 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP442\A0036349.exe\whiehlpr.dll" file.
03/04/2008 21:02:36 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP453\A0037674.exe\whAgent.exe" file.
03/04/2008 21:02:41 User 2496 Sign of "Win32:Spyware-gen [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP453\A0037674.exe\whInstaller.exe" file.
03/04/2008 21:02:42 User 2496 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP453\A0037674.exe\webhdll.dll" file.
03/04/2008 21:02:45 User 2496 Sign of "Win32:Dialer-567 [Trj]" has been found in "C:\System Volume Information\_restore{699879A5-F0CA-4BBE-849F-43E6EABBFA94}\RP453\A0037674.exe\whiehlpr.dll" file.
13/07/2007 13:40:21 SYSTEM 844 AAVM - initialization error: Unhandled exception in AavmProviderStop, STANDARD.
29/07/2007 14:55:17 SYSTEM 616 AAVM - initialization error: Unhandled exception in AavmProviderStop, STANDARD.
27/12/2007 18:37:18 SYSTEM 1072 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.top5soft.com/files/avi-pro_r77019.exe failed, 00000084.
27/12/2007 19:09:43 SYSTEM 1072 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://wgt.digitalriver.com/wgt/9ae15da ... Thk707.exe failed, 00000084.
14/02/2008 09:27:45 SYSTEM 892 AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of D:\VBRUN300.DLL failed, 0000001E.
03/04/2008 19:54:38 User 5636 aswChestInterface - Program error description: CChestListView::OnFileEmailToAlwilSoftware() basNetAlert() failed: 42011.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:31:22, on 03/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Shrink Pic\shrink_pic.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\system32\IETie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.1.25.0\GoogleUpdate.exe" /lang en
O4 - HKCU\..\RunOnce: [WCIEClnOnce] C:\Program Files\blcorp\WCCSC\WCOC\WCNSCln.exe /WCI
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Shrink Pic.lnk = C:\Program Files\Shrink Pic\shrink_pic.exe
O4 - Startup: YouTube Uploader.lnk = C:\Documents and Settings\User\Local Settings\Application Data\YouTube\Uploader\youtubeuploader.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\npjpi160_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {EC5A4E7B-02EB-451D-B310-D5F2E0A4D8C3} (webhelper Class) -
http://register.btinternet.com/template ... rol023.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{CEC56E2C-5CA0-4E9F-BD10-B4CB3DA37D18}: NameServer = 80.58.0.33,80.58.32.97
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Messenger Sharing Folders USN Journal Reader service (usnjsvc) - Unknown owner - C:\Program Files\MSN Messenger\usnsvc.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 13294 bytes