Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

smithfraud/malware problem [RESOLVED]

Started by plotthound1 , Jun 14 2005 11:23 PM

  • This topic is locked This topic is locked

#1
plotthound1
Posted 14 June 2005 - 11:23 PM

plotthound1

    New Member

  • Member
  • Pip
  • 7 posts
Hi -- last week I got a smithfraud virus warning and lost my desktop (had icons but no background). I searched here, followed procedure to remove smithfraud and it restored icons, but alas it's back and all I can get now is my basckground. Redid original smithfraud removal procedure, removed background but now have blue screen of death, no icons (am accessing programs via control-alt-delete). Tried to download ewido -- I get a quick blank screen and cannot find it anywhere to run it. After all of above I did another (second) Panda scan; here are rsults:


Incident Status Location

Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\javagg32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\system32\addrx32.exe
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\system32\javagg32.exe
Adware:Adware/SuperSpider No disinfected C:\Q250204.exe
Adware:Adware/Startpage.NA No disinfected Windows Registry
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Ab scissor.url
Adware:Adware/CWS.HomeSearchAsisstantNo disinfected Windows Registry
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Ab scissor.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Broadband comparison.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Credit counseling.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Credit report.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Crm software.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Debt credit card.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Escorts.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Fha.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Health insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Help desk software.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Insurance home.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Loan for debt consolidation.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Loan for people with bad credit.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Marketing email.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Mortgage insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Mortgage life insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Nevada corporations.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Online Betting Site.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Online gambling casino.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Online instant loan.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Order phentermine.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Payroll advance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Personal loans online.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Personal loans with bad credit.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Prescription Drugs Rx Online.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Refinancing my mortgage.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Tahoe vacation rental.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Unsecured bad credit loans.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Videos.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\What is hydrocodone.url
Adware:Adware/SearchAid No disinfected C:\Q250204.exe
Adware:Adware/OneMore.A No disinfected C:\WINDOWS\aafmj.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\addcq32.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\appsn32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\atelep.dat
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\atlas32.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\atlsl.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crbn32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crvu32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3fp.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3nd32.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\d3sn.dll
Adware:Adware/Winshow No disinfected C:\WINDOWS\gcrxh.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\gjsrls.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\grkrav.dat
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\ielz.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipff.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javauz.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javaxq.dll
Adware:Adware/EasySearch No disinfected C:\WINDOWS\jguba.dll
Adware:Adware/EasySearch No disinfected C:\WINDOWS\knbir.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\laovyr.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcei.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\mfcxd.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msaw32.dll
Virus:Trj/Small.NK Disinfected C:\WINDOWS\msxmidi.exe
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\netri.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntoo.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\n_aauuzx.log
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_ezzama.dat
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_xqsaqa.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ototov.dat
Adware:Adware/EasySearch No disinfected C:\WINDOWS\qjzmu.dll
Adware:Adware/StartPage.BK No disinfected C:\WINDOWS\rdllj.dll
Adware:Adware/EasySearch No disinfected C:\WINDOWS\ropoa.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sdkrl32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\addrx32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\apiel32.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\SYSTEM32\apifg.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\SYSTEM32\apikl.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\SYSTEM32\atlel.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\SYSTEM32\atlrk32.dll
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\bovav.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\cryo.exe
Adware:Adware/EasySearch No disinfected C:\WINDOWS\SYSTEM32\csegw.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\d3cq.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\d3gu32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\d3xt32.dll
Adware:Adware/OneMore.A No disinfected C:\WINDOWS\SYSTEM32\dnayf.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\iezx.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\ipde.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\SYSTEM32\ipfu32.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\SYSTEM32\javagg32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\javatr.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\SYSTEM32\mfclm.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\mfcxd.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\msnz32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\msxy32.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\SYSTEM32\msyg.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\SYSTEM32\netfu.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\SYSTEM32\netkn.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\SYSTEM32\netml.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\netsx.dll
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\SYSTEM32\qxgzx.dll
Adware:Adware/OneMore.A No disinfected C:\WINDOWS\SYSTEM32\ruegf.dll
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\sbmxp.dll
Adware:Adware/EasySearch No disinfected C:\WINDOWS\SYSTEM32\tfzdb.dll
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\tpzxv.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\windc32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\winul.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\ukguf.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\UpdReg.EXE
Adware:Adware/SearchAid No disinfected C:\WINDOWS\winey.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\winmb32.dll
Adware:Adware/XmlLib No disinfected C:\WINDOWS\XMLLIBUI.exe
Adware:Adware/OneMore.A No disinfected C:\WINDOWS\zrwzn.dll
Can anyone help me? Thank you! --Plotthound1
  • 0

Advertisements

#2
miekiemoes
Posted 15 June 2005 - 03:05 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hello,

I think I already know what happened.

download next tool and place it on the infected system.

http://users.pandora...patchy/FixO.exe

You'll need to perform everything via taskmanager (ctrl-alt-del), choosing 'new task'
Browse to the FixO.exe (where you placed it)

Doubleclick FixO.exe and choose install.
This will create a new folder called FixO
Browse to that folder via new task in taskmanager, Open the folder and doubleclick FixO.bat

It will generate a log afterwards. Copy and paste the contents of that log together with a new hijackthislog.
Then we can deal with the rest.
  • 0

#3
plotthound1
Posted 20 June 2005 - 09:09 AM

plotthound1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Dear miekiemoes, THANK YOU! Have I done the right thing below?

running from ---
C:\Documents and Settings\Hoobaa\Desktop\FixO

StartPAge.O Removal batch 1.00

by miekiemoes

°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°
existing bad files:
-----------------------------------------------------
XMLLIBUI.exe present


existing important bad keys:
-----------------------------------------------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\explorer.exe]
"Debugger"="C:\\WINDOWS\\explorer32dbg.exe"

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe]
"Debugger"="C:\\WINDOWS\\iexplore_dbg.exe"



Merging Registry----------


Deleting Files-------------


Searching for files not deleted:
-----------------------------------------------------


Searching for keys not deleted:
-----------------------------------------------------
  • 0

#4
miekiemoes
Posted 20 June 2005 - 09:18 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Ok, that part is done now...

Now let's deal with the rest, but I need to see a hijackthislog for that.
I'll let you also use another scan afterwards to get rid of the files which panda didn't delete.

Download hijackthis and install it:

http://www.merijn.or...ackthis_sfx.exe
When opened, click the option: scan and save log.
Post that log in your next reply.

Edit... is you explorer back now?

Edited by miekiemoes, 20 June 2005 - 09:22 AM.

  • 0

#5
plotthound1
Posted 20 June 2005 - 09:22 AM

plotthound1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi! Thank you -- I rebootedf and have icons back, but I have done second step and here is the log:

Logfile of HijackThis v1.99.1
Scan saved at 11:20:56 AM, on 6/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\javagg32.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ZipToA.exe
C:\WINDOWS\System32\wuauclt.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\addrx32.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\America Online 8.0\AOL.EXE
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\America Online 8.0\aolwbspd.exe
C:\Documents and Settings\Hoobaa\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xvprf.dll/sp.html#27859
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mgn.microsoft...3&HelpLCID=1033
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {E0C178B2-8454-511A-88BC-EADF5E5B5094} - C:\WINDOWS\ielz.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [addrx32.exe] C:\WINDOWS\system32\addrx32.exe
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102942468984
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{715C9A8A-DD66-46D1-A5E2-9837067C3AEE}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{715C9A8A-DD66-46D1-A5E2-9837067C3AEE}: NameServer = 205.188.146.145
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\javagg32.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\\aolserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\IomegaAccess.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe
  • 0

#6
miekiemoes
Posted 20 June 2005 - 09:28 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hello,

It's better to print out the next instructions or save them in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

°Download AboutBuster.
Unzip AboutBuster in an own folder such as C:\AboutBuster.
Start AboutBuster.exe. Click OK, Update, Check For Update and download the updates if present.
Close aboutbuster now, because you may not run it yet, that's for later.
If You are getting an error when updating, please let me know first before you proceed with the next steps.

* Download and install CCleaner
Do not use it yet.

* Download CWShredder. Don't let it run yet!

* Download this regfix: HSfix
Unzip it and place it on your desktop, don't use it yet!

°First, we will make your hidden files and folders visible.
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide file extensions for known file types.
* Click Yes to confirm.
* Click OK.

*Please reboot your system into SAFE MODE.
°To get into the Windows XP Safe mode as the computer is booting press and hold your "F8 Key" which should bring up the "Windows Advanced Options Menu". Use your arrow keys to move to "Safe Mode" and press your Enter key.

*Start hijackthis and click scan and put a checkmark next to the following items:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xvprf.dll/sp.html#27859
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {E0C178B2-8454-511A-88BC-EADF5E5B5094} - C:\WINDOWS\ielz.dll
O4 - HKLM\..\Run: [addrx32.exe] C:\WINDOWS\system32\addrx32.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\javagg32.exe

*Close all open windows except hijackthis and click 'Fix Checked'.

*Navigate to and delete the following files if present:

C:\WINDOWS\system32\javagg32.exe
C:\WINDOWS\system32\addrx32.exe
C:\WINDOWS\ielz.dll
c:\wp.exe
C:\wp.bmp

*Start Aboutbuster and let it scan. When the scan is done and you choose exit, it will automatically create a log in the same folder where aboutbuster is in.

*Start Cwshredder and click FIX

* Doubleclick on HSfix you downloaded earlier before which is present on your desktop and when it asks you if you want to add the contents to the registry, click yes/ok

* Still in safe mode Run Ccleaner and click Run Cleaner (bottom right)

*Go to start>Control Panel>Internet Options>tab programs> and click restore websettings.

* Reboot your PC back to normal.

* Download http://metallica.gee...m/smitfraud.reg and save it on your desktop
Doubleclick on it and when it asks you if you want to add the content to the registry, click yes/ok.

* Download the Hoster from HERE Press "Restore Original Hosts" and press "OK". Exit Program.

* Download: http://www.mvps.org/.../DelDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

* Perform an onlinescan with Panda again.

*Post a new hijackthis-log + log aboutbuster which you'll find in the aboutbuster-folder + log from panda.
  • 0

#7
plotthound1
Posted 20 June 2005 - 11:58 AM

plotthound1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi: here are the logs requested (is this the right place to post them?)

Panda:


Adware:Adware/SearchAid No disinfected C:\Documents and Settings\Hoobaa\Favorites\Only sex website.url
Adware:Adware/SuperSpider No disinfected C:\Q250204.exe
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Ab scissor.url
Adware:Adware/IGuard No disinfected Windows Registry
Adware:Adware/Startpage.WL No disinfected C:\Documents and Settings\Hoobaa\Desktop\backups\backup-20050620-115837-735.dll
Adware:Adware/SearchAid No disinfected C:\Documents and Settings\Hoobaa\Favorites\Only sex website.url
Adware:Adware/SearchAid No disinfected C:\Documents and Settings\Hoobaa\Favorites\Search the web.url
Adware:Adware/SearchAid No disinfected C:\Documents and Settings\Hoobaa\Favorites\Seven days of free [bleep].url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Ab scissor.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Broadband comparison.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Credit counseling.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Credit report.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Crm software.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Debt credit card.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Escorts.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Fha.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Health insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Help desk software.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Insurance home.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Loan for debt consolidation.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Loan for people with bad credit.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Marketing email.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Mortgage insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Mortgage life insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Nevada corporations.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Online Betting Site.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Online gambling casino.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Online instant loan.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Order phentermine.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Payroll advance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Personal loans online.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Personal loans with bad credit.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Prescription Drugs Rx Online.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Refinancing my mortgage.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Tahoe vacation rental.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Unsecured bad credit loans.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\Videos.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Hoobaa\Favorites\Sites about\What is hydrocodone.url
Adware:Adware/SearchAid No disinfected C:\Q250204.exe
Adware:Adware/Startpage.WL No disinfected C:\RECYCLER\S-1-5-21-3490846053-605611028-4245209405-1006\Dc2\backup-20050620-115837-735.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\addcq32.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\appsn32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\atelep.dat
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\atlas32.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\atlsl.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crbn32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\crvu32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3fp.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3nd32.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\d3sn.dll
Adware:Adware/Winshow No disinfected C:\WINDOWS\gcrxh.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\gjsrls.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\grkrav.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ipff.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javauz.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javaxq.dll
Adware:Adware/EasySearch No disinfected C:\WINDOWS\jguba.dll
Adware:Adware/EasySearch No disinfected C:\WINDOWS\knbir.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\mfcei.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\mfcxd.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\msaw32.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\netri.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntoo.dll
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_ezzama.dat
Adware:Adware/CWS.Aboutblank No disinfected C:\WINDOWS\n_xqsaqa.dat
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ototov.dat
Adware:Adware/EasySearch No disinfected C:\WINDOWS\qjzmu.dll
Adware:Adware/StartPage.BK No disinfected C:\WINDOWS\rdllj.dll
Adware:Adware/EasySearch No disinfected C:\WINDOWS\ropoa.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sdkrl32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\apiel32.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\SYSTEM32\apifg.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\SYSTEM32\apikl.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\SYSTEM32\atlel.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\SYSTEM32\atlrk32.dll
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\bovav.dll
Adware:Adware/EasySearch No disinfected C:\WINDOWS\SYSTEM32\csegw.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\d3gu32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\d3xt32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\iezx.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\ipde.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\SYSTEM32\ipfu32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\javatr.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\SYSTEM32\mfclm.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\msnz32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\msxy32.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\SYSTEM32\msyg.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\SYSTEM32\netfu.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\SYSTEM32\netkn.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\SYSTEM32\netml.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\netsx.dll
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\sbmxp.dll
Adware:Adware/EasySearch No disinfected C:\WINDOWS\SYSTEM32\tfzdb.dll
Adware:Adware/Winshow No disinfected C:\WINDOWS\SYSTEM32\tpzxv.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\windc32.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\winul.dll
Adware:Adware/HT401 No disinfected C:\WINDOWS\ukguf.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\UpdReg.EXE
Adware:Adware/SearchAid No disinfected C:\WINDOWS\winey.dll
Adware:Adware/Startpage.WL No disinfected C:\WINDOWS\winmb32.dll


HIJACKTHIS Scan:

Logfile of HijackThis v1.99.1
Scan saved at 1:54:56 PM, on 6/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ZipToA.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\America Online 8.0\AOL.EXE
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\America Online 8.0\aolwbspd.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Hoobaa\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://mgn.microsoft...3&HelpLCID=1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\Program Files\McAfee.com\Agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Program Files\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb03.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKCU\..\Run: [Iomega Active Disk] C:\Program Files\Iomega\AutoDisk\AD2KClient.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1102942468984
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{715C9A8A-DD66-46D1-A5E2-9837067C3AEE}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{715C9A8A-DD66-46D1-A5E2-9837067C3AEE}: NameServer = 205.188.146.145
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\aol\AOLSPY~1\\aolserv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Iomega Activity Disk2 - Iomega Corporation - C:\PROGRA~1\Iomega\System32\ActivityDisk.exe
O23 - Service: IomegaAccess - Iomega Corporation - C:\WINDOWS\System32\IomegaAccess.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: ZipToA - Iomega Corporation - C:\WINDOWS\System32\ZipToA.exe

AboutBuster:

AboutBuster 5.0 reference file 28
Scan started on [6/20/2005] at [12:09:39 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\$_hpcst$.hpc:fynfg
Removed Stream! C:\WINDOWS\$_hpcst$.hpc:fynfg
Removed Stream! C:\WINDOWS\AC3API.INI:tytcvu
Removed Stream! C:\WINDOWS\AolCInUn.exe:vyujr
Removed Stream! C:\WINDOWS\ccmbw.txt:ezwnsp
Removed Stream! C:\WINDOWS\Coffee Bean.bmp:wapsmz
Removed Stream! C:\WINDOWS\d3nd32.dll:cypgxt
Removed Stream! C:\WINDOWS\DELL.BMP:pthgoc
Removed Stream! C:\WINDOWS\fawcm.dat:cmhnif
Removed Stream! C:\WINDOWS\fomjp.txt:bzwvgq
Removed Stream! C:\WINDOWS\fomjp.txt:vfabdh
Removed Stream! C:\WINDOWS\Greenstone.bmp:nfkgfs
Removed Stream! C:\WINDOWS\hpinfo.lnk:ggdlzc
Removed Stream! C:\WINDOWS\IIS6.LOG:gxdbx
Removed Stream! C:\WINDOWS\IIS6.LOG:gxdbx
Removed Stream! C:\WINDOWS\khjnx.txt:kitagd
Removed Stream! C:\WINDOWS\Live.ico:ctkvg
Removed Stream! C:\WINDOWS\lvsfv.log:vkwkdq
Removed Stream! C:\WINDOWS\MedCtrOC.log:nuwgc
Removed Stream! C:\WINDOWS\MedCtrOC.log:nuwgc
Removed Stream! C:\WINDOWS\Microsoft.MIF:ocpyxa
Removed Stream! C:\WINDOWS\Microsoft.MIF:qavihk
Removed Stream! C:\WINDOWS\MKDEMSG.LOG:ekszzo
Removed Stream! C:\WINDOWS\mozregistry.dat:xkkebq
Removed Stream! C:\WINDOWS\MSDFMAP.INI:sdnimx
Removed Stream! C:\WINDOWS\MSGSOCM.LOG:bbysde
Removed Stream! C:\WINDOWS\MSMQINST.LOG:plvjvb
Removed Stream! C:\WINDOWS\muxnn.txt:sprkvd
Removed Stream! C:\WINDOWS\NCUNINST.EXE:uldbl
Removed Stream! C:\WINDOWS\NCUNINST.EXE:uldbl
Removed Stream! C:\WINDOWS\NETFXOCM.LOG:kdgnoi
Removed Stream! C:\WINDOWS\nlpgn.log:tcqyxh
Removed Stream! C:\WINDOWS\NOTEPAD.EXE:xtsif
Removed Stream! C:\WINDOWS\nsreg.dat:lpjppf
Removed Stream! C:\WINDOWS\ntdtcsetup.log:ienxxl
Removed Stream! C:\WINDOWS\nwpml.log:deysik
Removed Stream! C:\WINDOWS\n_aauuzx.log:dqcurq
Removed Stream! C:\WINDOWS\n_jfjyma.dat:vfjyku
Removed Stream! C:\WINDOWS\n_jmvwti.dat:wjmala
Removed Stream! C:\WINDOWS\Prairie Wind.bmp:bmozuy
Removed Stream! C:\WINDOWS\Q329909.log:omuddi
Removed Stream! C:\WINDOWS\Q811789.log:nlydqa
Removed Stream! C:\WINDOWS\q812415.log:hneifl
Removed Stream! C:\WINDOWS\Q815304.log:ymjisk
Removed Stream! C:\WINDOWS\Q815485.log:rnxvzv
Removed Stream! C:\WINDOWS\Q816979.log:qfbomn
Removed Stream! C:\WINDOWS\qsqyc.log:igubox
Removed Stream! C:\WINDOWS\SETUPAPI.LOG:utzva
Removed Stream! C:\WINDOWS\SYSTEM.INI:ggyjnl
Removed Stream! C:\WINDOWS\Thumbs.db:encryptable
Removed Stream! C:\WINDOWS\TSOC.LOG:rhqphv
Removed Stream! C:\WINDOWS\TWAIN.DLL:mxblq
Removed Stream! C:\WINDOWS\VB.INI:cibhdi
Removed Stream! C:\WINDOWS\WIASERVC.LOG:ecnlx
Removed Stream! C:\WINDOWS\WIN.INI:ujmnys
Removed Stream! C:\WINDOWS\WMSysPrx.prx:qpjxsy
Removed Stream! C:\WINDOWS\xdbbw.log:jhbdvi
Removed Stream! C:\WINDOWS\Zapotec.bmp:bimqpt
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:cmsyaf
------------------------------------------------
Removed File! : C:\Windows\aafmj.dll
Removed File! : C:\Windows\egdgp.dat
Removed File! : C:\Windows\laovyr.dat
Removed File! : C:\Windows\pdsam.dat
Removed File! : C:\Windows\qjzmu.dat
Removed File! : C:\Windows\ukguf.dat
Removed File! : C:\Windows\ygraf.dat
Removed File! : C:\Windows\zrwzn.dll
Removed File! : C:\Windows\System32\cryo.exe
Removed File! : C:\Windows\System32\d3cq.exe
Removed File! : C:\Windows\System32\dnayf.dll
Removed File! : C:\Windows\System32\heqlu.dat
Removed File! : C:\Windows\System32\mfcxd.exe
Removed File! : C:\Windows\System32\oshzr.dat
Removed File! : C:\Windows\System32\qsspo.dat
Removed File! : C:\Windows\System32\qxgzx.dll
Removed File! : C:\Windows\System32\ruegf.dll
Removed File! : C:\Windows\System32\sczzb.dat
Removed File! : C:\Windows\System32\ubfdy.dat
Removed File! : C:\Windows\System32\xvprf.dll
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 12:09:54 PM
  • 0

#8
miekiemoes
Posted 20 June 2005 - 12:36 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Your hijackthislog looks clean, which means no malware is active running for the moment.
Still a lot of items that Panda sees as infected though.
I can let you delete all those files manually, but why do it manually if an onlinescanner can deal with it?

That's why I want you to perform next online scan(s):

Kaspersky OnLine and/or Bitdefender and let it delete everything it is finding.

Also Perform a full scan with an updated Adaware SE and/or Spybot S&D to get rid of the leftovers.
If you don't have those programs yet, you can find the downloadlocations in my sig.

The kaspersky scan does take a while but is very thorough!!
At the end of the kasperskyscan you can select to delete those infected files.
Perform the pandascan afterwards once more and post the log, so we can deal with some leftovers afterwards manually.
  • 0

#9
plotthound1
Posted 21 June 2005 - 01:56 PM

plotthound1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hi! I just did the Kaspersky online scan as you suggested and have a long list of viruses; however, it does not seem to give me the opportunity to delete them, just save them as a text file, which I did (23 virsues, 1803 infected objects). Is there a way to delete these automatically? I did Bit defender and have the report -- it said it could not remove some of the infections.

Edited by plotthound1, 21 June 2005 - 03:13 PM.

  • 0

#10
miekiemoes
Posted 21 June 2005 - 02:30 PM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
yes, normally there is... but it could be possible that kaspersky deleted them already automatically.
I've tested the kaspersky onlinescan myself once, but can't remember the deletion anymore. But I do know kaspersky has the option to delete.

Can you select the files in the end and choose delete? Or rightclick those files?
  • 0

#11
miekiemoes
Posted 22 June 2005 - 04:20 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

You are right, I tried this myself again and there is no option anymore to delete. There was before though...
Bitdefender onlinescan has the option to delete and also to post the log, so maybe scan with bitdefender (see previous post or look in my sig) and post the log afterwards. :tazz:
  • 0

#12
plotthound1
Posted 23 June 2005 - 07:26 AM

plotthound1

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Hello! Thanks so much for your ongoing hel. I ran another Bitdefender scan this a.m. and below is the log....I am wondering if I should just purchase the Kaspersky program? This seems so overwhelming....

LOG:

BitDefender Online Scanner



Scan report generated at: Thu, Jun 23, 2005 - 09:01:56





Scan path: C:\;D:\;E:\;G:\;H:\;I:\;J:\;







Statistics

Time
00:19:42

Files
86507

Folders
3561

Boot Sectors
3

Archives
1568

Packed Files
8529




Results

Identified Viruses
15

Infected Files
397

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
397




Engines Info

Virus Definitions
184951

Engine build
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins
13

Archive plugins
39

Unpack plugins
4

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP348\A0028694.PIF=>:czclw:$DATA
Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP348\A0028694.PIF=>:czclw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP348\A0028694.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP348\A0028694.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP349\A0028732.PIF=>:czclw:$DATA
Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP349\A0028732.PIF=>:czclw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP349\A0028732.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP349\A0028732.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP350\A0028765.PIF=>:czclw:$DATA
Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP350\A0028765.PIF=>:czclw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP350\A0028765.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP350\A0028765.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP351\A0028817.PIF=>:czclw:$DATA
Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP351\A0028817.PIF=>:czclw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP351\A0028817.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP351\A0028817.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP352\A0028829.PIF=>:czclw:$DATA
Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP352\A0028829.PIF=>:czclw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP352\A0028829.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP352\A0028829.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP353\A0028852.PIF=>:czclw:$DATA
Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP353\A0028852.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP353\A0028852.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP353\A0028893.PIF=>:czclw:$DATA
Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP353\A0028893.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP353\A0028893.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP354\A0028905.PIF=>:czclw:$DATA
Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP354\A0028905.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP354\A0028905.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP355\A0028939.PIF=>:czclw:$DATA
Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP355\A0028939.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP355\A0028939.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP356\A0028945.PIF=>:czclw:$DATA
Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP356\A0028945.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP356\A0028945.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP357\A0028991.PIF=>:czclw:$DATA
Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP357\A0028991.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP357\A0028991.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP358\A0029044.PIF=>:czclw:$DATA
Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP358\A0029044.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP358\A0029044.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP359\A0029069.PIF=>:czclw:$DATA
Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP359\A0029069.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP359\A0029069.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP360\A0029132.PIF=>:czclw:$DATA
Infected with: Trojan.Downloader.Agent.BC

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP360\A0029132.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP360\A0029132.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP361\A0029181.PIF=>:czclw:$DATA
Infected with: Trojan.Dropper.Small.TN

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP361\A0029181.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP361\A0029181.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP361\A0029225.PIF=>:czclw:$DATA
Infected with: Trojan.Dropper.Small.TN

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP361\A0029225.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP361\A0029225.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP362\A0029283.PIF=>:czclw:$DATA
Infected with: Trojan.Dropper.Small.TN

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP362\A0029283.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP362\A0029283.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP363\A0029311.PIF=>:czclw:$DATA
Infected with: Trojan.Dropper.Small.TN

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP363\A0029311.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP363\A0029311.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP364\A0029359.PIF=>:czclw:$DATA
Infected with: Trojan.Dropper.Small.TN

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP364\A0029359.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP364\A0029359.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP365\A0029403.PIF=>:czclw:$DATA
Infected with: Trojan.Dropper.Small.TN

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP365\A0029403.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP365\A0029403.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP365\A0029464.PIF=>:czclw:$DATA
Infected with: Trojan.Dropper.Small.TN

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP365\A0029464.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP365\A0029464.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP366\A0029476.PIF=>:czclw:$DATA
Infected with: Trojan.Dropper.Small.TN

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP366\A0029476.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP366\A0029476.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP367\A0029522.PIF=>:czclw:$DATA
Infected with: Trojan.Dropper.Small.TN

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP367\A0029522.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP367\A0029522.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP368\A0029547.PIF=>:jbknmu:$DATA
Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP368\A0029547.PIF=>:jbknmu:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP368\A0029547.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP368\A0029547.PIF=>:czclw:$DATA
Infected with: Trojan.Dropper.Small.TN

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP368\A0029547.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP368\A0029547.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP368\A0029557.PIF=>:jbknmu:$DATA
Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP368\A0029557.PIF=>:jbknmu:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP368\A0029557.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP368\A0029557.PIF=>:czclw:$DATA
Infected with: Trojan.Dropper.Small.TN

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP368\A0029557.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP368\A0029557.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029621.PIF=>:jbknmu:$DATA
Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029621.PIF=>:jbknmu:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029621.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029621.PIF=>:czclw:$DATA
Infected with: Trojan.Dropper.Small.TN

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029621.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029621.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029758.dll=>:mqlrz:$DATA=>(JAVASCRIPT 2)
Infected with: JS.Winshow.U

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029758.dll=>:mqlrz:$DATA=>(JAVASCRIPT 2)
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029758.dll=>:mqlrz:$DATA=>(JAVASCRIPT 2)
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029758.dll=>:mqlrz:$DATA
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029758.dll=>:mqlrz:$DATA=>(JAVASCRIPT 16)
Infected with: JS.Winshow.U

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029758.dll=>:mqlrz:$DATA=>(JAVASCRIPT 16)
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029758.dll=>:mqlrz:$DATA=>(JAVASCRIPT 16)
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029758.dll=>:mqlrz:$DATA
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029758.dll=>:mqlrz:$DATA=>(JAVASCRIPT 30)
Infected with: JS.Winshow.U

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029758.dll=>:mqlrz:$DATA=>(JAVASCRIPT 30)
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029758.dll=>:mqlrz:$DATA=>(JAVASCRIPT 30)
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029758.dll=>:mqlrz:$DATA
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029758.dll=>:mqlrz:$DATA=>(JAVASCRIPT 46)
Infected with: JS.Winshow.U

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029758.dll=>:mqlrz:$DATA=>(JAVASCRIPT 46)
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029758.dll=>:mqlrz:$DATA=>(JAVASCRIPT 46)
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029758.dll=>:mqlrz:$DATA
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029758.dll=>:mqlrz:$DATA=>(JAVASCRIPT 191)
Infected with: Trojan.Downloader.Winshow.AK

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029758.dll=>:mqlrz:$DATA=>(JAVASCRIPT 191)
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029758.dll=>:mqlrz:$DATA=>(JAVASCRIPT 191)
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029758.dll=>:mqlrz:$DATA
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP369\A0029758.dll
Update failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP371\A0029956.ini=>:fnlfw:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP371\A0029956.ini=>:fnlfw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP371\A0029956.ini=>:fnlfw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP371\A0029956.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP372\A0029995.ini=>:fnlfw:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP372\A0029995.ini=>:fnlfw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP372\A0029995.ini=>:fnlfw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP372\A0029995.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP373\A0030026.ini=>:fnlfw:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP373\A0030026.ini=>:fnlfw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP373\A0030026.ini=>:fnlfw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP373\A0030026.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP374\A0030058.ini=>:fnlfw:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP374\A0030058.ini=>:fnlfw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP374\A0030058.ini=>:fnlfw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP374\A0030058.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP375\A0030135.ini=>:fnlfw:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP375\A0030135.ini=>:fnlfw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP375\A0030135.ini=>:fnlfw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP375\A0030135.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP376\A0030165.ini=>:fnlfw:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP376\A0030165.ini=>:fnlfw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP376\A0030165.ini=>:fnlfw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP376\A0030165.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP377\A0030205.ini=>:fnlfw:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP377\A0030205.ini=>:fnlfw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP377\A0030205.ini=>:fnlfw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP377\A0030205.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP378\A0030249.ini=>:fnlfw:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP378\A0030249.ini=>:fnlfw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP378\A0030249.ini=>:fnlfw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP378\A0030249.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP379\A0030364.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP379\A0030364.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP379\A0030364.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP379\A0030364.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP380\A0030441.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP380\A0030441.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP380\A0030441.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP380\A0030441.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP381\A0030484.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP381\A0030484.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP381\A0030484.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP381\A0030484.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0030550.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0030550.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0030550.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0030550.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0030554.PIF=>:jbknmu:$DATA
Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0030554.PIF=>:jbknmu:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0030554.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0030554.PIF=>:czclw:$DATA
Infected with: Trojan.Dropper.Small.TN

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0030554.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP382\A0030554.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP383\A0030580.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP383\A0030580.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP383\A0030580.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP383\A0030580.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP384\A0030646.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP384\A0030646.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP384\A0030646.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP384\A0030646.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP384\A0030699.PIF=>:jbknmu:$DATA
Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP384\A0030699.PIF=>:jbknmu:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP384\A0030699.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP384\A0030699.PIF=>:czclw:$DATA
Infected with: Trojan.Dropper.Small.TN

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP384\A0030699.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP384\A0030699.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP385\A0030705.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP385\A0030705.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP385\A0030705.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP385\A0030705.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP385\A0030714.PIF=>:jbknmu:$DATA
Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP385\A0030714.PIF=>:jbknmu:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP385\A0030714.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP385\A0030714.PIF=>:czclw:$DATA
Infected with: Trojan.Dropper.Small.TN

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP385\A0030714.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP385\A0030714.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP386\A0030737.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP386\A0030737.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP386\A0030737.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP386\A0030737.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP387\A0030755.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP387\A0030755.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP387\A0030755.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP387\A0030755.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP388\A0030828.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP388\A0030828.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP388\A0030828.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP388\A0030828.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP389\A0030934.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP389\A0030934.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP389\A0030934.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP389\A0030934.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0030960.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0030960.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0030960.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0030960.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0030972.PIF=>:jbknmu:$DATA
Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0030972.PIF=>:jbknmu:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0030972.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0030972.PIF=>:czclw:$DATA
Infected with: Trojan.Dropper.Small.TN

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0030972.PIF=>:czclw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0030972.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0031849.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0031849.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0031849.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP390\A0031849.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0032067.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0032067.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0032067.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0032067.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0032097.PIF=>:muxnnx:$DATA
Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0032097.PIF=>:muxnnx:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0032097.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0032097.PIF=>:jbknmu:$DATA
Infected with: Trojan.Agent.BI

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0032097.PIF=>:jbknmu:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP391\A0032097.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0032103.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0032103.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0032103.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0032103.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0032112.PIF=>:qzchsw:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0032112.PIF=>:qzchsw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0032112.PIF=>:qzchsw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP392\A0032112.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP393\A0032169.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP393\A0032169.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP393\A0032169.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP393\A0032169.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP393\A0032170.PIF=>:qzchsw:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP393\A0032170.PIF=>:qzchsw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP393\A0032170.PIF=>:qzchsw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP393\A0032170.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0032193.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0032193.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0032193.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0032193.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0032194.PIF=>:qzchsw:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0032194.PIF=>:qzchsw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0032194.PIF=>:qzchsw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP394\A0032194.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP395\A0032272.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP395\A0032272.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP395\A0032272.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP395\A0032272.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP395\A0032276.PIF=>:qzchsw:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP395\A0032276.PIF=>:qzchsw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP395\A0032276.PIF=>:qzchsw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP395\A0032276.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP396\A0032321.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP396\A0032321.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP396\A0032321.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP396\A0032321.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP396\A0032322.PIF=>:qzchsw:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP396\A0032322.PIF=>:qzchsw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP396\A0032322.PIF=>:qzchsw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP396\A0032322.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP397\A0032362.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP397\A0032362.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP397\A0032362.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP397\A0032362.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0032386.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0032386.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0032386.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0032386.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0032409.PIF=>:qzchsw:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0032409.PIF=>:qzchsw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0032409.PIF=>:qzchsw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP398\A0032409.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP399\A0032427.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP399\A0032427.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP399\A0032427.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP399\A0032427.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP399\A0032462.PIF=>:qzchsw:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP399\A0032462.PIF=>:qzchsw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP399\A0032462.PIF=>:qzchsw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP399\A0032462.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP400\A0032471.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP400\A0032471.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP400\A0032471.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP400\A0032471.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP401\A0032497.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP401\A0032497.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP401\A0032497.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP401\A0032497.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP401\A0032506.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP401\A0032506.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP401\A0032506.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP401\A0032506.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP401\A0032514.PIF=>:qzchsw:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP401\A0032514.PIF=>:qzchsw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP401\A0032514.PIF=>:qzchsw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP401\A0032514.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032520.PIF=>:qzchsw:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032520.PIF=>:qzchsw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032520.PIF=>:qzchsw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032520.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032525.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032525.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032525.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032525.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032565.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032565.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032565.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032565.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032593.PIF=>:qzchsw:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032593.PIF=>:qzchsw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032593.PIF=>:qzchsw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032593.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032604.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032604.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032604.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032604.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032612.PIF=>:qzchsw:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032612.PIF=>:qzchsw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032612.PIF=>:qzchsw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032612.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032625.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032625.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032625.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032625.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032652.PIF=>:qzchsw:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032652.PIF=>:qzchsw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032652.PIF=>:qzchsw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032652.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032665.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032665.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032665.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032665.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032674.PIF=>:qzchsw:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032674.PIF=>:qzchsw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032674.PIF=>:qzchsw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032674.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032689.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032689.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032689.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032689.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032705.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032705.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032705.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032705.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032727.PIF=>:qzchsw:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032727.PIF=>:qzchsw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032727.PIF=>:qzchsw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP402\A0032727.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP403\A0033020.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP403\A0033020.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP403\A0033020.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP403\A0033020.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP403\A0033021.PIF=>:qzchsw:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP403\A0033021.PIF=>:qzchsw:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP403\A0033021.PIF=>:qzchsw:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP403\A0033021.PIF
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP403\A0033056.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP403\A0033056.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP403\A0033056.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP403\A0033056.ini
Updated

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP403\A0033065.ini=>:ofnela:$DATA
Infected with: Trojan.Downloader.Agent.GM

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP403\A0033065.ini=>:ofnela:$DATA
Disinfection failed

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP403\A0033065.ini=>:ofnela:$DATA
Deleted

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}�
  • 0

#13
miekiemoes
Posted 23 June 2005 - 08:26 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Most of the infected files are in your systemrestorepoints and bitdefender also dealt with it I see.
However, your log isn't complete, but it said in the results:

Infected Files
397

Deleted Files
397

So that's good.. It deleted them all.

I am wondering if I should just purchase the Kaspersky program? This seems so overwhelming....


Kaspersky is a great scanner and very thorough!
Maybe you can try the trial first (1 month for free) to test it.

http://www.kaspersky...apter=146481750

Kaspersky also deals with the latest smitfraud.. The one you were dealing with before.

I also use Kaspersky and don't want to change anymore. :tazz:

By the way, how are things running now? Still noticing any problems?
Your hijackthislog was clean.
  • 0

#14
miekiemoes
Posted 29 June 2005 - 02:39 AM

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP