Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help with About:Blank [CLOSED]


  • This topic is locked This topic is locked

#1
Bandaid3

Bandaid3

    New Member

  • Member
  • Pip
  • 8 posts
I have followed the directions to run aboutBuster, CCleaner, CWShredder, HSFix, etc but still have About:Blank hijacking my browser. I think I am not getting all the files that need removal and need help walking thru this removal process
  • 0

Advertisements


#2
Bandaid3

Bandaid3

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:12:24 PM, on 7/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [netgy.exe] C:\WINDOWS\system32\netgy.exe
O4 - HKLM\..\RunOnce: [d3fp32.exe] C:\WINDOWS\d3fp32.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\System32\changes_homepage.dll (file missing) (HKCU)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\d3fp32.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\09YF4D2F\cwshredder[1].exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\lotus\notes\ntmulti.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • 0

#3
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi Bandaid3 and welcome to GeeksToGo! My name is Excal and I will be helping you.

I can see that you have some malware issues. This maybe a few step process in removing it. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

Please disable the Trend Micro program that you have running, as this will interfere with the fix. There should be a icon in your tray by the clock in the bottom right.

Please download and install these programs - don't run them yet!!

If you already have these programs, you do not have to download them again, just make sure the ones that can be updated, are :tazz:

Please download and unzip
About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.
AboutBuster MUST be updated before you use it.
Start AboutBuster, click the update button, check for updates. Please don't run it yet.

Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first.

Download and unzip HSfix to your desktop :
HSFix

Download and install CleanUp! Here*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups.

Download CWShredder here to its own folder.

Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
We will be using this program later.

Download the Host Here
Please do not use program yet

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Open up the Host program.
  • Make sure that the "make hosts writable?" button in the upper right corner is enabled.
  • Click back up Host files
  • then click Restore orginal host files
  • close program
4. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

5. Go to Start->Run and type in services.msc and hit OK. Then look for Remote Procedure Call (RPC) Helper ( 11F#`I) and double click on it. Click on the Stop button and under Startup type, choose Disabled.

6. Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows.

7. Close all browsers, windows and unneeded programs.

8. Open HiJack and do a scan.

9. Put a Check next to the following items:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [netgy.exe] C:\WINDOWS\system32\netgy.exe
O4 - HKLM\..\RunOnce: [d3fp32.exe] C:\WINDOWS\d3fp32.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {237AA178-C3BC-4f67-A8BB-D8BC14BA0B89} - C:\WINDOWS\System32\changes_homepage.dll (file missing) (HKCU)
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\d3fp32.exe" /s (file missing)


10. click the Fix Checked box

11. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\system32\netgy.exe
C:\WINDOWS\d3fp32.exe
C:\WINDOWS\System32\changes_homepage.dll


12. Please run about:buster by RubbeRDuckY:
  • Click Begin Removal.
  • It will begin to check your computer for malicious files.
  • AboutBuster will finish and open a new page. Follow the instructions for protection on that page.
  • Shut down AboutBuster. A log should have been created.Please Save this log and copy it in your next post.
13. Scan with AdAware and let it remove any bad files found.

14. Run the program CleanUp! (do not reboot yet)

15. Double click on the HSFix and when asked to merge say yes.

16. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

17. Please post an Active scan log and a fresh HiJackThis log. Let me know how your computer is running.
  • 0

#4
Bandaid3

Bandaid3

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Excal-I believe i followed your directions exactly. Here is my ewido log. I'll post my hijack this log in a moment.
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:01:00 PM, 7/10/2005
+ Report-Checksum: BC5D27D2

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{00564D9E-6D4B-1BA6-3369-3CA152EDA8CE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{033935E4-A208-AB9E-DD2A-6A9B7E426D04} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{05CFF62B-F8EF-A6A3-C2D8-0649EE07F197} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{065FC1F3-9ED6-83E8-0595-519D9C0E43FF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{077B6257-5FF2-99E2-4271-626F5736BD18} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{09312E20-8C50-C241-742B-35F21EDA9875} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0AD1A770-F33D-516E-A6BD-A3AEB8568EAC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0ADD4D53-B7DD-20F8-2AC9-AB9CB538A46F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1082088A-E784-5093-F9A0-07E5588FA67C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1486290A-90C1-388F-ADC8-6BFAA6B057E8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{15E6172A-5F7D-3085-1E94-14DA8D1A4479} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{18BDB348-E8B0-D5A4-55F2-74FD4CB49A69} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{18DF9808-F6C9-984B-EDE3-0B7624EC452A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1BD83F34-5674-FA0D-E5B2-7D7655F0D46F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1D3E7FA6-E393-C514-F461-E0B59435D825} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1} -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{29CDA41A-A8EB-6A68-BBF5-2877418D55C7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2C874D56-A88C-3E88-B23F-99BEE8C67943} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3507B32F-B4F9-0B6B-5168-A74196010FA0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38A09FC8-FCAF-3D1E-A6D6-FB0A0E2E2D98} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38BCC2CD-AF0A-EC41-D4CB-035F1C7378C9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{430B869B-EB6E-CBD3-5E4D-6D279372AA20} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4AD64CAF-CC40-779E-C47E-E23705C41C75} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4C1CBC17-3C15-343F-1E7C-D8F447935C05} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{551764CC-ABCF-335C-76F6-62283B478A0F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5735BB6F-7A93-49E1-B628-ABB60DAA5F0B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5E60DAD4-D59A-D1EA-A0B3-BD226EE43523} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{67A0E5DD-D21D-3F1C-2FD5-07C50B27B4BD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{69C2D4B0-CE91-AAB5-0BB5-4F75B848492D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6D3DF846-86BE-A81E-C69E-5A1818F8E929} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{714C2287-DB2D-3514-4785-8EC21BA5C5F1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{72071605-48F5-CC68-B374-2CDDF451F27F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{735DDAC7-F8F1-47DD-D87A-6AF0100B6A48} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{76518006-D7C5-4C71-68F4-DA79559FA482} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{795714A8-C9C0-E8BD-30DB-A0DA3B603993} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7B28CC5E-5425-8989-13A1-2929DDA8CC5F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7DA446BF-5485-78F9-CC9A-2A02C93519E4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{83CBE2FB-4038-4351-9B1C-E69BF75962AA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{869EE607-5376-486d-8DAC-EDC8E239AD5F} -> Not-A-Virus.Exploit.CHM : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{89AB4821-CF17-C091-03A2-0E3A0FC89B56} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8BBD3FEB-8F56-FA45-F83E-0589E7E09434} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8F60435F-DF74-6308-E8CB-509D69906821} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{905BD5E4-261C-4EFD-5456-CD124D7B9D18} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{929F8E8D-2C15-4240-E685-FA3C645381C5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9913F006-5621-D9B4-E3CB-064477E8D278} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9AC37E11-63C7-D3E6-8EAE-1319DCCFBDC1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9E1455BA-AB98-5AEA-F11B-65367B604345} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9E146D60-4062-8C7C-D33B-14CDCD0418AE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A6BFC374-18DF-B761-3902-53957EFA4847} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B4D50626-AAF0-64AC-F1D5-8A697DD0E515} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BD757058-7180-2CE5-E5B6-8C70AEF236CC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C432F8C9-5E41-F564-674E-C21B8257061B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D6C7DB36-C0AC-C91F-B408-61A55E5AB6C5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E1259401-E429-8855-B814-BD6EF247346C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E4E0C452-0B6D-5B6B-E0AD-5D2B7C054116} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E647591B-D33E-72B8-A7F0-9D55C2A7369D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EDB041DC-4D4D-649F-F3B9-249E35ABBEF0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F1E91259-92C0-8767-A2E0-85139867622A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F22C21C3-2FA8-F0A7-72B3-7927ADEFC66E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F2903213-C2D0-B852-F56D-8B10D6C8C121} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\Classes\SearchRelevancy\CLSID -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8F9FBEB8-D216-4d6c-8D21-513157E09C0D} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Relevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy\Update -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\WildMedia -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\WildMedia\LicenseStores -> Spyware.MidAddle : Cleaned with backup
C:\bikini.exe -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Internet Explorer\tlfgcqtj.exe -> TrojanDownloader.WinShow.ac : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1419D673-349C-4791-A65B-C4A335\33AFDBD0-BD2B-40B2-A455-FF53E3 -> Spyware.Wintol : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1419D673-349C-4791-A65B-C4A335\E06FF398-82FF-4230-BE55-81DF7C -> Trojan.Tb.a : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3656660D-BC46-4846-9571-B32058\E9050BC6-BEF9-4EF9-94F1-7822BA -> Spyware.Wintol : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8765E317-0303-40CB-966C-911426\0DF1B999-87D5-4D82-A642-9B8211 -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076227.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076228.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076229.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076230.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076243.PIF:igdhrs -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076268.dll -> TrojanDownloader.WinShow.v : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076272.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076273.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076274.exe -> TrojanDownloader.Vb.Cw : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076275.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076276.exe -> TrojanDownloader.Agent.ac : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076277.exe -> TrojanDownloader.Small.kl : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076278.exe -> TrojanDownloader.Turown.G : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076285.PIF:derddg -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076285.PIF:igdhrs -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076311.PIF:derddg -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076311.PIF:igdhrs -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076386.PIF:cyqakq -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076386.PIF:dbzpxu -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076386.PIF:derddg -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076386.PIF:igdhrs -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076388.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076402.PIF:cyqakq -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076402.PIF:dbzpxu -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076402.PIF:derddg -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076402.PIF:igdhrs -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076405.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076408.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076409.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076418.ini:gwyreo -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076419.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076432.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0076435.ini:gwyreo -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0076438.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0076594.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0076595.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0076596.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0076597.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0076598.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0076599.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0076600.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0076601.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0076602.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0089056.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0089073.ini:gwyreo -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0089132.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0089142.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0089143.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0089144.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0089145.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0089146.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0089149.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089170.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089177.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089186.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089187.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089188.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089189.exe -> Backdoor.VB.nb : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089190.exe -> Backdoor.VB.nb : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089235.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089236.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089237.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089255.exe -> TrojanDownloader.Apropo.d : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089256.exe -> TrojanDownloader.Apropo.i : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089257.exe -> Spyware.PurityScan.u : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089258.exe -> TrojanDownloader.Apropo.i : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089259.exe -> Trojan.Scapur : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089260.exe -> TrojanDownloader.Apropo.i : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089287.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089289.ini:gwyreo -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089294.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\addaj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addas32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\adday.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addbn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addbs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\adddg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addeb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addfc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addfc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addfp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addgy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addhi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addlf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addln.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addme.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addmm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addnf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addnw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addoz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addpa32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addpq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addpt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addqc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addqj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addrl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addth32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addtu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addwn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addyc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addyz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addzf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiak.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiax.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apibn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apicd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiea32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiee.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apier.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apifn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apigd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apigm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apihy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apihz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiia.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiie32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiih32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apilj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apilm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apime32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apinn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apinv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apipq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiqb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiqm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apird.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiri.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apirr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apism.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apita32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiuj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiul32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apius.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiuw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apivg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apivr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiwk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiws32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiww32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiwy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apixp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apixt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apixz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apizi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apizu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appam32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appbs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appei32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appgp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appig.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appjd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appjh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appkf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appmb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appmi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appmk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appmu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appna.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appna32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appnk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appoc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appot32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apppr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appqd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appqi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appqm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appqz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apprr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apptd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appth32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appti32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apptq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apptt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appty32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appvc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appvn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appwj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appyc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appyn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appzf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appzi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlby32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlco.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlde.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atler32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlgu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlgw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlio32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atliu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atljd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atljx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlka.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlko32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlni32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlnk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlno.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlpn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlpv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlqw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlrr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlsq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atltv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlud32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atluk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlwt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlww.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlxh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlxq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlyf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlzh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlzp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crad32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crbs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crcw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crea32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cren.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crev32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crfn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crgk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crhh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crhr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\criy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crkc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crmu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crob.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crps.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crqp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crqu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crrv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crty.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crua32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cruf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cruk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crvs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crvt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crwi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cryb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crzx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3cf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3db32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3dp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3gx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ie32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3it.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3je.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3lb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ls.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3mb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3md32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3mk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ne32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3nu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3pc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3qd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3qq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3rc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3rm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3rw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3sb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3sj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3so32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3us32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3vv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3vw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3vz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3wg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3wx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3xs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3yi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieau.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieay.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iebf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iebq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iebu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iecn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iedb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iede.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iedm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iedv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieet32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iefl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iegi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iegl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iegv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iehl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieip32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieis32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieka.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iekf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iemi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieml32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iena.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieqn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieqs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieqy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieqz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ierp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ietp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieve.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ievf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ievn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iewf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iexm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieyl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieys32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieyu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iezv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipab32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipaj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipbj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipbn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipcf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipdd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipdo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipfw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipfx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipfz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipgd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipgk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipgo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipgp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipha.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipjr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipjw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipkh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipkl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipkv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipld.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipls.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipmm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipnm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipns.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipns32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipnx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ippw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipqr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipru32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipsj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipso.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipti.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipun.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipvn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipwc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipww32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipxe.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipxf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipyh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaaw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaay.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javabd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javabl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javabx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javabz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javack.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javadg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javadh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaeq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaex.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javafh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javafp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javafx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javahw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javahz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaik.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javalc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javalf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javalh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javalk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javamc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javanb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javank32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javanv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javanz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaoq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javapa32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javapq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaqc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaqi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javasb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaua32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javauk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javauk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javavc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javavq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javavs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javawf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javawk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaxe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaxu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javayj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javayn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javayx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javazl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javazs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javazw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javazx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcab32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcak.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcam32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcbv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcch32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfccq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcdy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcfg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcgd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcgt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfchm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcjj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcls.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcmh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcml32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcne32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcnt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcoc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcof32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcpq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcra32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcrn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcrs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcru.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcrx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcsa32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfctt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcvg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcvk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcwp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcwu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcxe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcxh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcya.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcyh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcyi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfczi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfczi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msai32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msaw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msaz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msbk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msbl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msbq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msbw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msdc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msde32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msdj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msdu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msej.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msez.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msfk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msfm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msgh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msht32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mshu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msia.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mskf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mskg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mskl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mskn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mskv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msmj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msmp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msmz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msnl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msop32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mspe.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msqq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mssw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msue.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msvt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msxe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msxm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msxn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msxv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msyb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msym32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msyq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mszy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netaa.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netad.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netag32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netau32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netaz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netbg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netbl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netbx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netbz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netcd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netdl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netdq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netef.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netfg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netfp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netgh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netgj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netgk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netgl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nethh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netis.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netiw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netix32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netiz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netkq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netkv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netlt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netmz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netnp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netoj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netpm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netpo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netpt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netpw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netqx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netrb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netrz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nettb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nettd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netui.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netum.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netvs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netwq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netyw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netyy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netzd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntak32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntav.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntbg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntcr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntdu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntgi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntgs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nthe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nthn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntho32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nthq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntht32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nthu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nthx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntka.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntkt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntkx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntlv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntlw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntmc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntmk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntmn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntmv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntmw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntmx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntnl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntns32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntpc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntqu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntri32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntrl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntrs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntrs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntsi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nttz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntux.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntvr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntwc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntwe.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntwh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntwp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntxr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntyy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntzp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ocxdi.txt:jvsehk -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkam32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkdz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdker32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkex.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkfe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkfx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkgp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkhq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkhw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkip.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkix.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkjr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkmc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkmd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkmk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkmy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdknm.exe -> Trojan.Agent.bi : Cleaned with backup
C:�
  • 0

#5
Bandaid3

Bandaid3

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Excal-I believe i followed your directions exactly. Here is my ewido log. I'll post my hijack this log in a moment.
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:01:00 PM, 7/10/2005
+ Report-Checksum: BC5D27D2

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{00564D9E-6D4B-1BA6-3369-3CA152EDA8CE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{033935E4-A208-AB9E-DD2A-6A9B7E426D04} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{05CFF62B-F8EF-A6A3-C2D8-0649EE07F197} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{065FC1F3-9ED6-83E8-0595-519D9C0E43FF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{077B6257-5FF2-99E2-4271-626F5736BD18} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{09312E20-8C50-C241-742B-35F21EDA9875} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0AD1A770-F33D-516E-A6BD-A3AEB8568EAC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0ADD4D53-B7DD-20F8-2AC9-AB9CB538A46F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1082088A-E784-5093-F9A0-07E5588FA67C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1486290A-90C1-388F-ADC8-6BFAA6B057E8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{15E6172A-5F7D-3085-1E94-14DA8D1A4479} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{18BDB348-E8B0-D5A4-55F2-74FD4CB49A69} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{18DF9808-F6C9-984B-EDE3-0B7624EC452A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1BD83F34-5674-FA0D-E5B2-7D7655F0D46F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1D3E7FA6-E393-C514-F461-E0B59435D825} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1D7E3B41-23CE-469B-BE1B-A64B877923E1} -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{29CDA41A-A8EB-6A68-BBF5-2877418D55C7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2C874D56-A88C-3E88-B23F-99BEE8C67943} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3507B32F-B4F9-0B6B-5168-A74196010FA0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38A09FC8-FCAF-3D1E-A6D6-FB0A0E2E2D98} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38BCC2CD-AF0A-EC41-D4CB-035F1C7378C9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{430B869B-EB6E-CBD3-5E4D-6D279372AA20} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4AD64CAF-CC40-779E-C47E-E23705C41C75} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4C1CBC17-3C15-343F-1E7C-D8F447935C05} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{551764CC-ABCF-335C-76F6-62283B478A0F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5735BB6F-7A93-49E1-B628-ABB60DAA5F0B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5E60DAD4-D59A-D1EA-A0B3-BD226EE43523} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{67A0E5DD-D21D-3F1C-2FD5-07C50B27B4BD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{69C2D4B0-CE91-AAB5-0BB5-4F75B848492D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6D3DF846-86BE-A81E-C69E-5A1818F8E929} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{714C2287-DB2D-3514-4785-8EC21BA5C5F1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{72071605-48F5-CC68-B374-2CDDF451F27F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{735DDAC7-F8F1-47DD-D87A-6AF0100B6A48} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{76518006-D7C5-4C71-68F4-DA79559FA482} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{795714A8-C9C0-E8BD-30DB-A0DA3B603993} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7B28CC5E-5425-8989-13A1-2929DDA8CC5F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7DA446BF-5485-78F9-CC9A-2A02C93519E4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{83CBE2FB-4038-4351-9B1C-E69BF75962AA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{869EE607-5376-486d-8DAC-EDC8E239AD5F} -> Not-A-Virus.Exploit.CHM : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{89AB4821-CF17-C091-03A2-0E3A0FC89B56} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8BBD3FEB-8F56-FA45-F83E-0589E7E09434} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8F60435F-DF74-6308-E8CB-509D69906821} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{905BD5E4-261C-4EFD-5456-CD124D7B9D18} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{929F8E8D-2C15-4240-E685-FA3C645381C5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9913F006-5621-D9B4-E3CB-064477E8D278} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9AC37E11-63C7-D3E6-8EAE-1319DCCFBDC1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9E1455BA-AB98-5AEA-F11B-65367B604345} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9E146D60-4062-8C7C-D33B-14CDCD0418AE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A6BFC374-18DF-B761-3902-53957EFA4847} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B4D50626-AAF0-64AC-F1D5-8A697DD0E515} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BD757058-7180-2CE5-E5B6-8C70AEF236CC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C432F8C9-5E41-F564-674E-C21B8257061B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D6C7DB36-C0AC-C91F-B408-61A55E5AB6C5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E1259401-E429-8855-B814-BD6EF247346C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E4E0C452-0B6D-5B6B-E0AD-5D2B7C054116} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E647591B-D33E-72B8-A7F0-9D55C2A7369D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EDB041DC-4D4D-649F-F3B9-249E35ABBEF0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F1E91259-92C0-8767-A2E0-85139867622A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F22C21C3-2FA8-F0A7-72B3-7927ADEFC66E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F2903213-C2D0-B852-F56D-8B10D6C8C121} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\Classes\SearchRelevancy\CLSID -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8F9FBEB8-D216-4d6c-8D21-513157E09C0D} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Relevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy\Update -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\WildMedia -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\WildMedia\LicenseStores -> Spyware.MidAddle : Cleaned with backup
C:\bikini.exe -> Spyware.WinAD : Cleaned with backup
C:\Program Files\Internet Explorer\tlfgcqtj.exe -> TrojanDownloader.WinShow.ac : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1419D673-349C-4791-A65B-C4A335\33AFDBD0-BD2B-40B2-A455-FF53E3 -> Spyware.Wintol : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\1419D673-349C-4791-A65B-C4A335\E06FF398-82FF-4230-BE55-81DF7C -> Trojan.Tb.a : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3656660D-BC46-4846-9571-B32058\E9050BC6-BEF9-4EF9-94F1-7822BA -> Spyware.Wintol : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8765E317-0303-40CB-966C-911426\0DF1B999-87D5-4D82-A642-9B8211 -> Spyware.Wintol : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076227.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076228.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076229.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076230.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076243.PIF:igdhrs -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076268.dll -> TrojanDownloader.WinShow.v : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076272.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076273.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076274.exe -> TrojanDownloader.Vb.Cw : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076275.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076276.exe -> TrojanDownloader.Agent.ac : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076277.exe -> TrojanDownloader.Small.kl : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076278.exe -> TrojanDownloader.Turown.G : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076285.PIF:derddg -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076285.PIF:igdhrs -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076311.PIF:derddg -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1081\A0076311.PIF:igdhrs -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076386.PIF:cyqakq -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076386.PIF:dbzpxu -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076386.PIF:derddg -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076386.PIF:igdhrs -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076388.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076402.PIF:cyqakq -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076402.PIF:dbzpxu -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076402.PIF:derddg -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076402.PIF:igdhrs -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076405.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076408.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076409.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076418.ini:gwyreo -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076419.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1082\A0076432.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0076435.ini:gwyreo -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0076438.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0076594.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0076595.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0076596.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0076597.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0076598.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0076599.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0076600.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0076601.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0076602.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0089056.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0089073.ini:gwyreo -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0089132.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0089142.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0089143.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0089144.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0089145.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0089146.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1083\A0089149.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089170.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089177.dll -> Spyware.SearchPage : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089186.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089187.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089188.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089189.exe -> Backdoor.VB.nb : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089190.exe -> Backdoor.VB.nb : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089235.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089236.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089237.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089255.exe -> TrojanDownloader.Apropo.d : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089256.exe -> TrojanDownloader.Apropo.i : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089257.exe -> Spyware.PurityScan.u : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089258.exe -> TrojanDownloader.Apropo.i : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089259.exe -> Trojan.Scapur : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089260.exe -> TrojanDownloader.Apropo.i : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089287.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089289.ini:gwyreo -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP1084\A0089294.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\addaj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addas32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\adday.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addbn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addbs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\adddg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addeb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addfc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addfc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addfp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addgy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addhi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addlf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addln.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addme.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addmm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addnf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addnw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addoz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addpa32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addpq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addpt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addqc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addqj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addrl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addth32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addtu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addwn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addyc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addyz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addzf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiak.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiax.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apibn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apicd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiea32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiee.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apier.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apifn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apigd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apigm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apihy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apihz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiia.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiie32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiih32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apilj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apilm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apime32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apinn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apinv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apipq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiqb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiqm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apird.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiri.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apirr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apism.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apita32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiuj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiul32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apius.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiuw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apivg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apivr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiwk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiws32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiww32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiwy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apixp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apixt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apixz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apizi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apizu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appam32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appbs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appei32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appgp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appig.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appjd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appjh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appkf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appmb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appmi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appmk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appmu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appna.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appna32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appnk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appoc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appot32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apppr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appqd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appqi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appqm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appqz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apprr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apptd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appth32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appti32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apptq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apptt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appty32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appvc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appvn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appwj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appyc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appyn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appzf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\appzi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlby32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlco.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlde.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atler32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlgu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlgw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlio32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atliu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atljd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atljx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlka.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlko32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlni32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlnk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlno.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlpn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlpv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlqw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlrr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlsq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atltv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlud32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atluk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlwt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlww.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlxh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlxq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlyf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlzh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlzp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crad32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crbs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crcw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crea32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cren.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crev32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crfn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crgk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crhh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crhr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\criy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crkc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crmu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crob.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crps.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crqp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crqu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crrv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crty.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crua32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cruf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cruk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crvs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crvt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crwi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\cryb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\crzx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3cf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3db32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3dp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3gx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ie32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3it.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3je.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3lb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ls.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3mb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3md32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3mk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3ne32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3nu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3pc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3qd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3qq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3rc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3rm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3rw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3sb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3sj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3so32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3us32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3vv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3vw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3vz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3wg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3wx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3xs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\d3yi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieau.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieay.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iebf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iebq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iebu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iecn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iedb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iede.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iedm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iedv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieet32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iefl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iegi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iegl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iegv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iehl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieip32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieis32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieka.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iekf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iemi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieml32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iena.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieqn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieqs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieqy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieqz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ierp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ietp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieve.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ievf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ievn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iewf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iexm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieyl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieys32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieyu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iezv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipab32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipaj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipbj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipbn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipcf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipdd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipdo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipfw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipfx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipfz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipgd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipgk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipgo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipgp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipha.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipjr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipjw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipkh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipkl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipkv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipld.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipls.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipmm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipnm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipns.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipns32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipnx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ippw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipqr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipru32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipsj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipso.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipti.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipun.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipvn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipwc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipww32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipxe.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipxf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipyh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaaw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaay.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javabd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javabl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javabx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javabz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javack.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javadg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javadh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaeq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaex.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javafh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javafp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javafx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javahw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javahz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaik.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javalc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javalf32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javalh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javalk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javamc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javanb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javank32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javanv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javanz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaoq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javapa32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javapq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaqc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaqi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javasb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaua32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javauk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javauk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javavc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javavq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javavs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javawf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javawk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaxe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaxu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javayj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javayn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javayx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javazl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javazs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javazw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javazx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcab32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcak.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcam32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcbv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcch32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfccq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcdy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcfg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcgd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcgt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfchm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcjj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcls.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcmh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcml32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcne32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcnt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcoc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcof32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcpq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcra32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcrn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcrs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcru.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcrx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcsa32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfctt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcvg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcvk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcwp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcwu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcxe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcxh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcya.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcyh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfcyi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfczi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfczi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msai32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msaw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msaz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msbk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msbl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msbq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msbw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msdc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msde32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msdj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msdu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msej.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msez.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msfk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msfm32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msgh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msht32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mshu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msia.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mskf.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mskg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mskl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mskn.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mskv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msmj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msmp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msmz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msnl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msop32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mspe.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msqq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mssw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msue.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msvt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msxe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msxm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msxn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msxv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msyb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msym32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\msyq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mszy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netaa.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netad.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netag32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netau32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netaz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netbg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netbl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netbx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netbz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netcd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netdl.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netdq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netef.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netfg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netfp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netgh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netgj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netgk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netgl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nethh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netis.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netiw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netix32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netiz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netkq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netkv32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netlt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netmz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netnp.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netoj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netpm.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netpo32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netpt32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netpw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netqx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netrb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netrz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nettb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nettd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netui.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netum.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netvs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netwq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netyw32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netyy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netzd.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntak32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntav.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntbg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntcr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntdu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntgi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntgs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nthe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nthn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntho32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nthq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntht32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nthu.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nthx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntka.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntkt.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntkx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntlv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntlw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntmc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntmk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntmn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntmv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntmw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntmx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntnl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntns32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntpc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntqu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntri32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntrl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntrs.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntrs32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntsi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nttz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntux.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntvr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntwc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntwe.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntwh32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntwp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntxr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntyy32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ntzp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ocxdi.txt:jvsehk -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkam32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkdz32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdker32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkex.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkfe32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkfx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkgp32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkhq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkhw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkip.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkix.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkjr32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkmc32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkmd32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkmk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdkmy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdknm.exe -> Trojan.Agent.bi : Cleaned with backup
C:�
  • 0

#6
Bandaid3

Bandaid3

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Here is my latest Hijackthis log as of 9pm sun night 7-10
Logfile of HijackThis v1.99.1
Scan saved at 9:15:18 PM, on 7/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dmsih.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dmsih.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dmsih.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dmsih.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dmsih.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dmsih.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dmsih.dll/sp.html#37049
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {E8C9ADD5-CA09-D0FC-4AA0-02602550DB38} - C:\WINDOWS\apipq32.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [appsc.exe] C:\WINDOWS\system32\appsc.exe
O4 - HKLM\..\Run: [sysxk.exe] C:\WINDOWS\sysxk.exe
O4 - HKLM\..\RunOnce: [javard32.exe] C:\WINDOWS\javard32.exe
O4 - HKLM\..\RunOnce: [winzm32.exe] C:\WINDOWS\system32\winzm32.exe
O4 - HKLM\..\RunOnce: [sdkmj32.exe] C:\WINDOWS\system32\sdkmj32.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\d3fp32.exe" /s (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\Bob\Local Settings\Temporary Internet Files\Content.IE5\09YF4D2F\cwshredder[1].exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\lotus\notes\ntmulti.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
  • 0

#7
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Hi Bandaid3,


We got some of it, but not all. Some of these may seem like repeated steps, sometimes you have to do it more than once. Don't be discouraged :tazz:


DOWNLOAD PROGRAMS


If you already have some of these program, just ensure they are updated if applicable.

Download about:buster by RubbeRDuckY Here.
Download CWShredder Here.
Download SpSeHjfix Here.
Download and install CleanUp! Here

Save programs to your desktop for easy access, Please do not run any of the programs unless told to do so.

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)


Run the CleanUp! installer. You dont need to do anything with it right now.

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder

THE FIX


Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

5. Go to Start->Run and type in services.msc and hit OK. Then look for Remote Procedure Call (RPC) Helper and double click on it. Click on the Stop button and under Startup type, choose Disabled.

6. Close all browsers, windows and unneeded programs.

7. Open HiJack and do a scan.

8. Put a Check next to the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dmsih.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dmsih.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dmsih.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dmsih.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dmsih.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dmsih.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dmsih.dll/sp.html#37049
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {E8C9ADD5-CA09-D0FC-4AA0-02602550DB38} - C:\WINDOWS\apipq32.dll (file missing)
O4 - HKLM\..\Run: [appsc.exe] C:\WINDOWS\system32\appsc.exe
O4 - HKLM\..\Run: [sysxk.exe] C:\WINDOWS\sysxk.exe
O4 - HKLM\..\RunOnce: [javard32.exe] C:\WINDOWS\javard32.exe
O4 - HKLM\..\RunOnce: [winzm32.exe] C:\WINDOWS\system32\winzm32.exe
O4 - HKLM\..\RunOnce: [sdkmj32.exe] C:\WINDOWS\system32\sdkmj32.exe
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\d3fp32.exe" /s (file missing)


9. click the Fix Checked box

10. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\system32\dmsih.dll
C:\WINDOWS\apipq32.dll
C:\WINDOWS\system32\appsc.exe
C:\WINDOWS\sysxk.exe
C:\WINDOWS\javard32.exe
C:\WINDOWS\system32\winzm32.exe
C:\WINDOWS\system32\sdkmj32.exe
C:\WINDOWS\d3fp32.exe


11. Please run about:buster by RubbeRDuckY:
  • Click Begin Removal.
  • It will begin to check your computer for malicious files.
  • AboutBuster will finish and open a new page. Follow the instructions for protection on that page.
  • Shut down AboutBuster. A log should have been created.Please Save this log and copy it in your next post.
12. Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

13. Run the program CleanUp!

14. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

15. Please post an Active scan log, SpSeHjfix log, about:buster log and a fresh HiJackThis log. Let me know how your computer is running.
  • 0

#8
Bandaid3

Bandaid3

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hello Excal-
I think we are making progress. My browser has come back to the original homepage but we are still showing some spyware or adware. Here is the ACTIVE scan log from 7-12, followed by the 3 other reports.

Incident Status Location

Adware:Adware/SaveNow No disinfected C:\WINDOWS\system32\datastore.dll
Adware:Adware/StatBlaster No disinfected Windows Registry
Adware:Adware/SearchAid No disinfected C:\Documents and Settings\Bob\Application Data\winlink
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\system32\pcs
Adware:Adware/SideSearch No disinfected C:\WINDOWS\sepsd.bin
Adware:Adware/IEDriver No disinfected C:\WINDOWS\system32\Sub.dll
Adware:Adware/ExactSearch No disinfected Windows Registry
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Ab scissor.url
Adware:Adware/SearchAid No disinfected C:\Documents and Settings\Bob\Favorites\Only sex website.url
Adware:Adware/SearchAid No disinfected C:\Documents and Settings\Bob\Favorites\Search the web.url
Adware:Adware/SearchAid No disinfected C:\Documents and Settings\Bob\Favorites\Seven days of free [bleep].url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Ab scissor.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Broadband comparison.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Credit counseling.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Credit report.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Crm software.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Debt credit card.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Escorts.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Fha.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Health insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Help desk software.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Insurance home.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Loan for debt consolidation.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Loan for people with bad credit.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Marketing email.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Mortgage insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Mortgage life insurance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Nevada corporations.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Online Betting Site.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Online gambling casino.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Online instant loan.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Order phentermine.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Payroll advance.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Personal loans online.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Personal loans with bad credit.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Prescription Drugs Rx Online.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Refinancing my mortgage.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Tahoe vacation rental.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Unsecured bad credit loans.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\Videos.url
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\Bob\Favorites\Sites about\What is hydrocodone.url
Adware:Adware/ISearch No disinfected C:\install.cab
Adware:Adware/ISearch No disinfected C:\install.cab[initial.inf]
Adware:Adware/ISearch No disinfected C:\install.cab[isearch.cat]
Adware:Adware/DelFinMedia No disinfected C:\keys.ini
Adware:Adware/WinTools No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\1419D673-349C-4791-A65B-C4A335\5A1EF493-F17B-4047-87DC-BF9314
Adware:Adware/WinTools No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\3656660D-BC46-4846-9571-B32058\ACBC4450-830D-4688-8AF9-0D74D1
Adware:Adware/WinTools No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\8765E317-0303-40CB-966C-911426\B70669AE-0056-40A3-BBCA-852ADD
Adware:Adware/SearchRelevancy No disinfected C:\Program Files\SearchRelevant\uninstall.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\d3mk32.dll
Possible Virus. No disinfected C:\WINDOWS\Downloaded Program Files\f10213.exe
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\Downloaded Program Files\setup.inf
Adware:Adware/SearchAid No disinfected C:\WINDOWS\javahb32.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\ntcj32.exe
Adware:Adware/SideSearch No disinfected C:\WINDOWS\sepsd.bin
Adware:Adware/SearchAid No disinfected C:\WINDOWS\sysst32.exe
Adware:Adware/Startpage.VQ No disinfected C:\WINDOWS\SYSTEM32\apidp32.exe
Adware:Adware/SaveNow No disinfected C:\WINDOWS\SYSTEM32\datastore.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\netau.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\netiw.exe
Adware:Adware/IEDriver No disinfected C:\WINDOWS\SYSTEM32\sub.dll
Adware:Adware/SearchAid No disinfected C:\WINDOWS\SYSTEM32\sysxj.exe
Adware:Adware/SearchAid No disinfected C:\WINDOWS\winshow.new

HERE IS THE HIJACK THIS LOG FROM 7-12:
Logfile of HijackThis v1.99.1
Scan saved at 3:35:41 PM, on 7/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\lotus\notes\ntmulti.exe
C:\WINDOWS\System32\NMSSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

Here is SPSEHFIX log:
(7/12/05 2:03:23 PM) SPSeHjFix started v1.1.2
(7/12/05 2:03:23 PM) OS: WinXP Service Pack 2 (5.1.2600)
(7/12/05 2:03:23 PM) Language: english
(7/12/05 2:03:23 PM) Win-Path: C:\WINDOWS
(7/12/05 2:03:23 PM) System-Path: C:\WINDOWS\system32
(7/12/05 2:03:23 PM) Temp-Path: C:\DOCUME~1\Bob\LOCALS~1\Temp\
(7/12/05 2:03:27 PM) Disinfection started
(7/12/05 2:03:27 PM) Bad-Dll(IEP): (not found)
(7/12/05 2:03:27 PM) Bad-Dll(IEP) in BHO: (not found)
(7/12/05 2:03:27 PM) UBF: 4 - UBB: 0 - UBR: 3
(7/12/05 2:03:27 PM) UBF: 4 - UBB: 0 - UBR: 3
(7/12/05 2:03:27 PM) Bad IE-pages: (none)
(7/12/05 2:03:27 PM) Stealth-String not found
(7/12/05 2:03:27 PM) Not infected->END

FINALLY HERE IS THE ABOUT BUSTER LOG for 7/11 & 7/12:

AboutBuster 5.0 reference file 30
Scan started on [7/11/2005] at [9:47:38 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:cabaaf
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:cyyzv
------------------------------------------------
Removed File! : C:\Windows\grjnb.dll
Removed File! : C:\Windows\System32\rbjzm.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 9:48:53 PM


AboutBuster 5.0 reference file 30
Scan started on [7/12/2005] at [1:59:14 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:eivyfz
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 2:00:28 PM
  • 0

#9
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

1. Click this link to be sure you can view hidden files.

2. Ensure you are NOT connected to the internet.

3. Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

4. Please remove the following folders using Windows Explorer (if present):

C:\Documents and Settings\Bob\Application Data\winlink
C:\Documents and Settings\Bob\Favorites\Sites about
C:\WINDOWS\system32\pcs
C:\Program Files\SearchRelevant


5. Please remove just the files from the following paths using Windows Explorer (if present):

C:\WINDOWS\system32\datastore.dll
C:\WINDOWS\sepsd.bin
C:\WINDOWS\system32\Sub.dll
C:\Documents and Settings\Bob\Favorites\Only sex website.url
C:\Documents and Settings\Bob\Favorites\Search the web.url
C:\Documents and Settings\Bob\Favorites\Seven days of free [bleep].url
C:\install.cab
C:\install.cab[initial.inf]
C:\install.cab[isearch.cat]
C:\keys.ini
C:\WINDOWS\d3mk32.dll
C:\WINDOWS\Downloaded Program Files\f10213.exe
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\javahb32.exe
C:\WINDOWS\ntcj32.exe
C:\WINDOWS\sepsd.bin
C:\WINDOWS\sysst32.exe
C:\WINDOWS\SYSTEM32\apidp32.exe
C:\WINDOWS\SYSTEM32\datastore.dll
C:\WINDOWS\SYSTEM32\netau.exe
C:\WINDOWS\SYSTEM32\netiw.exe
C:\WINDOWS\SYSTEM32\sub.dll
C:\WINDOWS\SYSTEM32\sysxj.exe
C:\WINDOWS\winshow.new


6. Reboot into normal mode and please run this online virus scan: ActiveScan - Save the results from the scan!

7. Please post the Active scan log and a fresh HiJackThis log. Let me know how your computer is running.
  • 0

#10
Bandaid3

Bandaid3

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hello Excal
Won't be able to get this until tomorrow Thursday.
By the way do donations go directly to you or to the organization or??
Appreciate all your help
  • 0

#11
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
OK, I will be here ;)

:tazz:

Excal
  • 0

#12
Bandaid3

Bandaid3

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hi Excal
Sorry for the delay...very busy at work. I could not get active scan to run. Is there a time limit on free usage? I think I am in pretty good shape. I will run an ewido search and post it if that helps. Let me update Paypal acct and send something your way. Thx for the help
  • 0

#13
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
You can try one of these:

HouseCall
Kaspersky


And also post me another HJT log.


Thanks,

:tazz:

Excal
  • 0

#14
Excal

Excal

    Malware Slayer Extraordinaire!

  • Retired Staff
  • 12,739 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP