Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Download.Trojan [CLOSED]

Started by canadiandude18 , Jul 11 2005 06:40 PM

  • This topic is locked This topic is locked

#16
canadiandude18
Posted 19 July 2005 - 03:17 PM

canadiandude18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Trevuren,

You are going to hate me. There was a power outage in my area and my computer was rebooted. Should I continue with the fix or repost another HJT log? I appreciate your help.

Dean
  • 0

Advertisements

#17
Trevuren
Posted 19 July 2005 - 03:29 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
You will have to post another HJT log. I will have the solution ready for you in less than 90 minutes. You have to be prepared to work on it right away. If you are not, just tell me and we will wait until you have the time.


Trevuren
  • 0

#18
canadiandude18
Posted 19 July 2005 - 04:00 PM

canadiandude18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I will not be able to dedicate the time today. I am currently at work running between here and the infected system so we will have to wait till tomorrow. Again, thanks. I made a donation for your troubles.

Tomorrow morning when I arrive, I will boot up the computer, run HJT, then wait for your instructions. I've set aside tomorrow morning to work through it and try and get rid of this bug. Would it be beneficial to have the HJT log posted tonight and then start tomorrow morning? or just post tomorrow morning and wait. Again, thank you for all your help.

Dean
  • 0

#19
Trevuren
Posted 19 July 2005 - 04:28 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Post it this evening, if you can, and I can have a solution ready for you to work on at your convenience. Leave the machine on after posting the log and connected to the internet.


Trevuren
  • 0

#20
canadiandude18
Posted 20 July 2005 - 07:17 AM

canadiandude18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Missed your last post. I'm going to go down this morning (7:15 AM) my time to get the log ready and post. I'll wait for your response then go back.

Dean
  • 0

#21
canadiandude18
Posted 20 July 2005 - 07:39 AM

canadiandude18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here is the fresh version. I'm able to devote most of my morning to this so I'll wait for your post and then go through your instructions.

Dean

Logfile of HijackThis v1.99.1
Scan saved at 7:36:14 AM, on 20/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\crkl32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Symantec AntiVirus\DoScan.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dumbp.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dumbp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dumbp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dumbp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dumbp.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dumbp.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dumbp.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {1F3B6D24-DC88-92C0-E04A-33C5D03372D6} - C:\WINDOWS\d3ec32.dll (file missing)
O2 - BHO: Class - {21258EF1-13DE-0334-9DB4-2B3E344FFB37} - C:\WINDOWS\addie.dll (file missing)
O2 - BHO: Class - {32EDCCFD-DAC9-D83E-5DB1-6CB6E0DCD071} - C:\WINDOWS\atlnc.dll (file missing)
O2 - BHO: Class - {515E6800-C37D-9309-FEE4-5E5649A955B4} - C:\WINDOWS\system32\crkl32.dll
O2 - BHO: Class - {8A6CC6D7-0B91-E885-6A98-060D69AD062E} - C:\WINDOWS\system32\javaey.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Class - {F009C904-5AB7-85E4-C623-5FECE3432B2D} - C:\WINDOWS\system32\ieia.dll (file missing)
O2 - BHO: Class - {FA368488-8008-3889-4E2F-86BBFD486BD2} - C:\WINDOWS\system32\d3ga32.dll (file missing)
O2 - BHO: Class - {FF52343D-FFCF-6EB3-A181-B08A3DCB6B9A} - C:\WINDOWS\system32\iehp.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [wincg32.exe] C:\WINDOWS\wincg32.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [mskl.exe] C:\WINDOWS\mskl.exe
O4 - HKLM\..\Run: [crkl32.exe] C:\WINDOWS\system32\crkl32.exe
O4 - HKLM\..\RunOnce: [appcm.exe] C:\WINDOWS\system32\appcm.exe
O4 - HKLM\..\RunOnce: [javauo32.exe] C:\WINDOWS\javauo32.exe
O4 - HKLM\..\RunOnce: [netdc32.exe] C:\WINDOWS\system32\netdc32.exe
O4 - HKLM\..\RunOnce: [sysxp.exe] C:\WINDOWS\system32\sysxp.exe
O4 - HKLM\..\RunOnce: [javaix32.exe] C:\WINDOWS\javaix32.exe
O4 - HKLM\..\RunOnce: [sdkco32.exe] C:\WINDOWS\sdkco32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\javaxi.exe" /s (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Roger Stewart\Desktop\Dean's Malware Removal\CWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Thanks.
  • 0

#22
Trevuren
Posted 20 July 2005 - 09:13 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Step#1:Getting Ready

(the reason Wordpad was chosen is that Notepad is sometimes deleted by this variant)


Please save these instructions to WordPad so that you have them accessible while following the steps. You also may want to print out these directions as the Internet will not be available. You must disconnect from the internet totally, as staying connected while fixing will prevent the fix from working. Also please keep Internet Explorer and Outlook Express closed throughout as opening either will reinstall the infection. Read through all the instructions so that you can ask any questions now, before you disconnect from the Internet.

Please start by downloading the tools you will need to clean this infection. If you have a problem or question with any please continue to follow the list step by step to the end and ask the questions when you are asked to reply. Just be sure to let us know what the problem was when you finally reply.


Step#2:Show All Hidden Files

Please download and open the following zip file. Double-click on the file inside the zip and when it asks you if you would like to merge the file into your registry, please answer yes. This will make sure all files are visible on your computer.
http://www.davehigha...ds/xphidden.zip


Step#3:Download CWShredder

1. Please Download the most recent version of CWShredder, from CWSInstall.exe

2. Check for Updates but please Do NOT use it yet


Step#4:Download About Buster


1. Please download About:Buster from here: http://www.malwareby...boutBuster5.zip.

2. Once it is downloaded extract it to c:\aboutbuster.

3. Check to make sure it is up-to-date. Please Do NOT use it yet


Step#5:Download Registrar Lite

Another program to download is Registrar Lite for use later: Please download Registrar Lite and install it to C:\Program Files\RegLite\ . This is a registry editor that is very easy to use.




Please disconnect from the Internet




Step#6:Disable The Bad Service
  • Reboot your computer into Safe Mode by tapping F8 while booting up and continue for the rest of the fix in SAFE MODE
  • Click on start > control panel > administrative programs > services. Look for a service called Workstation NetLogon Service . Double click on that service and click stop and then set the startup to disabled. Also write down the name and path of the file listed in the Path to executable field. This filename must be deleted below.
Step#7:Stop The Running Processes


Press control-alt-delete to get into the task manager and end the following processes if they exist:

C:\WINDOWS\system32\crkl32.exe

Step#8:Use HijackThis to Delete About Blank

Now using Windows Explorer I now need you to delete the following files:

C:\WINDOWS\system32\crkl32.exe
C:\WINDOWS\system32\dumbp.dll
C:\WINDOWS\d3ec32.dll
C:\WINDOWS\addie.dll
C:\WINDOWS\atlnc.dll
C:\WINDOWS\system32\crkl32.dll
C:\WINDOWS\system32\javaey.dll
C:\WINDOWS\system32\ieia.dll
C:\WINDOWS\system32\d3ga32.dll
C:\WINDOWS\system32\iehp.dll
C:\WINDOWS\wincg32.exe
C:\WINDOWS\mskl.exe
C:\WINDOWS\system32\appcm.exe
C:\WINDOWS\javauo32.exe
C:\WINDOWS\system32\netdc32.exe
C:\WINDOWS\system32\sysxp.exe
C:\WINDOWS\javaix32.exe
C:\WINDOWS\sdkco32.exe
C:\WINDOWS\system32\javaxi.exe



If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.



Step#9:Cleaning With HijackThis

Then close all programs and windows and run hijackthis. Put a checkmark next to each of these entries and click 'fix checked' button when ready (some may be gone after uninstalling some programs):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dumbp.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dumbp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\dumbp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\dumbp.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\dumbp.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dumbp.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\dumbp.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {1F3B6D24-DC88-92C0-E04A-33C5D03372D6} - C:\WINDOWS\d3ec32.dll (file missing)
O2 - BHO: Class - {21258EF1-13DE-0334-9DB4-2B3E344FFB37} - C:\WINDOWS\addie.dll (file missing)
O2 - BHO: Class - {32EDCCFD-DAC9-D83E-5DB1-6CB6E0DCD071} - C:\WINDOWS\atlnc.dll (file missing)
O2 - BHO: Class - {515E6800-C37D-9309-FEE4-5E5649A955B4} - C:\WINDOWS\system32\crkl32.dll
O2 - BHO: Class - {8A6CC6D7-0B91-E885-6A98-060D69AD062E} - C:\WINDOWS\system32\javaey.dll (file missing)
O2 - BHO: Class - {F009C904-5AB7-85E4-C623-5FECE3432B2D} - C:\WINDOWS\system32\ieia.dll (file missing)
O2 - BHO: Class - {FA368488-8008-3889-4E2F-86BBFD486BD2} - C:\WINDOWS\system32\d3ga32.dll (file missing)
O2 - BHO: Class - {FF52343D-FFCF-6EB3-A181-B08A3DCB6B9A} - C:\WINDOWS\system32\iehp.dll (file missing)
O4 - HKLM\..\Run: [wincg32.exe] C:\WINDOWS\wincg32.exe
O4 - HKLM\..\Run: [mskl.exe] C:\WINDOWS\mskl.exe
O4 - HKLM\..\Run: [crkl32.exe] C:\WINDOWS\system32\crkl32.exe
O4 - HKLM\..\RunOnce: [appcm.exe] C:\WINDOWS\system32\appcm.exe
O4 - HKLM\..\RunOnce: [javauo32.exe] C:\WINDOWS\javauo32.exe
O4 - HKLM\..\RunOnce: [netdc32.exe] C:\WINDOWS\system32\netdc32.exe
O4 - HKLM\..\RunOnce: [sysxp.exe] C:\WINDOWS\system32\sysxp.exe
O4 - HKLM\..\RunOnce: [javaix32.exe] C:\WINDOWS\javaix32.exe
O4 - HKLM\..\RunOnce: [sdkco32.exe] C:\WINDOWS\sdkco32.exe
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\javaxi.exe" /s (file missing)


click "fix checked"




Step#10: Backup The Registry

In the next step we are going to remove a service that gets installed by this malware.

1. Open Registrar Lite and run it.

2. Copy and paste the bold text below into the address bar of Registrar Lite:(this is making a Registry backup for safety in case of error)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\

Go to File> Export and and save as (in the C:\Program Files\Registrar Lite (Reglite) folder):

1.) Winkey.reg (Save as type: regedit4 .reg type)
2.) Winkey.hiv (Save as type: Scroll to select-regetd32/WinAPI *hiv *dat files)


Step#11: Delete the Registry Entries


3. Copy and paste each line of bold text below into the address bar of Reglite one at a time:
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\11Fßä#·ºÄÖ`I
  • Click Go
  • If 11Fßä#·ºÄÖ`I exist it will be highlighted in the left pane , right click on it and choose delete from the menu.

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\11Fßä#·ºÄÖ`I
  • Click Go
  • If 11Fßä#·ºÄÖ`I exist it will be highlighted in the left pane , right click on it and choose delete from the menu.

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\11Fßä#·ºÄÖ`I
  • Click Go
  • If 11Fßä#·ºÄÖ`I exist it will be highlighted in the left pane , right click on it and choose delete from the menu.
4. Copy and Paste each line of bold text below into the address bar of Registrar Lite one at a time:
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_11Fßä#·ºÄÖ`I
  • Click Go
  • If LEGACY_11Fßä#·ºÄÖ`I exist it will be highlighted in the left pane , right click on it and choose delete from the menu.

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY__11Fßä#·ºÄÖ`I
  • Click Go
  • If LEGACY_11Fßä#·ºÄÖ`I exist it will be highlighted in the left pane , right click on it and choose delete from the menu.

    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY__11Fßä#·ºÄÖ`I
  • Click Go
  • If LEGACY_ 11Fßä#·ºÄÖ`I exist it will be highlighted in the left pane , right click on it and choose delete from the menu.
If you get errors when copying and pasting the above bold entries into RegLite please try replacing the bold text with the following abbreviated line, changed as necessary for each entry eg currentcontrolset001, currentcontrolset002
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
    AND
  • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_
If this search finds the bad entries please look in the left hand column for the funny looking letter/number combination and if found, right click and choose delete for each entry

Please be cautious in identifying the correct entries in the registry because deleting other entries may cause serious problems with your PC




Step#12:Fixing With CWShredder
  • CLOSE ALL WINDOWS except CWShredder
  • Run the program by clicking 'fix' and letting it fix all CWS remnants.
Step#13:Fixing With About Buster

This is the step where we will use About:Buster that you had downloaded previously.
  • Navigate to the c:\aboutbuster directory
  • double-click on aboutbuster.exe
  • When the tool opens press the OK button, then Start button, then the OK button
  • then finally the Yes button. It will start scanning your computer for files.
  • If it asks if you would like to do a second pass, allow it to do so.
  • Post the log file in your next reply
Step#14:Saving and Using a Reg File

Copy the contents of the Quote Box below to Notepad.
Name the file as fix.reg
Change the Save as Type to All Files
and Save it on the desktop


REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW]


Then double-click on the fix.reg file, and when it prompts to merge say yes, and this will clear some registry entries left behind by the process.

Reboot your computer back to normal mode


Step#15:Scan and Post a New HJT log with other logs
  • Scan again with HijackThis. We still have a few steps to complete but a log file at this time would be helpful.

    Reconnect To The Internet
  • Post both your log from About Buster and your HijackThis log here in this thread with any questions or problems that you have run into. There are still some steps that are necessary to clear out all of the malware. There will be necessary files that it has deleted that will need to be replaced.
Regards,

Trevuren
  • 0

#23
canadiandude18
Posted 20 July 2005 - 11:55 AM

canadiandude18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here it is. I keep getting a message addup32 is not a valid image and I'm currently running with no menu bar or desktop icons; just through the taskmanager and run command.

Logfile of HijackThis v1.99.1
Scan saved at 11:49:59 AM, on 20/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\addup32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\program files\hijackthis\hijackthis.exe
C:\WINDOWS\system32\ntcd32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {097FEAC8-2F66-1ADA-699F-2838B1F22928} - C:\WINDOWS\winzl32.dll
O2 - BHO: Class - {477DFB00-458F-F4CC-172C-32E10CB80CE3} - C:\WINDOWS\system32\sysva.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\RunOnce: [ntcd32.exe] C:\WINDOWS\system32\ntcd32.exe
O4 - HKLM\..\RunOnce: [winqs.exe] C:\WINDOWS\system32\winqs.exe
O4 - HKLM\..\RunOnce: [crwa32.exe] C:\WINDOWS\crwa32.exe
O4 - HKLM\..\RunOnce: [appkr.exe] C:\WINDOWS\appkr.exe
O4 - HKLM\..\RunOnce: [ielm.exe] C:\WINDOWS\ielm.exe
O4 - HKLM\..\RunOnce: [appxq32.exe] C:\WINDOWS\appxq32.exe
O4 - HKLM\..\RunOnce: [atlfq32.exe] C:\WINDOWS\system32\atlfq32.exe
O4 - HKLM\..\RunOnce: [syskg.exe] C:\WINDOWS\system32\syskg.exe
O4 - HKLM\..\RunOnce: [appgo.exe] C:\WINDOWS\system32\appgo.exe
O4 - HKLM\..\RunOnce: [winke.exe] C:\WINDOWS\winke.exe
O4 - HKLM\..\RunOnce: [mfccp.exe] C:\WINDOWS\system32\mfccp.exe
O4 - HKLM\..\RunOnce: [netpm.exe] C:\WINDOWS\netpm.exe
O4 - HKLM\..\RunOnce: [netqz32.exe] C:\WINDOWS\system32\netqz32.exe
O4 - HKLM\..\RunOnce: [sdkce32.exe] C:\WINDOWS\system32\sdkce32.exe
O4 - HKLM\..\RunOnce: [winse.exe] C:\WINDOWS\winse.exe
O4 - HKLM\..\RunOnce: [winaf32.exe] C:\WINDOWS\winaf32.exe
O4 - HKLM\..\RunOnce: [ntwu.exe] C:\WINDOWS\system32\ntwu.exe
O4 - HKLM\..\RunOnce: [sdkeu.exe] C:\WINDOWS\system32\sdkeu.exe
O4 - HKLM\..\RunOnce: [netjj.exe] C:\WINDOWS\system32\netjj.exe
O4 - HKLM\..\RunOnce: [sdkpz.exe] C:\WINDOWS\system32\sdkpz.exe
O4 - HKLM\..\RunOnce: [apihs.exe] C:\WINDOWS\apihs.exe
O4 - HKLM\..\RunOnce: [sysie32.exe] C:\WINDOWS\system32\sysie32.exe
O4 - HKLM\..\RunOnce: [atlfl32.exe] C:\WINDOWS\atlfl32.exe
O4 - HKLM\..\RunOnce: [winrp.exe] C:\WINDOWS\system32\winrp.exe
O4 - HKLM\..\RunOnce: [mscc.exe] C:\WINDOWS\mscc.exe
O4 - HKLM\..\RunOnce: [cryj.exe] C:\WINDOWS\system32\cryj.exe
O4 - HKLM\..\RunOnce: [sysqc32.exe] C:\WINDOWS\sysqc32.exe
O4 - HKLM\..\RunOnce: [addlz.exe] C:\WINDOWS\system32\addlz.exe
O4 - HKLM\..\RunOnce: [appyv32.exe] C:\WINDOWS\appyv32.exe
O4 - HKLM\..\RunOnce: [apidy.exe] C:\WINDOWS\apidy.exe
O4 - HKLM\..\RunOnce: [atlbt.exe] C:\WINDOWS\atlbt.exe
O4 - HKLM\..\RunOnce: [winmv32.exe] C:\WINDOWS\system32\winmv32.exe
O4 - HKLM\..\RunOnce: [ieoh32.exe] C:\WINDOWS\ieoh32.exe
O4 - HKLM\..\RunOnce: [addup32.exe] C:\WINDOWS\addup32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmat...enWebRadio.html (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\winmv32.exe" /s (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: CWShredder Service - InterMute, Inc. - C:\Documents and Settings\Roger Stewart\Desktop\Dean's Malware Removal\CWShredder.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Here is the aboutBuster log.


AboutBuster 5.0 reference file 28
Scan started on [20/07/2005] at [11:42:18 AM]
------------------------------------------------
Removed Stream! C:\WINDOWS\aucfg.ini:kwqpc
Removed Stream! C:\WINDOWS\BOOTSTAT.DAT:ywbhj
Removed Stream! C:\WINDOWS\CONTROL.INI:wvsba
Removed Stream! C:\WINDOWS\DJBDRV.LOG:ojydv
Removed Stream! C:\WINDOWS\dkble.dat:mhyma
Removed Stream! C:\WINDOWS\dpimv.log:rhxqo
Removed Stream! C:\WINDOWS\EXPLORER.SCF:ulrss
Removed Stream! C:\WINDOWS\FeatherTexture.bmp:mohan
Removed Stream! C:\WINDOWS\ggmxd.dat:kfszb
Removed Stream! C:\WINDOWS\imsins.BAK:sjnra
Removed Stream! C:\WINDOWS\KB885250.log:jkuun
Removed Stream! C:\WINDOWS\KB885884.log:qwwpn
Removed Stream! C:\WINDOWS\KB888113.log:sqheq
Removed Stream! C:\WINDOWS\KB893066.log:nnmwx
Removed Stream! C:\WINDOWS\KB893803v2.log:ljpdq
Removed Stream! C:\WINDOWS\KB896428.log:hqcjg
Removed Stream! C:\WINDOWS\kldaf.dat:sxauh
Removed Stream! C:\WINDOWS\MSDFMAP.INI:yozmu
Removed Stream! C:\WINDOWS\nlgzt.dat:ijvbw
Removed Stream! C:\WINDOWS\ntbtlog.txt:azrly
Removed Stream! C:\WINDOWS\OCGEN.LOG:niiay
Removed Stream! C:\WINDOWS\ODBCINST.INI:agduh
Removed Stream! C:\WINDOWS\OEWABLog.txt:krxps
Removed Stream! C:\WINDOWS\ORUN32.INI:kfcci
Removed Stream! C:\WINDOWS\REGLOCS.OLD:cmgsp
Removed Stream! C:\WINDOWS\SETUPLOG.DEL:fochr
Removed Stream! C:\WINDOWS\SIMPLY.INI:idffj
Removed Stream! C:\WINDOWS\smscfg.ini:ivcul
Removed Stream! C:\WINDOWS\Sti_Trace.log:wkbbr
Removed Stream! C:\WINDOWS\svcyk.log:hmbud
Removed Stream! C:\WINDOWS\SYSTEM.INI:fbamf
Removed Stream! C:\WINDOWS\VB.INI:dltec
Removed Stream! C:\WINDOWS\vnotc.dat:hcgrt
Removed Stream! C:\WINDOWS\xvobr.txt:cnlls
Removed Stream! C:\WINDOWS\zifnn.txt:yvqgn
Removed Stream! C:\WINDOWS\zrbvk.dat:akwbd
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:aklvg
------------------------------------------------
Removed File! : C:\Windows\ggmxd.dat
Removed File! : C:\Windows\wkxno.dll
Removed File! : C:\Windows\System32\ixpzy.dll
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 11:42:31 AM

Thanks for your help.

Dean
  • 0

#24
Trevuren
Posted 20 July 2005 - 12:17 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Your system is infected with a variant of the About:Blank infection.
  • First we must STOP, Disable, and DELETE a bad Added Service
    • Click Start>Run and type in: services.msc
    • Click OK
    • In the Services window find: Remote Procedure Call
    • Select/highlight and right click the entry, and choose: Properties
    • On the General tab, under Service Status click the Stop button
    • Beside: Startup Type, in the drop menu, select: Disabled
    • Click Apply, then OK
    • Open HJT and click config > misc tools > “delete an NT service
    • Copy and past: 11Fßä#·ºÄÖ`I
    • Click OK.
  • Download CWShredder
    Click check for updates. Do not use it yet.

  • Download Aboutbuster 5
    Unzip the file to its own folder (C:\AB) Do not use it yet.

  • Download: HomeSearchfix. Unzip it to your desktop. Do not use it yet.

  • Download Killbox
    Choose save as to your desktop. Unzip the file. Do not use it yet.

    Take care: some files can be hidden, so first go to start > control panel > folder options > view (tab) > mark “show hidden files en extensions >OK

    Please print out these directions for in safe mode you will have to be disconnected from the internet. You should entirely disconnect (UNPLUG) from the internet!!!

  • Reboot your system intosafe mode for all OS

  • Close all windows and open HijackThis.
    • Click "scan only” in the main window
    • Put a checkmark beside the following entries and click “FIX checked”.

      R3 - Default URLSearchHook is missing
      O2 - BHO: Class - {097FEAC8-2F66-1ADA-699F-2838B1F22928} - C:\WINDOWS\winzl32.dll
      O2 - BHO: Class - {477DFB00-458F-F4CC-172C-32E10CB80CE3} - C:\WINDOWS\system32\sysva.dll
      O4 - HKLM\..\RunOnce: [ntcd32.exe] C:\WINDOWS\system32\ntcd32.exe
      O4 - HKLM\..\RunOnce: [winqs.exe] C:\WINDOWS\system32\winqs.exe
      O4 - HKLM\..\RunOnce: [crwa32.exe] C:\WINDOWS\crwa32.exe
      O4 - HKLM\..\RunOnce: [appkr.exe] C:\WINDOWS\appkr.exe
      O4 - HKLM\..\RunOnce: [ielm.exe] C:\WINDOWS\ielm.exe
      O4 - HKLM\..\RunOnce: [appxq32.exe] C:\WINDOWS\appxq32.exe
      O4 - HKLM\..\RunOnce: [atlfq32.exe] C:\WINDOWS\system32\atlfq32.exe
      O4 - HKLM\..\RunOnce: [syskg.exe] C:\WINDOWS\system32\syskg.exe
      O4 - HKLM\..\RunOnce: [appgo.exe] C:\WINDOWS\system32\appgo.exe
      O4 - HKLM\..\RunOnce: [winke.exe] C:\WINDOWS\winke.exe
      O4 - HKLM\..\RunOnce: [mfccp.exe] C:\WINDOWS\system32\mfccp.exe
      O4 - HKLM\..\RunOnce: [netpm.exe] C:\WINDOWS\netpm.exe
      O4 - HKLM\..\RunOnce: [netqz32.exe] C:\WINDOWS\system32\netqz32.exe
      O4 - HKLM\..\RunOnce: [sdkce32.exe] C:\WINDOWS\system32\sdkce32.exe
      O4 - HKLM\..\RunOnce: [winse.exe] C:\WINDOWS\winse.exe
      O4 - HKLM\..\RunOnce: [winaf32.exe] C:\WINDOWS\winaf32.exe
      O4 - HKLM\..\RunOnce: [ntwu.exe] C:\WINDOWS\system32\ntwu.exe
      O4 - HKLM\..\RunOnce: [sdkeu.exe] C:\WINDOWS\system32\sdkeu.exe
      O4 - HKLM\..\RunOnce: [netjj.exe] C:\WINDOWS\system32\netjj.exe
      O4 - HKLM\..\RunOnce: [sdkpz.exe] C:\WINDOWS\system32\sdkpz.exe
      O4 - HKLM\..\RunOnce: [apihs.exe] C:\WINDOWS\apihs.exe
      O4 - HKLM\..\RunOnce: [sysie32.exe] C:\WINDOWS\system32\sysie32.exe
      O4 - HKLM\..\RunOnce: [atlfl32.exe] C:\WINDOWS\atlfl32.exe
      O4 - HKLM\..\RunOnce: [winrp.exe] C:\WINDOWS\system32\winrp.exe
      O4 - HKLM\..\RunOnce: [mscc.exe] C:\WINDOWS\mscc.exe
      O4 - HKLM\..\RunOnce: [cryj.exe] C:\WINDOWS\system32\cryj.exe
      O4 - HKLM\..\RunOnce: [sysqc32.exe] C:\WINDOWS\sysqc32.exe
      O4 - HKLM\..\RunOnce: [addlz.exe] C:\WINDOWS\system32\addlz.exe
      O4 - HKLM\..\RunOnce: [appyv32.exe] C:\WINDOWS\appyv32.exe
      O4 - HKLM\..\RunOnce: [apidy.exe] C:\WINDOWS\apidy.exe
      O4 - HKLM\..\RunOnce: [atlbt.exe] C:\WINDOWS\atlbt.exe
      O4 - HKLM\..\RunOnce: [winmv32.exe] C:\WINDOWS\system32\winmv32.exe
      O4 - HKLM\..\RunOnce: [ieoh32.exe] C:\WINDOWS\ieoh32.exe
      O4 - HKLM\..\RunOnce: [addup32.exe] C:\WINDOWS\addup32.exe
      O23 - Service: Remote Procedure Call (RPC) Helper ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\winmv32.exe" /s (file missing)

  • Run CWShredder and choose FIX

  • Start AboutBuster and press START, and then OK. The program will start scanning.

  • Doubleclick HomeSearchfix.reg to merge the info to the registry. You will be prompted to accept the merge, answer YES.

  • Start Killbox
    • Place a checkmark next to [x] Delete On Reboot.
    • Highlight the following list and Copy it (Ctrl+C) to the windows clipboard.

      C:\WINDOWS\addup32.exe
      C:\WINDOWS\system32\ntcd32.exe
      C:\WINDOWS\winzl32.dll
      C:\WINDOWS\system32\sysva.dll
      C:\WINDOWS\system32\winqs.exe
      C:\WINDOWS\crwa32.exe
      C:\WINDOWS\appkr.exe
      C:\WINDOWS\ielm.exe
      C:\WINDOWS\appxq32.exe
      C:\WINDOWS\system32\atlfq32.exe
      C:\WINDOWS\system32\syskg.exe
      C:\WINDOWS\system32\appgo.exe
      C:\WINDOWS\winke.exe
      C:\WINDOWS\system32\mfccp.exe
      C:\WINDOWS\netpm.exe
      C:\WINDOWS\system32\netqz32.exe
      C:\WINDOWS\system32\sdkce32.exe
      C:\WINDOWS\winse.exe
      C:\WINDOWS\winaf32.exe
      C:\WINDOWS\system32\ntwu.exe
      C:\WINDOWS\system32\sdkeu.exe
      C:\WINDOWS\system32\netjj.exe
      C:\WINDOWS\system32\sdkpz.exe
      C:\WINDOWS\apihs.exe
      C:\WINDOWS\system32\sysie32.exe
      C:\WINDOWS\atlfl32.exe
      C:\WINDOWS\system32\winrp.exe
      C:\WINDOWS\mscc.exe
      C:\WINDOWS\system32\cryj.exe
      C:\WINDOWS\sysqc32.exe
      C:\WINDOWS\system32\addlz.exe
      C:\WINDOWS\appyv32.exe
      C:\WINDOWS\apidy.exe
      C:\WINDOWS\atlbt.exe
      C:\WINDOWS\system32\winmv32.exe
      C:\WINDOWS\ieoh32.exe
      C:\WINDOWS\system32\winmv32.exe
    • Back in Killbox, go > file > paste from clipboard,
    • Click the red highlighted X button and click yes to the prompt when all the files have been pasted.
    • Then click OK
    • Exit Killbox and Reboot your PC.
  • After the reboot, Start AboutBuster AGAIN and scan AGAIN.

  • Clean temporary files:
    • Go > start > run and type cleanmgr and OK
    • Scan your system for files to remove.
    • Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
    • Click OK to remove those files.
    • Click Yes to confirm deletion.
  • Reboot your system into normal mode.

  • Download Ewido scan
    • Check for updates.
    • Let it do a full run.
    • Copy the log. Past it to a blank Notepad file and save it to post here.
  • Finally, run HijackThis, click SCAN, produce a LOG and POST it and the EWIDOscan log in this thread for review.
Regards,

Trevuren
  • 0

#25
canadiandude18
Posted 21 July 2005 - 10:13 AM

canadiandude18

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here is the Ewido scan log.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:12:13 AM, 21/07/2005
+ Report-Checksum: 97F97DE3

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{031788DE-6282-F9CD-262A-AA22CDA2B068} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{04D2569C-ED83-79FB-0E43-F43DFA258774} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{05C2ECE7-AB9F-8750-F571-7DD76F135929} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{06559367-A395-44B2-D6A0-0631D6323797} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0713F0EF-F47D-A3DA-A0F3-C2ED763086A3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07B18EA9-A523-4961-B6BB-170DE4475CCA} -> Spyware.MyWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{09248DC7-285D-A208-7675-8D1BAC7208C9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{09312E20-8C50-C241-742B-35F21EDA9875} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{097FBE5D-0CB9-381B-B07B-EDBEFEEADD4B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0ADD4D53-B7DD-20F8-2AC9-AB9CB538A46F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{12094FCA-1EE9-6EE5-5B4B-4B1EDA5F575C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{12FEFF17-907F-D9D8-2F06-FEC8F3C36A99} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1323178D-09E3-B628-CC3A-95630B64B7DA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{15E6172A-5F7D-3085-1E94-14DA8D1A4479} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{16C710FD-4C93-9C02-15FC-681DF7937350} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{18BDB348-E8B0-D5A4-55F2-74FD4CB49A69} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1B9CEE94-E0D7-13CF-2DA8-CA3C766EAAD0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1C1F1B09-C5DE-0C47-B128-B83F5668EB83} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1D232F9D-941D-5CD9-732F-8F6EC1977CF2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1F5650BA-2C95-0E8C-5C3F-D482646BF979} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{208BD4D8-3DA2-3736-A8E6-F3AF3479FA31} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{21F8F0E0-D881-0FBC-CD1D-D1F30C3905B4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{24E10FF7-10AA-6198-95AE-258D49D9ABCA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{29B25401-5964-022D-3AC2-C7207FEFF994} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{29CDA41A-A8EB-6A68-BBF5-2877418D55C7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2A6A2EFF-2FC6-683C-5911-BB1AC07E5964} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2A80D71D-33B8-3E91-8293-2130B34265A4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2A97DB56-E2B4-967C-AF9F-07FDF74289C2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B5A2313-AE67-454E-9A8B-F74070E57F1B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2CB60D9D-BA37-058C-7EA3-A52155F01235} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2EE38D01-F026-ABE1-0E63-6C92A5B58AE5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2FB10B1F-E342-08A1-CBAA-D4A2CD2ABAC6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3061EF1C-F3C8-2DAB-24E0-C96288EB621D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38A09FC8-FCAF-3D1E-A6D6-FB0A0E2E2D98} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3C2E0AC2-347B-07FF-761D-31083C460F98} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3D1F3C37-49CA-66D3-9877-04375ADE521D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3EA8A165-1EE8-2BEF-A8D1-9CDBD760FC43} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{44CE9131-E13C-D36A-083A-FAFF61E866CA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{452C15DF-936D-C8CB-B825-97DD4A210ABD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{46C8C875-7053-566F-B7DF-A8735884B10E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{47DA2122-90A1-597C-94D7-20963F392761} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4AD64CAF-CC40-779E-C47E-E23705C41C75} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4AEDA6FC-6816-F03C-12F8-CDE056451F16} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4C1CBC17-3C15-343F-1E7C-D8F447935C05} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5345A51F-E5D0-5A0D-1418-A1C95C417E3C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{53741D3E-19CE-5959-0908-3BB13C3C3990} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{595B569B-A80C-DEE4-5AE6-7AF21D2B6F17} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5BCC3EE7-9153-E89F-6D4E-9B02B02B4E2E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5C2B2D9C-60FC-5F4C-5894-68EB7DFA3935} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5F32646E-6D3E-257C-2369-EFD1A3A012F8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5FA0CF1E-5FF7-5212-6D7D-5710E683BABB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{64AB146B-0C39-DEC3-5AED-E2DA773C655F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{67A0E5DD-D21D-3F1C-2FD5-07C50B27B4BD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6D793FE9-8675-897B-589B-5BCAB9D3CFEF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EDB124C-8B12-ABA8-CA16-CEBAC7061ADE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EE714D9-32A7-986A-B54E-A994F454EDD3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{72071605-48F5-CC68-B374-2CDDF451F27F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{73A0FEF4-C4EC-89F0-F3BC-FE7F59AD1DBA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7658C68E-7ED4-8476-AC96-729091012307} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{77845652-D4FE-D2AD-12FA-F27B477D9B31} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{792E2C95-AEBD-D9B8-E958-AD1BB5A3D9BA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7A987646-F4B5-D9FC-CC46-E95A1713F3B5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7C36455F-C2B4-5BC0-575A-253825413F0C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7E2B347A-52AA-597F-9371-80822A8D1263} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8007F30A-ADD5-7E61-D29C-8F166BC8A3DD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{83CBE2FB-4038-4351-9B1C-E69BF75962AA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{85F1C7FC-7359-D6D5-C42B-F3E410DB4CAD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{88289CAD-8761-B286-1697-48C2E3A53747} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8BBD3FEB-8F56-FA45-F83E-0589E7E09434} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8C5CCFEB-D80B-9087-AE97-C7343DA6EFDD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8CD1D4D3-8260-44A7-67DD-A71E995AB77F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8DF52E69-BA52-5F6E-2A2A-0CD81E0F3492} -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8E22B410-9A68-7588-EDE1-05BA98980E7E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{905BD5E4-261C-4EFD-5456-CD124D7B9D18} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{929F8E8D-2C15-4240-E685-FA3C645381C5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{966FA744-197F-E95E-EB31-73BE39619DE2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9C149FC6-86A5-C649-4760-9E20AC138BED} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9CC4194D-70AD-AC3B-8852-00B56740427F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A01394EE-8B14-B1D4-AE65-22E7424A71D0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A4405AD1-A13C-E10B-4B57-D5092B102F2B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A6BFC374-18DF-B761-3902-53957EFA4847} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A97B64CA-35C4-DD86-2890-054EE94CE844} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AB8789CE-01B6-4B58-C2C0-77D8144D5741} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ABFF8236-DCBD-E17B-0A69-6FD85FA199FE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AF6BCC5C-38B1-5871-226C-AC6482380057} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B4D50626-AAF0-64AC-F1D5-8A697DD0E515} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5423394-16FB-1F60-5AF9-6CAF30B35009} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BA8C901D-7125-D60E-C709-3E7F4A433A01} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BCF3D9B9-2A98-D31B-CDFB-D21F5D81CA48} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C092CEA0-FB34-5E12-83ED-47942941DECC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C0E27572-BE10-BE39-5F1B-F26255B8F141} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C6984483-D454-B316-4040-575B9FB13D11} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C74DF792-DD4B-4B33-4D25-BB3E8A211BB3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C881C594-6F3E-F3F1-EA4B-72C7CEA3E7DB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C9368290-DE0B-80FF-0E2D-8933F6CA1A46} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CAF35453-A9AB-61D6-E032-1F6CE85168F3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D02510A9-69A7-24D5-85DA-D3EC8E911C73} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D0EFC5AD-B041-13C1-482F-CF46EFEFF6C3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D27DD7B4-A72B-4B66-2BD3-262B793A3C2C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D605EAFF-2C3A-4619-43C1-4FFB062F68DE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D6063F46-66EC-A24F-FC65-2CF52E8C6A80} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D75897AF-4779-FE93-0121-038FA5AA18C4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D85FBAA5-5F33-6173-D800-EFD4E38AE63E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DA826568-8230-C8BC-199C-3E738A0E5A48} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DBC8BCC3-8C2E-707C-3D8D-72B88F17460E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DF74F87A-B7C0-F480-1D25-D81A257B3152} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E1259401-E429-8855-B814-BD6EF247346C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E4E0C452-0B6D-5B6B-E0AD-5D2B7C054116} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E86BE419-1604-4EE0-BE0A-2F9928513BDC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E8A06DEA-6626-407D-5720-FE211C989AC1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E8C74323-6EAC-41DF-4232-E6575DCCE375} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EA8D7DFA-04BF-99E7-595C-535DC7F0EFBA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EC6CC6A4-2DE4-7D97-7906-9D8567369627} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EDE4719B-AC04-9EE1-7AEA-7712560B2832} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EE5F21BB-197A-041B-53A6-055C6B35DD91} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EE72D9B5-81C8-E738-8F1C-E3D4FED74E0D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EF4CB83E-BEF0-2DE3-F01E-55D0127FF3EA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F1B10CDC-1975-EC0C-C522-2571525E92CF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F22C21C3-2FA8-F0A7-72B3-7927ADEFC66E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F2903213-C2D0-B852-F56D-8B10D6C8C121} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F80F0D50-2D6C-75C3-606A-3DFE0F4FC5D0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA112FA2-B6C7-CE6A-DE50-FEAF22C15154} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA986CDE-0FA2-33A9-ECFD-8291DFA81985} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FBD21FB3-D80F-1A9B-2038-2D60684CDEE0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FC5F30D8-4A16-B1C4-CFF8-EE955DFA16A2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FDEDD1BB-EE5D-1AF2-C50B-11681C5E2A93} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FF8DA190-3574-11D4-8068-0060082AE372} -> Spyware.BingoFun : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FF9A5C46-DA40-2321-E19B-261681A78BB1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\KMiNT21 -> Spyware.DesktopSpyAgent : Cleaned with backup
HKLM\SOFTWARE\KMiNT21\PersonalInspector -> Spyware.DesktopSpyAgent : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\localNRD -> Spyware.BetterInternet : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BCF3D9B9-2A98-D31B-CDFB-D21F5D81CA48} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-2758022467-3488698515-2540776633-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12FEFF17-907F-D9D8-2F06-FEC8F3C36A99} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-2758022467-3488698515-2540776633-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{19909ED9-FBD8-EB91-C381-7E3707902938} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-2758022467-3488698515-2540776633-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BCF3D9B9-2A98-D31B-CDFB-D21F5D81CA48} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-2758022467-3488698515-2540776633-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FA368488-8008-3889-4E2F-86BBFD486BD2} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BCF3D9B9-2A98-D31B-CDFB-D21F5D81CA48} -> Spyware.CoolWebSearch : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Roger Stewart\Application Data\Mozilla\Firefox\Profiles\yuhs2ndo.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Hijackthis\backups\backup-20050715-164445-416.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\Program Files\Hijackthis\backups\backup-20050720-160646-446.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\Program Files\Hijackthis\backups\backup-20050720-160646-475.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\Program Files\MSN Messenger\riched20.dll -> Spyware.MyWebSearch : Cleaned with backup
C:\WINDOWS\addcz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addpa32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\addrs.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\apidl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apijq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiuk32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\apiyx.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\atlly.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\atlte.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlxj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\atlzy.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\aucfg.ini:azbsg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\aucfg.ini:hbuuy -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\aucfg.ini:rovzz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\aucfg.ini:ttsxp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\aucfg.ini:zlebk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\aucfg.ini:zqsil -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\CBCDIJKN.ini:auvhw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\CBCDIJKN.ini:ctvak -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\CBCDIJKN.ini:fwzmv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\CBCDIJKN.ini:ifjlf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\CBCDIJKN.ini:mdkdi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\CBCDIJKN.ini:ppvwe -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\CBCDIJKN.ini:vdpzf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\cdPlayer.ini:hqefv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\cdPlayer.ini:kdgir -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\cdPlayer.ini:pnacr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\cdPlayer.ini:pqvey -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\cdPlayer.ini:rsnmp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ckdow.txt:ciyjv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ckdow.txt:gjmib -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ckdow.txt:knhuh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ckdow.txt:sdxen -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ckdow.txt:wseka -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ckdow.txt:yaovy -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ckdow.txt:zscbt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\CONTROL.INI:aryxv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\CONTROL.INI:cuyxl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\CONTROL.INI:iqfsm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\CONTROL.INI:jgrvz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\CONTROL.INI:kysja -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\CONTROL.INI:lzwtv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\CONTROL.INI:mwkbx -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\CONTROL.INI:mxhnc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\CONTROL.INI:rlpax -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\CONTROL.INI:sglmn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\d3ru.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\DESKTOP.INI:chtfo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\DESKTOP.INI:csihc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\DESKTOP.INI:dtkvq -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\DESKTOP.INI:gqbjl -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\DESKTOP.INI:hxzpk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DESKTOP.INI:jktnm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DESKTOP.INI:pgppr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DESKTOP.INI:tvfex -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\DESKTOP.INI:wpeil -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\fgjma.txt:atvxc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\fgjma.txt:cfsfs -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\fgjma.txt:ibcqn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\fgjma.txt:jumcl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\fgjma.txt:uxzox -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\fgjma.txt:wpbsr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\gbniz.txt:fxfzp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\gbniz.txt:wjvlu -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\gbniz.txt:wmkfz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\gbniz.txt:wqbfgj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\gbniz.txt:xzloj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\gbniz.txt:ymjwq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\gfror.txt:gkzhd -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\gfror.txt:jcqro -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\gfror.txt:loxsg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\gfror.txt:otpjh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\gfror.txt:pfyvt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\gfror.txt:zscpk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\IE4 Error Log.txt:bzafn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\IE4 Error Log.txt:dvbrg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\IE4 Error Log.txt:onogv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\IE4 Error Log.txt:xkuan -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\IE4 Error Log.txt:zvjky -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ieab.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ielv.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\iemn32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iepc.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ieui.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipeb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\iphg.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ipic.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ipoj.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\itpys.txt:dvtjs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\itpys.txt:gaxnv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\itpys.txt:ggaak -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\itpys.txt:kngmm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\itpys.txt:owhcz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\itpys.txt:pqtew -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\itpys.txt:pzibh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\itpys.txt:wfomn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\itpys.txt:yphgc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\itpys.txt:ytzoh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\javabo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javafy.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\javafz.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\javagr.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javaqa.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\javaqx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javard.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javawq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\javayl.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\jinmi.txt:frusx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\jinmi.txt:njmdn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\jinmi.txt:qyaqk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\jinmi.txt:sdopy -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\jinmi.txt:vkaxw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\jinmi.txt:wzjpd -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\jinmi.txt:zhbdg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\keqhm.txt:taajr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\kwtrt.txt:pnvxc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\kwtrt.txt:snbkt -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\liveup.ini:chnck -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\liveup.ini:cnskg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\liveup.ini:ewosj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\liveup.ini:hcwuw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\liveup.ini:naqhm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\liveup.ini:rtxij -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\liveup.ini:xsmov -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mfcbh32.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mfcpg.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mfcrh.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mfcvi32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mfczq.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\mp10oem.txt:blxoj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mp10oem.txt:irnfx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mp10oem.txt:jouvk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mp10oem.txt:rdsca -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mp10oem.txt:vrdgn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\mp10oem.txt:yuinf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\mp10oem.txt:zzubt -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\MSDFMAP.INI:eezhc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\MSDFMAP.INI:enbai -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\MSDFMAP.INI:gplge -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\MSDFMAP.INI:igpnt -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\MSDFMAP.INI:vmbnh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\MSDFMAP.INI:zgihc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\msqx.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\msxx.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\netip.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\netma.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\netmx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\nsvug.txt:ufvnx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntbtlog.txt:imbot -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntbtlog.txt:mpxgh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntbtlog.txt:ngser -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ntbtlog.txt:pbbcm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ntbtlog.txt:rhysw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntbtlog.txt:vsyjq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntti.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ntui.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ODBC.INI:baojk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ODBC.INI:bwnzr -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ODBC.INI:dyqbd -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ODBC.INI:fglktg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ODBC.INI:grioc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ODBC.INI:gsrjt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ODBC.INI:ogttk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ODBC.INI:priio -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ODBC.INI:rvqixt -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\ODBC.INI:wfqhm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ODBC.INI:wsagp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ODBCINST.INI:fbzwg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ODBCINST.INI:fcqwf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ODBCINST.INI:nelag -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ODBCINST.INI:plwir -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ODBCINST.INI:svfio -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ODBCINST.INI:xuqih -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:lymqw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:mtppn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:pzgwu -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\OEWABLog.txt:tityb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\oncen.txt:admvb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\oncen.txt:fbrwl -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\oncen.txt:ofrcp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\oncen.txt:pqzdb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ORUN32.INI:ghtnp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ORUN32.INI:hwlru -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ORUN32.INI:lonxe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ORUN32.INI:nevgl -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ORUN32.INI:olmig -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ORUN32.INI:prvnl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ORUN32.INI:putby -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ORUN32.INI:qrblz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ORUN32.INI:rjdhc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ORUN32.INI:svbda -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ORUN32.INI:ujxft -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\ORUN32.INI:vmqcj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\ORUN32.INI:yhvpn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\oxtvn.txt:epekb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\oxtvn.txt:fobjo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\oxtvn.txt:jzdme -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\oxtvn.txt:lhwje -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\oxtvn.txt:oattz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\oxtvn.txt:tfcgz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\oxtvn.txt:verrw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\oxtvn.txt:vmszw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\oxtvn.txt:zhtzi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\photoed.INI:ascoy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\photoed.INI:bhdkf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\photoed.INI:bukhvo -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\photoed.INI:gchqv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\photoed.INI:hudrl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\photoed.INI:iwttd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\photoed.INI:rzemh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\photoed.INI:xvszj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\photoed.INI:zguvl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\PMK35_SETUP.ini:bsewv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\PMK35_SETUP.ini:cdyxs -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\PMK35_SETUP.ini:guika -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\PMK35_SETUP.ini:jsmhy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\PMK35_SETUP.ini:legrf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\PMK35_SETUP.ini:mxrso -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\PMK35_SETUP.ini:mzexl -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\PMK35_SETUP.ini:qcuoh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\PMK35_SETUP.ini:qdkll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\qanrb.txt:avwtu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\qanrb.txt:ehnrn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\qanrb.txt:flaxp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\qanrb.txt:jjhik -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\qanrb.txt:jystb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\qanrb.txt:mbanl -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\qanrb.txt:qbqgo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\qanrb.txt:qpeck -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\qanrb.txt:rzbeh -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\qanrb.txt:sajpr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\qanrb.txt:tvumpz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\rcqbv.txt:bwkgg -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\rcqbv.txt:crsox -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\rcqbv.txt:dzbxh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\rcqbv.txt:fqtjt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\rcqbv.txt:gfubt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\rcqbv.txt:jxwdc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\rcqbv.txt:ofjqz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\rcqbv.txt:oqhdx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\rcqbv.txt:qoswf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\rcqbv.txt:syfna -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\rcqbv.txt:zckai -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:bhvpu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:kdnke -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:pcahl -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:rylfk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:svdyb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SchedLgU.Txt:uzzwy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\screen.html:gnwrk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\screen.html:kbloe -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\screen.html:rwuib -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\screen.html:twtch -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\screen.html:yatcq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\sdksi.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\sdksi.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\sdksv.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\setuplog.txt:drjxk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\setuplog.txt:evnym -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\setuplog.txt:ezyvj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\setuplog.txt:fvvyd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\setuplog.txt:ghvcb -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\setuplog.txt:mkeqj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\setuplog.txt:saicz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\setuplog.txt:uskbz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\setuplog.txt:xqpax -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\setuplog.txt:xvhwn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SIERRA.INI:abznq -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SIERRA.INI:blfum -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SIERRA.INI:dmwsv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SIERRA.INI:fmcfd -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SIERRA.INI:fzihy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SIERRA.INI:gfplh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SIERRA.INI:kcrtl -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SIERRA.INI:olkgm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SIERRA.INI:otlvz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SIMPLY.INI:bclsk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SIMPLY.INI:ipxpoo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SIMPLY.INI:psjjf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\smscfg.ini:hmkmrl -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\smscfg.ini:mkksx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\smscfg.ini:nzdpo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\smscfg.ini:sktyw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\smscfg.ini:tqtqq -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\smscfg.ini:tvfex -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\smscfg.ini:tydrh -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\smscfg.ini:vkisz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\smscfg.ini:voars -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\sysha32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\syslu32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM.INI:eetua -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SYSTEM.INI:fmnts -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SYSTEM.INI:iiznx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\SYSTEM.INI:leoai -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SYSTEM.INI:rwwbf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SYSTEM.INI:zsczq -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SYSTEM.INI:zwqut -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\SYSTEM32\addlz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\addmb.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\apikj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\apppl32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\appuo.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\crag.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\crbx32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\crla.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\crxw.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\d3nz.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\f3PSSavr.scr -> Spyware.MyWebSearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\javaea32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\javajx.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\javaru32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\mfclb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\mskq32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\ntlk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\sdkjb32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\sdkkv.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\sysdk.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\syshj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\SYSTEM32\systh.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\syswl.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\sysyv.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\T30DebugLogFile.txt:eeini -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\T30DebugLogFile.txt:gself -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\T30DebugLogFile.txt:kyibe -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\T30DebugLogFile.txt:pxyij -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\T30DebugLogFile.txt:qnnyz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\tjwcc.txt:fctdd -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\tjwcc.txt:jdsmp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\tjwcc.txt:npdpv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\tjwcc.txt:pjqiz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\tjwcc.txt:plvbq -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\tjwcc.txt:poguk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\tjwcc.txt:vdcei -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\tjwcc.txt:yagil -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\tmupdate.ini:dlxrs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\tmupdate.ini:ekeim -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\tmupdate.ini:evpmf -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\tmupdate.ini:mthkk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\tmupdate.ini:rvdkm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\TSC.INI:dbter -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\TSC.INI:oigmb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\TSC.INI:rajnz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\TSC.INI:wmqpq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\TSC.INI:xvhho -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\tvump.txt:cqhuc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\tvump.txt:gpdko -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\tvump.txt:rzgyv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\tvump.txt:szzof -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\tvump.txt:vrvab -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\VB.INI:aksqs -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\VB.INI:cogvi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\VB.INI:djyvt -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\VB.INI:ivdrg -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\VB.INI:kmfkn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\VB.INI:lqjkj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\VB.INI:mevfl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\VB.INI:myckn -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\VB.INI:pwaxc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\VB.INI:qeewr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\VB.INI:ryaog -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\VB.INI:uyzfv -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\VB.INI:wyzte -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\VBADDIN.INI:aktco -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\VBADDIN.INI:apjng -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\VBADDIN.INI:gdwon -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\VBADDIN.INI:nbrnd -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\VBADDIN.INI:xukcy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\VPC32.INI:afzum -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\VPC32.INI:cachb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\VPC32.INI:lpxlp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\VPC32.INI:lttof -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\VPC32.INI:rnwoj -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\VPC32.INI:sdsto -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\VPC32.INI:womdz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\wifbe.txt:fctyp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\wifbe.txt:gotny -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\wifbe.txt:jnuau -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\wifbe.txt:llvbg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\wifbe.txt:omwgw -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\wifbe.txt:qslum -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\wifbe.txt:saniw -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\wifbe.txt:syskx -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\wifbe.txt:wdgvf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\wifbe.txt:xsrll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\WIN.INI:ahxfc -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\WIN.INI:czdzc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\WIN.INI:ezdys -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\WIN.INI:nunxd -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\WIN.INI:okjfp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\WIN.INI:phhni -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\WIN.INI:tauki -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\WIN.INI:urujm -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\WIN.INI:xzfvk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\WIN.INI:ymygy -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\winaw.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\winia.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\wininit.ini:aaytu -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\wininit.ini:bviet -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\wininit.ini:hwvfm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\wininit.ini:laanz -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\wininit.ini:nncab -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\wininit.ini:wvwhb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\winnj.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\winqj32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\xckge.txt:gxdur -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\xckge.txt:jejuo -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\xckge.txt:mptwp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\xckge.txt:pxpzr -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\xckge.txt:tnyfl -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\xvobr.txt:fxuzd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\xvobr.txt:qldhk -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\zifnn.txt:cnslm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\zifnn.txt:ctnip -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\zifnn.txt:egagt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\zifnn.txt:eqrzo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\zifnn.txt:ersqq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\zifnn.txt:ifdzf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINDOWS\zifnn.txt:kzvln -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\zifnn.txt:nnnaq -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\zifnn.txt:nqygm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\zifnn.txt:nzkje -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\zifnn.txt:vrvqm -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\WINDOWS\zifnn.txt:zfohq -> TrojanDownloader.Agent.bc : Cleaned with backup


::Report End

Here is the HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 10:12:29 AM, on 21/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\hphmon05.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar:
  • 0

Advertisements

#26
Trevuren
Posted 21 July 2005 - 11:36 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please post a new HJT log as most of your log did not come through in your pevious post.


Trevuren
  • 0

#27
Trevuren
Posted 07 August 2005 - 10:43 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP