Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack this log [CLOSED] [RESOLVED]


  • This topic is locked This topic is locked

#16
FallenAngel

FallenAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
C:\WINDOWS\system32\m?hta.exe

That file would NOT copy over to Killbox no matter what I did... so I ran it with the other files and did what you said.... but that file would NOT go into the box... I copied everything of what you said, tried ctrl-c, tried copying and pasting with the mouse...
-----------------------------------------------------------------------
Hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 7:41:29 PM, on 9/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\m?hta.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\htse\rrtc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Fallen_Angel\My Documents\download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.lycos.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {E193D001-4699-683E-E16D-490141EB78C1} - C:\WINDOWS\system32\kvnvw.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mm_server] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\sdx4dx.exe reg_run
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Rbrp] C:\Program Files\htse\rrtc.exe
O4 - HKCU\..\Run: [Naqlyfyb] C:\WINDOWS\system32\m?hta.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

Advertisements


#17
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please make sure that you can View Hidden Files
  • Click Start -> My Computer
  • Select Tools -> Folder options
  • Select the View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled.
  • Also make sure that 'Display the contents of system folders' is checked.
For more info on how to show hidden files click here.



Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

O2 - BHO: (no name) - {E193D001-4699-683E-E16D-490141EB78C1} - C:\WINDOWS\system32\kvnvw.dll (file missing)
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\sdx4dx.exe reg_run
O4 - HKCU\..\Run: [Rbrp] C:\Program Files\htse\rrtc.exe
O4 - HKCU\..\Run: [Naqlyfyb] C:\WINDOWS\system32\m?hta.exe
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINDOWS\system32\wuauclt.dll (file missing)



Please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
* if you have trouble getting into Safe mode go here for more info.




Once in Safe mode, delete these files or directories (Do not be concerned if they do not exist):

C:\WINDOWS\system32\sdx4dx.exe
C:\Program Files\htse <-- delete this folder
C:\WINDOWS\system32\m?hta.exe <-- the ? could represent any character, but this file should be dated recently.


Reboot your computer to go back to normal mode and post a new log.

Edited by Buckeye_Sam, 22 September 2005 - 11:50 AM.

  • 0

#18
FallenAngel

FallenAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 7:30:18 PM, on 9/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Fallen_Angel\My Documents\download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.lycos.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mm_server] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\sdx4dx.exe reg_run
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#19
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Can check for the existence of this file?

C:\WINDOWS\system32\sdx4dx.exe


Let me know if you find it.
  • 0

#20
FallenAngel

FallenAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
File not found.

I found it before I posted the hijack this log with the other 2 files/folders you asked me to delete... and I found and deleted all 3.

Did another search... did not find the file.
  • 0

#21
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
That's good news!

Delete your temp files
  • Navigate to the C:\Windows\Temp folder.
    • Open the Temp folder
    • Select Edit -> Select All
    • Select Edit -> Delete(or press the delete button on your keyboard) to delete the entire contents of the Temp folder.
  • Navigate to the C:\Windows\Prefetch folder.
    • Open the Prefetch folder
    • Select Edit -> Select All
    • Select Edit -> Delete(or press the delete button on your keyboard) to delete the entire contents of the Temp folder.
  • Click Start -> Run and type %temp% in the Run box.
    • Select Edit -> Select All
    • Select Edit -> Delete(or press the delete button on your keyboard) to delete the entire contents of the Temp folder.
  • Click Start -> Control Panel -> Internet Options.
    • Select the General tab
    • Under "Temporary Internet Files" Click "Delete Files".
    • Put a check by "Delete Offline Content" and click OK.
    • Click on the Programs tab then click the "Reset Web Settings" button.
    • Click Apply then OK.
  • Empty the Recycle Bin.


Fix this line with Hijackthis.

O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\sdx4dx.exe reg_run



Reboot and post a new hijackthis log.
  • 0

#22
FallenAngel

FallenAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
When clearing out the %temp% folder... it could not delete the Perflib_Perfdada_654 file because it said it was in use by another program... all I had OPEN was that folder itself...???
-----------------------------------------------------------------------------
New Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 3:12:56 PM, on 9/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Fallen_Angel\My Documents\download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.lycos.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mm_server] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\sdx4dx.exe reg_run
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#23
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Don't worry about that file in the temp folder.

Please lauch Ewido.
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
http://www.ewido.net...wnload/updates/

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.


Reboot your computer and post a new hijackthis log and the log from Ewido.
  • 0

#24
FallenAngel

FallenAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 3:17:12 PM, on 9/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Fallen_Angel\My Documents\download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.lycos.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mm_server] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\sdx4dx.exe reg_run
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

------------------------------------------------------------------------------------
Ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:07:20 PM, 9/25/2005
+ Report-Checksum: 8EC67ED8

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
[1412] C:\WINDOWS\system32\fgfkgfg.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
[1496] C:\WINDOWS\system32\fgfkgfg.dll -> TrojanDownloader.Qoologic.ac : Error during cleaning
[1504] C:\WINDOWS\system32\fgfkgfg.dll -> TrojanDownloader.Qoologic.ac : Error during cleaning
[1520] C:\WINDOWS\system32\fgfkgfg.dll -> TrojanDownloader.Qoologic.ac : Error during cleaning
[1580] C:\WINDOWS\system32\fgfkgfg.dll -> TrojanDownloader.Qoologic.ac : Error during cleaning
[1720] C:\WINDOWS\system32\fgfkgfg.dll -> TrojanDownloader.Qoologic.ac : Error during cleaning
[1760] C:\WINDOWS\system32\fgfkgfg.dll -> TrojanDownloader.Qoologic.ac : Error during cleaning
[404] C:\WINDOWS\system32\fgfkgfg.dll -> TrojanDownloader.Qoologic.ac : Error during cleaning
[2932] C:\WINDOWS\system32\fgfkgfg.dll -> TrojanDownloader.Qoologic.ac : Error during cleaning
C:\!Submit\fgfkgfg.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\!Submit\rrtc.exe -> TrojanDownloader.PurityScan.af : Cleaned with backup
C:\!Submit\vgactl.cpl -> TrojanDownloader.Qoologic.ad : Cleaned with backup
C:\!Submit\wuauclt.dll -> TrojanDownloader.Small : Cleaned with backup
C:\!Submit\wvgbv.dat -> TrojanDownloader.Qoologic.ac : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.203:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.205:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.233:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.234:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.235:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.236:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.301:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.326:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.328:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Falkag : Cleaned with backup
-> : Error during cleaning
:mozilla.330:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.337:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.338:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.339:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.340:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.341:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.342:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.343:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.344:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.347:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.348:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.349:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.364:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
:mozilla.370:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.371:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.372:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.373:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.374:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.375:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.376:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.377:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.378:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.387:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.405:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.406:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.407:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.408:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.419:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.434:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Xhit : Cleaned with backup
:mozilla.435:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Xhit : Cleaned with backup
:mozilla.460:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.463:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.464:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.465:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.466:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.502:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
:mozilla.503:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.506:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.513:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.515:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.516:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.533:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.534:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.535:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.536:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Clickagents : Cleaned with backup
:mozilla.547:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.548:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Commission-junction : Cleaned with backup
:mozilla.554:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.556:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.557:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.558:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.570:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.579:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.580:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.597:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.598:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.599:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.600:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.601:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.644:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.645:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.646:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.647:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.648:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.649:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.650:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.651:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.652:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.653:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.654:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.656:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.680:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.682:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.693:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.694:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.695:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.696:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.697:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.703:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.704:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.708:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.715:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.738:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.739:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.740:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.741:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.753:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.810:C:\Documents and Settings\Fallen_Angel\Application Data\Mozilla\Firefox\Profiles\default.x1t\cookies-1.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.836:C:\Documents and Settings\Fallen_Ange
  • 0

#25
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please fix this line with hijackthis.

O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\sdx4dx.exe reg_run



Reboot and check to see if it's still there. If you still find it, please post a new log from WinPFind.
  • 0

Advertisements


#26
FallenAngel

FallenAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
I fixed that line... rebooted... and it was still there... here's the WinPFind log... I ran it in regular mode... didn't know if you wanted me to run it in safe or regular mode???

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
PEC2 5/11/2005 10:14:00 PM 1587693 C:\crash.txt
PEC2 7/9/2004 2:17:16 PM 13265040 C:\dxnt.cab

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/23/2001 3:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
69.59.186.63 9/28/2005 11:55:08 AM 10240 C:\WINDOWS\SYSTEM32\ebrob.dll
209.66.67.134 9/28/2005 11:55:08 AM 10240 C:\WINDOWS\SYSTEM32\ebrob.dll
web-nex 9/28/2005 11:55:08 AM 10240 C:\WINDOWS\SYSTEM32\ebrob.dll
winsync 9/28/2005 11:55:08 AM 10240 C:\WINDOWS\SYSTEM32\ebrob.dll
69.59.186.63 9/28/2005 11:55:08 AM 46080 C:\WINDOWS\SYSTEM32\fgfkgfg.dll
209.66.67.134 9/28/2005 11:55:08 AM 46080 C:\WINDOWS\SYSTEM32\fgfkgfg.dll
web-nex 9/28/2005 11:55:08 AM 46080 C:\WINDOWS\SYSTEM32\fgfkgfg.dll
winsync 9/28/2005 11:55:08 AM 46080 C:\WINDOWS\SYSTEM32\fgfkgfg.dll
PECompact2 9/8/2005 11:08:28 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 9/8/2005 11:08:28 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 12:56:38 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
WinShutDown 5/9/1997 4:00:00 AM 64000 C:\WINDOWS\SYSTEM32\PFAUTO8.DLL
WinShutDown 5/9/1997 4:00:00 AM 68096 C:\WINDOWS\SYSTEM32\PRAUTO8.DLL
WinShutDown 5/9/1997 4:00:00 AM 68096 C:\WINDOWS\SYSTEM32\QPAUTO8.DLL
Umonitor 8/4/2004 12:56:46 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/23/2001 3:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
WinShutDown 5/9/1997 4:00:00 AM 72192 C:\WINDOWS\SYSTEM32\WPAUTO8.DLL

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 10:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/28/2005 11:54:58 AM S 2048 C:\WINDOWS\bootstat.dat
9/27/2005 10:25:46 PM H 54156 C:\WINDOWS\QTFont.qfn
9/8/2005 9:47:48 AM RHS 401408 C:\WINDOWS\system32\m?hta.exe
9/28/2005 11:58:42 AM H 1024 C:\WINDOWS\system32\config\default.LOG
9/28/2005 11:55:00 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG
9/28/2005 11:55:56 AM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
9/28/2005 12:09:02 PM H 20480 C:\WINDOWS\system32\config\software.LOG
9/28/2005 11:56:38 AM H 1024 C:\WINDOWS\system32\config\system.LOG
9/14/2005 10:43:28 PM H 1024 C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
9/28/2005 11:55:04 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
11/12/1999 6:11:00 AM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 2/22/2004 11:44:42 PM 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/23/2001 3:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/23/2001 3:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/23/2001 3:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 7:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/23/2001 3:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/23/2001 3:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/23/2001 3:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/23/2001 3:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/23/2001 3:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
6/6/2005 1:57:40 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
12/20/2003 1:02:30 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
5/30/2004 12:30:38 AM 1725 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
9/28/2005 10:46:30 AM 91648 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rtup.exe
5/30/2004 12:30:38 AM 928 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
10/20/2004 10:05:56 AM 1898 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 4.0 SE Calendar Checker .lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
12/19/2003 6:43:30 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
5/31/2004 10:25:04 PM 188 C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...
12/20/2003 1:02:30 AM HS 84 C:\Documents and Settings\Fallen_Angel\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
6/6/2005 1:54:06 PM 1213 C:\Documents and Settings\Fallen_Angel\Application Data\AdobeDLM.log
12/19/2003 6:43:30 PM HS 62 C:\Documents and Settings\Fallen_Angel\Application Data\desktop.ini
6/6/2005 1:54:04 PM 0 C:\Documents and Settings\Fallen_Angel\Application Data\dm.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\VersionsMenu
{03170921-4754-11cf-AB9A-00C0F00683EB} = E:\Corel\Suite8\Versions\CVersion.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi20041123.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{B95057E0-44DB-11CE-A5D1-00608C83BD3F}
= shellwp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\QuickFinderMenu
{C0E10002-0028-0001-C0E1-C0E1C0E1C0E1} = C:\Corel\Suite8\Programs\PFSE80.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\VersionsMenu
{03170921-4754-11cf-AB9A-00C0F00683EB} = E:\Corel\Suite8\Versions\CVersion.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu
{C0E10002-0028-0001-C0E1-C0E1C0E1C0E1} = C:\Corel\Suite8\Programs\PFSE80.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
UberButton Class = C:\Program Files\Yahoo!\Common\yiesrvc.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
PCTools Site Guard = C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}
YahooTaggedBM Class = C:\Program Files\Yahoo!\Common\YIeTagBm.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B56A7D7D-6927-48C8-A975-17DF180C71AC}
PCTools Browser Monitor = C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2D663D1A-8670-49D9-A1A5-4C56B4E14E84}
ButtonText = Spyware Doctor :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
ButtonText = Yahoo! Services :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
{FAA356E4-D317-42A6-AB41-A3021C6E7D52} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
mm_server C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
winsync C:\WINDOWS\system32\sdx4dx.exe reg_run

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Spyware Doctor "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
Norton SystemWorks "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
Yahoo! Pager "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
NoDrives 0
NoViewOnDrive 0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowCpl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\DisallowRun

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictCpl

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\RestrictRun

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Uninstall


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
UPnPMonitor {e57ce738-33e8-4c51-8354-bb4de9d215d1} = C:\WINDOWS\system32\upnpui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\Windows\System32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/28/2005 12:09:07 PM
  • 0

#27
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
That's fine the way you did it.

Please open Notepad, and copy/paste the code in the box below into a new text file. Save it as KillQoo.reg (set Filetype to "All Files") and save it on your Desktop.

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winsync"=-

Now Locate and DoubleClick KillQoo.reg-> Allow it to merge into the Registry!

Do not reboot yet!


Navigate to the C:\Windows\Prefetch folder.
  • Open the Prefetch folder
  • Select Edit -> Select All
  • Select Edit -> Delete(or press the delete button on your keyboard) to delete the entire contents of the Temp folder.
Do not reboot yet!


Use Killbox to delete these files on reboot.

C:\WINDOWS\SYSTEM32\ebrob.dll
C:\WINDOWS\SYSTEM32\fgfkgfg.dll
C:\WINDOWS\system32\sdx4dx.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rtup.exe



Reboot and run at least 2 of these virus scans. You must use IE for these scans.

Panda Virus Scan

Bit Defender

TrendMicro Housecall

There may be files that these scans will not remove. Please include that information in your next post.


Reboot and post a new hijackthis log and the info from your virus scans.
  • 0

#28
FallenAngel

FallenAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Should I replace the KillQoo.reg file that's currently on my desktop with code in it with the new one you just posted up??? or.......?
  • 0

#29
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Yes, you can replace it. Or just delete the old and create the new one.
  • 0

#30
FallenAngel

FallenAngel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Logfile of HijackThis v1.99.1
Scan saved at 6:57:59 PM, on 10/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Fallen_Angel\My Documents\download\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.lycos.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mm_server] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_server.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\sdx4dx.exe reg_run
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

-----------------------------------------------------------------------------------------------



BitDefender Online Scanner







Scan report generated at: Mon, Oct 03, 2005 - 17:11:13









Scan path: A:\;C:\;D:\;E:\;















Statistics

Time


01:06:17

Files


265255

Folders


4704

Boot Sectors


2

Archives


1459

Packed Files


47415







Results

Identified Viruses


20

Infected Files


97

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


152







Engines Info

Virus Definitions


214681

Engine build


AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

Scan plugins


13

Archive plugins


39

Unpack plugins


4

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\!Submit\ebrob.dll


Infected with: Trojan.Downloader.Qoologic.AC

C:\!Submit\ebrob.dll


Disinfection failed

C:\!Submit\ebrob.dll


Deleted

C:\!Submit\rtup.exe


Infected with: Trojan.Downloader.Qoologic.AC

C:\!Submit\rtup.exe


Disinfection failed

C:\!Submit\rtup.exe


Deleted

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rtup.exe


Infected with: Trojan.Downloader.Qoologic.AC

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rtup.exe


Disinfection failed

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rtup.exe


Delete failed

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008


Detected with: Adware.Wheaterbug.A

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008


Disinfection failed

C:\Program Files\AIM\Sysfiles\WxBug.EXE=>wise0008


Deleted

C:\Program Files\AIM\Sysfiles\WxBug.EXE


Update failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\007447F6.dll=>(Quarantine-2)


Infected with: Trojan.Clspring.126976.DLL

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\007447F6.dll=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\007447F6.dll=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\008519E5.dll=>(Quarantine-2)


Infected with: Trojan.Downloader.Qoologic.P

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\008519E5.dll=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\009241D6.exe=>(Quarantine-2)


Infected with: GenPack:Trojan.Downloader.Qoologic.P

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\009241D6.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\009241D6.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\009C3FCB.dat=>(Quarantine-2)


Infected with: Trojan.Downloader.Qoologic.N

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\009C3FCB.dat=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\009C3FCB.dat=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\09712968.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.Qoologic.I

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\09712968.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\09712968.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2C225D64.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.Qoologic.L

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2C225D64.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2C225D64.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2CA80390.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2CA80390.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2CA80390.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2FD3415C.exe=>(Quarantine-2)


Infected with: Trojan.Crypt.E

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2FD3415C.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\2FD3415C.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\36A279A3.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.Qoologic.N

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\36A279A3.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\36A279A3.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\37ED6672.exe=>(Quarantine-2)


Infected with: Trojan.Crypt.E

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\37ED6672.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\37ED6672.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\38180F6A.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\38180F6A.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\38180F6A.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3EA676EE.exe=>(Quarantine-2)


Infected with: Trojan.Crypt.E

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\3EA676EE.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\43435562.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\43435562.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\43435562.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\451B4CAE.exe=>(Quarantine-2)


Infected with: Win32.Worm.Mybot.EY

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\451B4CAE.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\451B4CAE.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46B26EEF.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46B26EEF.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\46B26EEF.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\48C83213.exe=>(Quarantine-2)


Infected with: Win32.Worm.Mybot.EY

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\48C83213.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\48C83213.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\48D23008.exe=>(Quarantine-2)


Infected with: Win32.Worm.Mybot.EY

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\48D23008.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\48D23008.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\55470598.exe=>(Quarantine-2)


Infected with: Win32.Worm.Alcan.A

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\55470598.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\55470598.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5AC94366.ocx=>(Quarantine-2)


Infected with: Trojan.Downloader.1887.A

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5AC94366.ocx=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5AC94366.ocx=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5C896F7D.exe=>(Quarantine-2)


Infected with: Win32.Worm.Mybot.EY

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5C896F7D.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5C896F7D.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E027EFB.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E027EFB.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E027EFB.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E0628F7.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.Qoologic.Q

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E0628F7.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E0628F7.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E0F26EC.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E0F26EC.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E0F26EC.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E1350E9.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E1350E9.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E1350E9.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E167AE5.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E167AE5.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E167AE5.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E1924E1.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E1924E1.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E1924E1.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E2078DA.dll=>(Quarantine-2)


Infected with: Trojan.Downloader.Qoologic.Q

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E2078DA.dll=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E2078DA.dll=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E264CD3.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.Qoologic.O

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E264CD3.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E264CD3.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E2D20CC.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E2D20CC.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E2D20CC.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E371EC1.dat=>(Quarantine-2)


Infected with: Trojan.Downloader.Qoologic.O

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E371EC1.dat=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E371EC1.dat=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E371EC1.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E371EC1.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\5E371EC1.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\62EA7078.exe=>(Quarantine-2)


Infected with: Trojan.Crypt.E

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\62EA7078.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\62EA7078.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\62ED1A74.exe=>(Quarantine-2)


Infected with: Trojan.Crypt.E

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\62ED1A74.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\62ED1A74.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\665A7F65.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\665A7F65.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\665A7F65.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6ED72B4F.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6ED72B4F.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6ED72B4F.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EDE7F48.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.Purityscan.O

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EDE7F48.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EDE7F48.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EE12945.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EE12945.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EE12945.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EE45341.dll=>(Quarantine-2)


Infected with: Trojan.Downloader.Qoologic.L

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EE45341.dll=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EE45341.dll=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EE45341.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.Qoologic.L

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EE45341.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EE45341.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EE87D3E.exe=>(Quarantine-2)=>(NSIS o)=>lzma_nsis0006=>(NSIS o)=>lzma_nsis0004=>(NSIS o)=>lzma_nsis0001


Detected with: Adware.BargainBuddy.R

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EE87D3E.exe=>(Quarantine-2)=>(NSIS o)=>lzma_nsis0006=>(NSIS o)=>lzma_nsis0004=>(NSIS o)=>lzma_nsis0001


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EE87D3E.exe=>(Quarantine-2)=>(NSIS o)=>lzma_nsis0006=>(NSIS o)=>lzma_nsis0004=>(NSIS o)=>lzma_nsis0001


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EE87D3E.exe=>(Quarantine-2)=>(NSIS o)=>lzma_nsis0006=>(NSIS o)=>lzma_nsis0004=>(NSIS o)


Update failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EEE5136.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EEE5136.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EEE5136.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EF17B33.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EF17B33.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EF17B33.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EF17B33.ocx=>(Quarantine-2)


Infected with: Trojan.Downloader.1887.A

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EF17B33.ocx=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EF17B33.ocx=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EF84F2C.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EF84F2C.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EF84F2C.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EFB7928.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EFB7928.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6EFB7928.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F024D21.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.Qoologic.I

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F024D21.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F024D21.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F0C4B16.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F0C4B16.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F0C4B16.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F0F7512.dll=>(Quarantine-2)


Infected with: Trojan.Clicker.Small.ET

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F0F7512.dll=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F0F7512.dll=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F121F0F.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F121F0F.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F121F0F.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F15490B.dat=>(Quarantine-2)


Infected with: Trojan.Downloader.Qoologic.L

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F15490B.dat=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F15490B.dat=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F197308.exe=>(Quarantine-2)


Infected with: Trojan.Sandbox.A

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F197308.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F197308.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1C1D04.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1C1D04.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6F1C1D04.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6FF5141A.exe=>(Quarantine-2)


Infected with: Win32.Worm.Mybot.EY

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6FF5141A.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\6FF5141A.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7578589E.exe=>(Quarantine-2)


Infected with: Win32.Worm.Mybot.EY

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7578589E.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7578589E.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7AD61852.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7AD61852.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7AD61852.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7ADA424F.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7ADA424F.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7ADA424F.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7ADD6C4B.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7ADD6C4B.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7ADD6C4B.exe=>(Quarantine-2)


Deleted

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7AE01647.exe=>(Quarantine-2)


Infected with: Trojan.Downloader.VB.EM

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7AE01647.exe=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton SystemWorks\Norton AntiVirus\Quarantine\7AE01647.exe=>(Quarantine-2)


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP442\A0156492.exe


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP442\A0156492.exe


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP442\A0156492.exe


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP442\A0156493.exe


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP442\A0156493.exe


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP442\A0156493.exe


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP442\A0156494.dll


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP442\A0156494.dll


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP442\A0156494.dll


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP442\A0156495.dll


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP442\A0156495.dll


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP442\A0156495.dll


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP443\A0156698.exe


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP443\A0156698.exe


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP443\A0156698.exe


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP443\A0156699.exe


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP443\A0156699.exe


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP443\A0156699.exe


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP443\A0156700.dll


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP443\A0156700.dll


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP443\A0156700.dll


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP443\A0156701.dll


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP443\A0156701.dll


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP443\A0156701.dll


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156714.exe


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156714.exe


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156714.exe


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156715.exe


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156715.exe


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156715.exe


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156716.dll


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156716.dll


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156716.dll


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156717.dll


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156717.dll


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156717.dll


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156727.exe


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156727.exe


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156727.exe


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156728.exe


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156728.exe


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156728.exe


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156729.dll


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156729.dll


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156729.dll


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156730.dll


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156730.dll


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156730.dll


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156739.dll


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156739.dll


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156739.dll


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156760.exe


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156760.exe


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156760.exe


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156761.exe


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156761.exe


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156761.exe


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156762.dll


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156762.dll


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156762.dll


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156763.dll


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156763.dll


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP444\A0156763.dll


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP445\A0156775.exe


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP445\A0156775.exe


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP445\A0156775.exe


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP445\A0156776.exe


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP445\A0156776.exe


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP445\A0156776.exe


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP445\A0156777.dll


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP445\A0156777.dll


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP445\A0156777.dll


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP445\A0156778.dll


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP445\A0156778.dll


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP445\A0156778.dll


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP445\A0156787.exe


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP445\A0156787.exe


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP445\A0156787.exe


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP445\A0156788.exe


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP445\A0156788.exe


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP445\A0156788.exe


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP445\A0156789.dll


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP445\A0156789.dll


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP445\A0156789.dll


Deleted

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP445\A0156790.dll


Infected with: Trojan.Downloader.Qoologic.AC

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP445\A0156790.dll


Disinfection failed

C:\System Volume Information\_restore{F1447C26-C729-49CB-8511-ABCD17929AAA}\RP445\A0156790.dll


Deleted

C:\WINDOWS\svrrunu.exe


Infected with: Trojan.Qrap.G

C:\WINDOWS\svrrunu.exe


Disinfection failed

C:\WINDOWS\svrrunu.exe


Deleted

C:\WINDOWS\system32\doxroxo.exe


Infected with: Trojan.Downloader.Qoologic.AC

C:\WINDOWS\system32\doxroxo.exe


Disinfection failed

C:\WINDOWS\system32\doxroxo.exe


Deleted

C:\WINDOWS\system32\ebrob.dll


Infected with: Trojan.Downloader.Qoologic.AC

C:\WINDOWS\system32\ebrob.dll


Disinfection failed

C:\WINDOWS\system32\ebrob.dll


Deleted

C:\WINDOWS\system32\fgfkgfg.dll


Infected with: Trojan.Downloader.Qoologic.AC

C:\WINDOWS\system32\fgfkgfg.dll


Disinfection failed

C:\WINDOWS\system32\fgfkgfg.dll


Delete failed

C:\WINDOWS\system32\sdx4dx.exe


Infected with: Trojan.Downloader.Qoologic.AC

C:\WINDOWS\system32\sdx4dx.exe


Disinfection failed

C:\WINDOWS\system32\sdx4dx.exe


Deleted

C:\WINDOWS\system32\wvgbv.dat


Infected with: Trojan.Downloader.Qoologic.AC

C:\WINDOWS\system32\wvgbv.dat


Disinfection failed

C:\WINDOWS\system32\wvgbv.dat


Deleted

-----------------------------------------------------------------------------------------
Panda Activescan

Incident Status Location

Adware:Adware/QoolShown No disinfected C:\WINDOWS\system32\fgfkgfg.dll
Virus:Trj/Qsuv.A Disinfected Operating system
Adware:adware/iedriver No disinfected C:\Documents and Settings\Fallen_Angel\Favorites\Get out of Debt!.url
Spyware:spyware/betterinet No disinfected C:\WINDOWS\INF\biini.inf
Adware:adware/sidesearch No disinfected C:\WINDOWS\sepsd.bin
Adware:adware/esyndicate No disinfected C:\PROGRAM FILES\eSyndicate
Adware:adware/blazefind No disinfected C:\PROGRAM FILES\WindowsSA
Adware:adware/wupd No disinfected C:\PROGRAM FILES\winupdate
Adware:adware/cws No disinfected C:\Documents and Settings\Fallen_Angel\Favorites\Fun & Games
Adware:adware/twain-tech No disinfected Windows Registry
Adware:Adware/PurityScan No disinfected C:\!Submit\kvnvw.dll
Virus:Trj/Qsuv.A
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP