[EclipsePie]

Ok my computer is acting funny and when I scanned with Mcafee there were 4338 potentionally unwated programs and 96 infected files and 93 of those were auto-cleaned. What should I do? The trojan not delete by McAfee was Trojan-byte Verify. this might just be left over adware from my recent spyware infection so it might not be as serious as I think it is.

Edited by EclipsePie, 23 July 2005 - 06:21 PM.

[Advertisements]

Hi EclipsePie and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. If you haven't logged in go to Geeks to Go and do so. Then proceed to item a.

If you already have logged in, go directly to item a.

a. Click on My Controls at the top right hand corner of the window.
b. In the left hand column, click "View Topics"
c. If you click on the title of your post, you will be taken there

2. Also, while at the My Controls page, check the box to the right of your post and then scroll down.
.Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"

3. Please DELETE your current HJT program from its present location.

4. Download and run the following HijackThis autoinstall program from Here HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!

A. Close ALL windows except HJT

B. SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')

C. POST the log in this thread using 'Add Reply' (Ctrl-V to 'paste')


DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren

[Trevuren]

Hi EclipsePie and welcome to the Geeks to Go Forums.

My name is Trevuren and I will be helping you with your log.

1. If you haven't logged in go to Geeks to Go and do so. Then proceed to item a.

If you already have logged in, go directly to item a.

a. Click on My Controls at the top right hand corner of the window.
b. In the left hand column, click "View Topics"
c. If you click on the title of your post, you will be taken there

2. Also, while at the My Controls page, check the box to the right of your post and then scroll down.
.Where it says "unsubscribe" click the pull-down menu and select "immediate email notification"

3. Please DELETE your current HJT program from its present location.

4. Download and run the following HijackThis autoinstall program from Here HJT needs to be in its own folder so that the program itself isn't deleted by accident. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!

A. Close ALL windows except HJT

B. SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')

C. POST the log in this thread using 'Add Reply' (Ctrl-V to 'paste')


DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE CHECK THE LOG, AS MOST OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER


Regards,

Trevuren

[EclipsePie]

Logfile of HijackThis v1.99.1
Scan saved at 10:35:04 PM, on 7/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SpyCatcher\DeleteSatellite.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Grant\Desktop\HighJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.homestarrunner.com
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.co...date/EARTPX.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/...gx/GrooveAX.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://eastowa.dcma.../EAST/msrdp.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.c...es/PROFILER.CAB
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.co...FamilyTeleX.cab
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.co...ty4LotTeleX.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.co...ic/SimCityX.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.co...ty4PatcherX.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino....boy/FlashAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.c...aploader_v6.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

[Trevuren]

If your system was that infected, you need a total checkup. There is a very good chance that there are other things lurking.

1. I want you to download and run a free trial version of an anti-trojan program called Trojan Hunter: Trojan Hunter . Let it scan your whole system and remove anything it finds.

REBOOT your system.

2. Please do a Panda Online virus scan HERE

REBOOT your machine


3.

• Download, install, update, configure, and run Ad-Aware SE Personal 1.06.
  • Download Ad-Aware SE Personal 1.06:
    • Download Ad-Aware SE Personal 1.05.
    • Save aawsepersonal.exe to a convenient location.
  • Install Ad-Aware SE Personal 1.06:
    • Double-click on aawsepersonal.exe to install the program.
    • Follow the default settings for installation.
    • After the program has finished installing uncheck the "Perform a full system scan now", "Update definition file now", and "Open the help file now" boxes.
  • Update Ad-Aware SE Personal 1.06:
    • Double-click the Ad-Aware SE Personal icon on your desktop.
    • Click "Check for updates now" then click "Connect".
    • It will check for any updates. If any are found click "OK" to download and install the updates. Once it has finished click "Finish".
  • Configure Ad-Aware SE Personal 1.06:
    • Click on the Gear button at the top of the window.
    • Click "General" on the left hand side to display the General Settings box.
      • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
      • "Automatically save logfile"
      • "Automatically quarantine objects prior to removal"
      • "Safe Mode (always request confirmation)"
      • "Prompt to update outdated definitions" - change to 7 days from the default 14.
  • Click "Scanning" on the left hand side to display the Scan Settings box.
    • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
    • "Scan within archives"
    • "Select drives & folders to scan" - select your hard drive(s).
    • "Scan active processes"
    • "Scan registry"
    • "Deep-scan registry"
    • "Scan my IE favorites for banned URLs"
    • "Scan my Hosts file"
  • Click "Advanced" on the left hand side to display the Advanced Settings box.
    • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
    • "Move deleted files to Recycle Bin"
    • "Include additional object information"
    • "Include negligible objects information"
    • "Include environment information"
  • Click "Defaults" on the left hand side to display the Default Settings box.
    • Make sure these items have your preferred settings in them.:
    • "Default homepage"
    • "Default searchpage"
  • Click "Tweak" on the left hand side to display the Tweak Settings box.
    • Click the + (plus) sign next to the Log Files section. This will expand the section.
    • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
      • "Include basic Ad-Aware settings in log file"
      • "Include additional Ad-Aware settings in log file"
      • "Include reference summary in log file"
      • "Include alternate data stream details in log file"
    • Click the + (plus) sign next to the Scanning Engine section. This will expand the section.
    • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
      • "Unload recognized processes & modules during scan"
      • "Scan registry for all users instead of current user only"
      • "Obtain command line of scanned processes"
    • Click the + (plus) sign next to the Cleaning Engine section. This will expand the section.
    • Make sure these items have a green check next to them. If they do not, click once on the circle next to them to put a green checkmark in it.:
      • "Always try to unload modules before deletion"
      • "During removal, unload Explorer and IE if necessary"
      • "Let Windows remove files in use at next reboot"
      • "Delete quarantined objects after restoring"
  • Once you are done with these settings, click "Proceed" to save them.
  • This will take you back to the main screen.
• Run Ad-Aware SE Personal 1.06:
  • Click the "Start" button.
  • Uncheck the "Search for negligible risk entries" entry.
  • Choose the "Use custom scanning options" scan mode.
  • Click the "Next" button.
  • Ad-Aware will begin to scan for malware residing on your computer.
  • Allow the scan to finish.
  • Right-click on any entry in the list and click "Select All" to select the whole list.
  • Click "Next" and choose "OK" at the prompt to quarantine and remove the objects.

REBOOT your system

4. Recheck with McAfee

5. Please get back to me with the results


Trevuren

[EclipsePie]

Ok I just scanned with Mcafee and 4031 adware files were deleted. I think those were the files that got instantly replacd by the spyware. Could I have a worse trojan like mydoom or something like that?

[Trevuren]

Did you use Trojan Hunter, Panda online and Ad-Aware?


Trevuren

[EclipsePie]

I used all of the programs you asked me to use.

[Trevuren]

Please send me a fresh HJT log


Trevuren

[EclipsePie]

Logfile of HijackThis v1.99.1
Scan saved at 11:10:09 PM, on 7/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\SpyCatcher\DeleteSatellite.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Grant\Desktop\HighJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.homestarrunner.com
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.co...date/EARTPX.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/...gx/GrooveAX.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://eastowa.dcma.../EAST/msrdp.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.c...es/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.co...FamilyTeleX.cab
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.co...ty4LotTeleX.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.co...ic/SimCityX.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.co...ty4PatcherX.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino....boy/FlashAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.c...aploader_v6.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

[Trevuren]

1. Is homestarrunner your homepage of choice?

2. To be sure, because of the McAfee results, I need you to run another scan. We just can't take a chance.

I need you to download MWav to a convenient location.

This scan might take around 3+ hours to finish when set to scan everything.
I need you to run MWav by double-clicking on mwav.exe. This scan only produces a report, it doesn't clean your system. I will analyze the report and recommend a course of action depending on the results.

Put a check next to the below items before scanning:

• Memory
• Startup Folders
• Drive - All Local Drives
• Folder - then click "browse" to change the directory to C: (default is C:\Windows)
• Registry
• System Folders
• Services
• Include Sub-Directory
• Scan All Files

Please make sure ALL of these are checked, then press the Scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

On the bottom portion of the window, you will see the lower panel where MWav is listing "infected items", please highlight everything in that lower panel and copy them by holding CTRL + C then paste it here. The whole log will be extremely BIG so there is no way to post the log. I just need the infected items list.

Regards,

Trevuren

[EclipsePie]

Object "cws.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "maxspeed Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ncase Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\roboex32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\CTDetect.cpl". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\ctmp3.acm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\dhtml2.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\toolbar.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\nCaseInstaller.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ubisoft\Crytek\Far Cry\Profiles\defaults\english\game.cfg". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ubisoft\Crytek\Far Cry\Profiles\defaults\french\game.cfg". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ubisoft\Crytek\Far Cry\Profiles\defaults\german\game.cfg". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ubisoft\Crytek\Far Cry\Profiles\defaults\italian\game.cfg". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ubisoft\Crytek\Far Cry\Profiles\defaults\japanese\game.cfg". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ubisoft\Crytek\Far Cry\Profiles\defaults\spanish\game.cfg". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ubisoft\Crytek\Far Cry\Profiles\player\player_profiles_placeholder.txt". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ubisoft\Crytek\Far Cry\Profiles\player\default\default_profile_placeholder.txt". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ubisoft\Crytek\Far Cry\Profiles\player\default\savegames\savegames_placeholder.txt". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Ubisoft\Crytek\Far Cry\Profiles\server\mapcycle.txt". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\CyberLink\ATIDVD\2ch.SIM". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0002E500-0000-0000-C000-000000000046}" refers to invalid object "C:\PROGRA~1\MICROS~3\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0002E510-0000-0000-C000-000000000046}" refers to invalid object "C:\PROGRA~1\MICROS~3\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0002E520-0000-0000-C000-000000000046}" refers to invalid object "C:\PROGRA~1\MICROS~3\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0002E530-0000-0000-C000-000000000046}" refers to invalid object "C:\PROGRA~1\MICROS~3\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0002E531-0000-0000-C000-000000000046}" refers to invalid object "C:\PROGRA~1\MICROS~3\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0002E532-0000-0000-C000-000000000046}" refers to invalid object "C:\PROGRA~1\MICROS~3\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{03464D56-2449-4F5C-9061-60310BD4DDC5}" refers to invalid object "C:\WINDOWS\System32\corelsys.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{36CC6FEE-A4F2-429A-AF76-B8FB30600AEC}" refers to invalid object "C:\Program Files\Creative\Shared Files\JB1PgHlp.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3836A5BF-51B3-4B37-8E96-9D429C22183C}" refers to invalid object "C:\Program Files\Creative\Shared Files\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{459E406E-B72F-11D1-A31B-00AA0061A911}" refers to invalid object "C:\Program Files\Creative\SBAudigy2\MiniDisc\Albumsvr.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4B9A5F7D-7908-4E59-B2DA-216D42B692B0}" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\CDFeatureRRObject.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4C85388F-1500-11D1-A0DF-00C04FC9E20F}" refers to invalid object "C:\PROGRA~1\MICROS~3\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5A2F3A17-A4A1-11D2-B129-00A0C98F3BCE}" refers to invalid object "C:\Program Files\Creative\SBAudigy2\MiniDisc\MDSvr.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{5A48B15E-B388-4A33-AB3F-E969A8DBF9A2}" refers to invalid object "C:\Program Files\Creative\SBAudigy2\WaveStudio\Pcm2Ext.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{63A6C5D6-15B1-48A3-9D84-DE87D5F13BD3}" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\CDFeatureRRObject.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object "C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{8722111A-DE20-48ac-832D-0CEDA23212AB}" refers to invalid object "C:\Program Files\Creative\Shared Files\CDDBUI.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{95612D1D-F6AB-4EC5-BE9F-B544861DA2B7}" refers to invalid object "C:\WINDOWS\System32\dhtml2.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{97D6D376-23BB-11D1-A0E1-00C04FC9E20F}" refers to invalid object "C:\PROGRA~1\MICROS~3\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9869EFB4-18E9-11D3-A837-00104B9E30B5}" refers to invalid object "C:\DOCUME~1\Grant\LOCALS~1\Temp\CMDLIN~1.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AA9B2BD7-B7AA-4d4a-AF5C-D7B2C8FB6582}" refers to invalid object "C:\Program Files\Creative\Shared Files\CDDBUI.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AB7AB3FF-EB55-4B40-AE1D-80ECEFA32E17}" refers to invalid object "C:\Program Files\Creative\Shared Files\CDDBUI.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{AF1A9404-6CA9-11D3-B053-00C04F4C0826}" refers to invalid object "C:\Program Files\Creative\Shared Files\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B0528CE4-F67E-11D2-8F8E-00C04F4C3B9F}" refers to invalid object "C:\Program Files\Creative\Shared Files\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B45A4A81-86DA-11D1-B706-00A024DDAFD1}" refers to invalid object "C:\Westwood\SUN\game.exe". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BBF37B9E-2F4F-11D3-B02F-00C04F4C0826}" refers to invalid object "C:\Program Files\Creative\Shared Files\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BBF37BA0-2F4F-11D3-B02F-00C04F4C0826}" refers to invalid object "C:\Program Files\Creative\Shared Files\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BBF37BA2-2F4F-11D3-B02F-00C04F4C0826}" refers to invalid object "C:\Program Files\Creative\Shared Files\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{BBF37BA4-2F4F-11D3-B02F-00C04F4C0826}" refers to invalid object "C:\Program Files\Creative\Shared Files\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C0351D61-F7C6-11d6-B886-00D0B76BF81E}" refers to invalid object "C:\PROGRA~1\Creative\SHARED~1\NM2PgHlp.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C073A662-A344-4611-8632-06452280EBB0}" refers to invalid object "C:\Program Files\Creative\Shared Files\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D734EAE8-0810-4513-99B6-DDAC4BC30E29}" refers to invalid object "C:\Program Files\Creative\Shared Files\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D7546AAE-A77A-11D1-B901-00AA00585640}" refers to invalid object "C:\Program Files\Microsoft Office\Office10\MSOWCF.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{D7546ABD-A77A-11D1-B901-00AA00585640}" refers to invalid object "C:\Program Files\Microsoft Office\Office10\MSOWCF.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{daa873d4-958c-453c-81ca-3fe6f3676a87}" refers to invalid object "C:\WINDOWS\system32:vdaa.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DB6E8F48-FD3E-11D0-A0BC-00C04FC9E20F}" refers to invalid object "C:\PROGRA~1\MICROS~3\Office10\MSOWC.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DC250EB2-2928-41c5-89C9-5FF86FEE1691}" refers to invalid object "C:\Program Files\MySearch\bar\2.bin\S4WBTEMP.DLL". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{DFEF3E96-F1D4-47CE-A429-2CC8C10DFDB6}" refers to invalid object "C:\Program Files\Creative\Shared Files\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F4BAFF02-F907-11D2-8F8F-00C04F4C3B9F}" refers to invalid object "C:\Program Files\Creative\Shared Files\CDDBControl.dll". Action Taken: No Action Taken.
Entry "HKCR\AcroIEHelper.AcroIEHlprObj" refers to invalid object "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}". Action Taken: No Action Taken.
Entry "HKCR\AcroIEHelper.AcroIEHlprObj.1" refers to invalid object "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Automap.Map.NA" refers to invalid object "{A49EEA00-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\Automap.Map.NA.9" refers to invalid object "{A49EEA00-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\Automap.Template.NA.9" refers to invalid object "{A49EEA00-9231-4C77-AA9E-2F89D72B4804}". Action Taken: No Action Taken.
Entry "HKCR\MiniBugTransporter.MiniBugTransporterX" refers to invalid object "{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}". Action Taken: No Action Taken.
Entry "HKCR\MiniBugTransporter.MiniBugTransporterX.1" refers to invalid object "{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}". Action Taken: No Action Taken.
Entry "HKCR\MoneySide.BrowserHelperObject" refers to invalid object "{FDD3B846-8D59-4FFB-8758-209B6AD74ACC}". Action Taken: No Action Taken.
Entry "HKCR\MoneySide.BrowserHelperObject.10" refers to invalid object "{FDD3B846-8D59-4FFB-8758-209B6AD74ACC}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\VSEditorFactory.VsEditorFactory.1" refers to invalid object "{CB3FCF01-03DF-11D1-81D2-00A0C91BBEE3}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMSServer.Server" refers to invalid object "{845FB959-4279-11D2-BF23-00805FBE84A6}". Action Taken: No Action Taken.
Entry "HKCR\WMSServer.Server.9" refers to invalid object "{845FB959-4279-11D2-BF23-00805FBE84A6}". Action Taken: No Action Taken.
File C:\WINDOWS\BDIBv4.exe infected by "Trojan-Downloader.Win32.Delf.cy" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\system32\KILLAPPS.EXE tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken.
File C:\Documents and Settings\All Users\Documents\AOL Downloads\aolsetup90\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Garrett.COOKIE\Local Settings\Temp\unpack\inst43.exe tagged as "not-a-virus:AdWare.Comet.r". Action Taken: No Action Taken.
File C:\Documents and Settings\Grant\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-42aa640a-7f44a7ec.class infected by "Trojan-Clicker.Win32.Spywad.b" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Grant\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\2a3304197e40983c0dfe8c06ff8ca6d6 tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.i". Action Taken: No Action Taken.
File C:\Documents and Settings\Grant\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\372197dc59c294f4c4fef813d55502db infected by "Trojan-Downloader.Win32.Small.hr" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Grant\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\6a4a893d49406ee88fcf34b14bc0c909 tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.l". Action Taken: No Action Taken.
File C:\Documents and Settings\Grant\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\90287747002727aa04999b51e882d95a tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.i". Action Taken: No Action Taken.
File C:\ms32.tmp infected by "Trojan-Downloader.Win32.Small.azk" Virus! Action Taken: No Action Taken.
File C:\Program Files\America Online 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP893\A0325459.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.l". Action Taken: No Action Taken.
File C:\WINDOWS\BDIBv4.exe infected by "Trojan-Downloader.Win32.Delf.cy" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\KILLAPPS.EXE tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken.
File C:\Documents and Settings\All Users\Documents\AOL Downloads\aolsetup90\comp01.000 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Documents and Settings\Garrett.COOKIE\Local Settings\Temp\unpack\inst43.exe tagged as "not-a-virus:AdWare.Comet.r". Action Taken: No Action Taken.
File C:\Documents and Settings\Grant\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\SecurityClassLoader.class-42aa640a-7f44a7ec.class infected by "Trojan-Clicker.Win32.Spywad.b" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Grant\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\2a3304197e40983c0dfe8c06ff8ca6d6 tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.i". Action Taken: No Action Taken.
File C:\Documents and Settings\Grant\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\372197dc59c294f4c4fef813d55502db infected by "Trojan-Downloader.Win32.Small.hr" Virus! Action Taken: No Action Taken.
File C:\Documents and Settings\Grant\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\6a4a893d49406ee88fcf34b14bc0c909 tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.l". Action Taken: No Action Taken.
File C:\Documents and Settings\Grant\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\90287747002727aa04999b51e882d95a tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.i". Action Taken: No Action Taken.
File C:\ms32.tmp infected by "Trojan-Downloader.Win32.Small.azk" Virus! Action Taken: No Action Taken.
File C:\Program Files\America Online 9.0\Jiti\Jiti_mm.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP893\A0325459.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWebSearch.l". Action Taken: No Action Taken.
File C:\WINDOWS\BDIBv4.exe infected by "Trojan-Downloader.Win32.Delf.cy" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\SYSTEM32\KILLAPPS.EXE tagged as not-a-virus:Tool.Win32.KillApp.c. No Action Taken.

[Trevuren]

1. Please DELETE the following file: C:\WINDOWS\BDIBv4.exe

2. Please run Ewido in Safe Mode as per the following instructions:[b]
Please follow the instructions provided, you may want to print out these instructions and use them as a reference.[/b]

• You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
  • The update will start and a progress bar will show the updates being installed.
• Once the updates are installed do the following:
  • REBOOT into Safe Mode
  • Run EWIDO
  • Click on scanner
  • Click on Start Scan
  • Let the program scan the machine
  • While the scan is in progress you will be prompted to clean files, click OK
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop
• Reboot your machine and post back a new HJT log and the ewido .txt log file you saved by using Add Reply

Regards,

Trevuren

[EclipsePie]

Logfile of HijackThis v1.99.1
Scan saved at 11:59:26 AM, on 7/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\SpyCatcher\DeleteSatellite.exe
C:\Program Files\Messenger\msmsgs.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Grant\Desktop\HighJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.homestarrunner.com
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.co...date/EARTPX.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/...gx/GrooveAX.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://eastowa.dcma.../EAST/msrdp.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.c...es/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.co...FamilyTeleX.cab
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.co...ty4LotTeleX.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.co...ic/SimCityX.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.co...ty4PatcherX.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino....boy/FlashAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.c...aploader_v6.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)

-------------------------------------------------------------------

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:54:06 AM, 7/27/2005
+ Report-Checksum: C92EB546

+ Scan result:

C:\Documents and Settings\Daddy\Cookies\daddy@mysearch[2].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Garrett.COOKIE\Application Data\Mozilla\Firefox\Profiles\th1z5wht.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Grant\Application Data\Mozilla\Firefox\Profiles\6vwoyixw.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Grant\Cookies\grant@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Grant\Cookies\grant@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP893\A0325459.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325917.INI:auaxj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325917.INI:booeu -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325917.INI:btpun -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325917.INI:dwjvd -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325917.INI:fnadt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325917.INI:gztzl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325917.INI:ibiig -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325917.INI:llcko -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325917.INI:tydwp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325917.INI:wjevg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325917.INI:ybjpp -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325918.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325919.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325920.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325921.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325922.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325923.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325924.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325926.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325927.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325929.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325930.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325931.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325932.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325933.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325934.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325935.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325936.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325937.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325938.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325939.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325941.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325942.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325943.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325944.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325945.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325946.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325947.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325948.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325949.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325950.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325952.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325953.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325955.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325956.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325957.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325958.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325959.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325960.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325961.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325962.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325963.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325964.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325965.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325966.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325967.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325968.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325969.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325970.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325971.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325972.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325973.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325974.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325975.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325976.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325978.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325979.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325980.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325982.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325983.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325984.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325985.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325986.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325987.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325988.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325989.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325990.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325991.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325992.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325993.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325994.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325995.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325996.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325997.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325998.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0325999.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326001.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326002.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326003.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326004.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326005.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326006.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326007.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326008.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326009.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326010.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326011.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326012.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326013.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326014.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326015.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326016.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326017.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326018.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326019.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326020.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326022.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326023.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326024.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326026.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326027.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326028.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326029.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326030.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326031.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326032.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326033.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326035.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326036.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326037.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326038.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326039.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326040.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326041.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326042.dll -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326043.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326044.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326045.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326046.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326047.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326048.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326049.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326050.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326051.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326052.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326053.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326054.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326055.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326056.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326057.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326058.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326059.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326061.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326062.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326063.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326064.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326065.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326066.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326067.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326068.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326069.lnk:anaks -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326069.lnk:dhfii -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326069.lnk:gclvs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326069.lnk:hkaby -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326069.lnk:ltxvo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326069.lnk:lyiie -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326069.lnk:lzogx -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326069.lnk:mpsay -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326069.lnk:pdmpj -> TrojanDownloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326069.lnk:qrniq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326069.lnk:vecql -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326069.lnk:wytbp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326069.lnk:xvhix -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326070.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326071.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326072.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326074.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326075.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326076.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326077.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326078.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326079.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326080.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326082.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326083.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326084.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326085.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326086.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326087.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326088.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326089.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326090.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326091.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326092.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326093.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326094.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326095.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326096.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326097.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326098.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326099.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326100.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326101.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326102.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326103.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326105.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326106.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326107.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326108.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326109.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326110.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326111.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326112.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326113.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326115.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326116.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326117.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326120.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326121.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326122.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326123.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326124.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326125.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326126.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326127.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326128.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326129.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326130.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326131.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326132.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326133.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326134.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326135.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326137.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A0326138.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP894\A03261

[Trevuren]

1. Is homestarrunner.com your homepage?

2. Please send me a fresh HJT log.

Thanks


Trevuren

[EclipsePie]

homestarrunner.com is my homepage of choice.

Logfile of HijackThis v1.99.1
Scan saved at 12:07:23 AM, on 7/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\SpyCatcher\DeleteSatellite.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\SPYWAR~1\swdoctor.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Documents and Settings\Grant\Desktop\HighJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.homestarrunner.com
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKLM\..\RunOnce: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe" nowait
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg...v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...nst20040510.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.co...date/EARTPX.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/...gx/GrooveAX.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - https://eastowa.dcma.../EAST/msrdp.cab
O16 - DPF: {90A29DA5-D020-4B18-8660-6689520C7CD7} (DmiReader Class) - http://ftp.us.dell.c...es/PROFILER.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A44B714B-EE0F-453E-9300-A69B321FEF6C} (MaxisSimsFamilyTeleX Control) - http://thesims.ea.co...FamilyTeleX.cab
O16 - DPF: {BC18E6DF-BE57-4580-93E8-F228F9A133AA} (MaxisSimCity4LotTeleX Control) - http://simcity.ea.co...ty4LotTeleX.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.co...ic/SimCityX.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.co...ty4PatcherX.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://flashcasino....boy/FlashAX.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.c...aploader_v6.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - Unknown owner - C:\PROGRA~1\ATIMUL~1\RemCtrl\x10nets.exe (file missing)